Sujet de sylwya [résolu]

[Gof]

Bonjour,

 

L'intérieur de mon précédent message n'est plus visible ?????, vous demandant de l'aide pour le Pc d'une amie "Avira trouve 128 et MBAM trouve 6"; Est-ce comme cela aussi pour vous. Dans le doute, je vous refais un nouveau sujet.

Elle a un ACER portable aspire 3100 - Vista 32 bits et utilise plus IE que Mozilla

Ai désinstallé Avast pour Avira (qui trouve 128 trucs) et ai mis MBAM qui a trouvé 6.

 

Revoici 3 logs Avira

 

 

Rapport Antivir 1 sylwya_avira_1.txt

Rapport Antivir 2 sylwya_avira_2.txt

Rapport Antivir 3 sylwya_avira_3.txt

 

 

Le rapport MBAM suit

 

Merci

#

Avira trouve 128 "trucs" - MBAM en trouve 6

 

Bonsoir, j'ai besoin de votre aide, je savais bien que je reviendrais !!!

 

Une amie galère très dure avec son PC. Je lui ai désinstaller Avast (qui n'a strictement rien détecté) et ai mis AVIRA qui a trouvé après + de 4 heures de scanne 128 bestioles. J'ai installé MBAM qui en a trouvé 6. Ai mis tout ce monde quarantaine. Ai mis à jour CCleaner et lancé un nettoyage. Mais je pense sincèrement que le PC a besoin d'autres analyses car les symptomes perdurent. Environ 15 minutes au démarrage et autant à la fermeture, et parfois ilsemble ouvrir des fichiers sans qu'on lui demande.quand je tape sur le clavier,j'entends le PC qui travaille et le curseur qui s'affiche en bleu, j'ai l'impression que quelqu'un travalle dans le PC en parallèle. C'est très bizarre.

 

Je vous mets le rapport MBAM - AVIRA (il m'a sorti 8 rapports, je vous donne ceux qui font référence aux bestioles

 

Rapport Antivir 4 sylwya_avira_4.txt

Rapport Antivir 5 sylwya_avira_5.txt

 

--------

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 5531

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

 

16/01/2011 15:36:59

mbam-log-2011-01-16 (15-36-59).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 284185

Temps écoulé: 1 heure(s), 34 minute(s), 49 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Winsudate (Adware.GibMedia) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUsr (Adware.Gibmedia) -> Value: WinUsr -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\D5WDUKZL\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.

c:\Users\frédérique\local settings\application data\qkuso_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

c:\Users\frédérique\local settings\application data\qkuso_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

 

 

 

Voilà,mon amie me laisse son PC pour la semaine, pouvez-vous m'aider s'il vous plait.

 

Merci

 

NB modération : suite à un bug du forum, sans doute relatif aux rapports trop volumineux, les sujets créés ne sont plus accessibles. J'ai donc supprimé les rapports Antivir pour les insérer en PJ.

[lance_yien]

Bonjour sylwya,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• ComboFix© (par sUBs) depuis ici ou ici
• Security Check (par screen317) depuis ici ou ici.

 

>>> Utiliser ComboFix: Fermer tout, désactive antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

 

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

 

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

• ComboFix.txt
• checkup.txt

[sylwya]

Bonsoir Lance-yien et merci de ton aide

 

Je crois qu'il y a du monde sur ce rapport combofix, Je m'attèle à Sécurity check de suit :

 

ComboFix 11-01-16.04 - Frédérique 17/01/2011 21:07:58.1.1 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.765.244 [GMT 1:00]

Lancé depuis: c:\users\Frédérique\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\FAUXVIRUS

c:\fauxvirus\CMouse.exe

c:\fauxvirus\CMouseR.exe

c:\fauxvirus\CrazyMouse fr.txt

c:\fauxvirus\CrazyMouse.txt

c:\fauxvirus\email.exe

c:\fauxvirus\info CMouse.txt

c:\fauxvirus\info email.txt

c:\users\Frédérique\AppData\Local\qkuso.dat

c:\users\Frédérique\AppData\Local\qkuso_navps.dat

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-12-17 au 2011-01-17 ))))))))))))))))))))))))))))))))))))

.

 

2011-01-17 20:30 . 2011-01-17 20:30 -------- d-----w- c:\users\Frédérique\AppData\Local\temp

2011-01-17 20:30 . 2011-01-17 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-17 20:30 . 2011-01-17 20:30 -------- d-----w- c:\users\fredlempire\AppData\Local\temp

2011-01-16 22:59 . 2011-01-16 22:59 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-01-16 22:59 . 2011-01-16 22:59 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-01-16 16:49 . 2011-01-16 16:49 -------- d-----w- c:\users\Frédérique\AppData\Roaming\Avira

2011-01-16 15:31 . 2011-01-16 15:31 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-16 15:23 . 2011-01-16 15:23 -------- d-----w- c:\windows\fr

2011-01-16 15:22 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-01-16 15:04 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-01-16 15:04 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-01-16 15:04 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-01-16 15:02 . 2011-01-16 15:02 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\618d8b471cbb58e04\InstallManager_WLE_WLE.exe

2011-01-16 15:02 . 2011-01-16 15:02 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5bf96ab11cbb58e03\DSETUP.dll

2011-01-16 15:02 . 2011-01-16 15:02 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5bf96ab11cbb58e03\DXSETUP.exe

2011-01-16 15:02 . 2011-01-16 15:02 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5bf96ab11cbb58e03\dsetup32.dll

2011-01-16 15:02 . 2011-01-16 15:02 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5699bdd71cbb58e02\DSETUP.dll

2011-01-16 15:02 . 2011-01-16 15:02 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5699bdd71cbb58e02\DXSETUP.exe

2011-01-16 15:02 . 2011-01-16 15:02 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5699bdd71cbb58e02\dsetup32.dll

2011-01-16 15:01 . 2011-01-16 22:33 -------- d-----w- c:\users\Frédérique\AppData\Local\Windows Live

2011-01-16 14:57 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

2011-01-16 12:57 . 2011-01-16 12:57 -------- d-----w- c:\users\Frédérique\AppData\Roaming\Malwarebytes

2011-01-16 12:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-16 12:56 . 2011-01-16 12:56 -------- d-----w- c:\programdata\Malwarebytes

2011-01-16 12:56 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-16 12:56 . 2011-01-16 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-16 12:07 . 2011-01-17 14:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-16 12:07 . 2011-01-17 14:05 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-16 12:06 . 2011-01-16 12:06 -------- d-----w- c:\programdata\Avira

2011-01-16 12:06 . 2011-01-16 12:06 -------- d-----w- c:\program files\Avira

2011-01-16 11:56 . 2011-01-16 11:56 -------- d-----w- c:\program files\Common Files\Java

2011-01-16 11:55 . 2010-11-12 17:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-16 11:55 . 2010-11-12 17:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-01-14 18:35 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24F7487D-7BD1-41A7-90DF-8D9FC35D3B15}\mpengine.dll

2011-01-14 14:59 . 2011-01-14 15:00 -------- d-----w- c:\users\Frédérique\AppData\Local\Windows Live Writer

2011-01-14 14:59 . 2011-01-14 14:59 -------- d-----w- c:\users\Frédérique\AppData\Roaming\Windows Live Writer

2011-01-12 18:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-01-12 18:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-12 18:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-12 18:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-12 18:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-12 18:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-01-12 18:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-16 16:48 . 2010-07-25 11:01 93 ----a-w- c:\users\Frédérique\AppData\Local\qkuso.bat

2011-01-16 16:48 . 2010-07-25 11:01 93 ----a-w- c:\users\Frédérique\AppData\Local\qkuso.bat

2010-11-11 08:16 . 2008-08-21 19:52 15256 ----a-w- c:\users\Frédérique\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2010-11-11 08:16 . 2008-08-21 19:52 15256 ----a-w- c:\users\Frédérique\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2010-11-04 18:56 . 2010-12-18 10:49 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-04 18:55 . 2010-12-18 10:49 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-11-04 18:55 . 2010-12-18 10:49 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-04 18:55 . 2010-12-18 10:49 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-04 16:34 . 2010-12-18 10:49 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 06:01 . 2010-12-17 13:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-02 05:57 . 2010-12-17 13:39 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-02 05:57 . 2010-12-17 13:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-02 05:57 . 2010-12-17 13:39 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-11-02 05:57 . 2010-12-17 13:39 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-11-02 05:01 . 2010-12-17 13:39 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 04:26 . 2010-12-17 13:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-02 04:24 . 2010-12-17 13:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-10-28 15:44 . 2010-12-17 13:37 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-28 13:27 . 2010-12-17 13:37 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-10-28 13:20 . 2010-12-17 13:36 2048 ----a-w- c:\windows\system32\tzres.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]

"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2010-08-17 1631224]

"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-08-17 536056]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

 

c:\users\Fr‚d‚rique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Lanceur.lnk - c:\program files\Micro Application\LauncherMA.exe [2009-2-10 485376]

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Frédérique^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]

path=c:\users\Frédérique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk

backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Frédérique^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]

path=c:\users\Frédérique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk

backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

DevDetect.exe -autorun [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]

2007-01-17 07:01 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonInst0402]

2007-05-08 21:19 69632 ----a-w- c:\windows\BR040286.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2007-02-06 22:04 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2010-09-22 23:21 884584 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2006-12-08 08:24 614400 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2006-12-01 05:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]

2008-01-19 07:33 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-10-23 03:00 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]

R3 PCAMPR4;PCAMPR4 NDIS Protocol Driver;c:\windows\system32\PCAMPR4.SYS [x]

R3 PCANDIS4;PCANDIS4 NDIS Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2011-01-17 c:\windows\Tasks\User_Feed_Synchronization-{947FB9E1-82FD-46D2-9C8D-5201D15AD466}.job

- c:\windows\system32\msfeedssync.exe [2010-12-17 04:25]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.fr/

mStart Page = hxxp://fr.fr.acer.yahoo.com

IE: ajouter cette page à vos favoris Orange - c:\users\FRDRIQ~1\AppData\Local\Temp\cce5622.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: traduire la page - c:\users\FRDRIQ~1\AppData\Local\Temp\cce5611.html

IE: traduire le texte sélectionné - c:\users\FRDRIQ~1\AppData\Local\Temp\cce5621.html

Trusted Zone: orange.fr\www

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab

DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - hxxp://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab

DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab

FF - ProfilePath - c:\users\Frédérique\AppData\Roaming\Mozilla\Firefox\Profiles\yq8s6mhg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-Run-SystrayORAHSS - c:\program files\Orange HSS\Systray\SystrayApp.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

MSConfigStartUp-ALaunch - c:\acer\ALaunch\AlaunchClient.exe

MSConfigStartUp-awycsgu - c:\users\frédérique\appdata\local\awycsgu.exe

MSConfigStartUp-eDSMSNfix - c:\acer\Empowering Technology\eDSMSNfix.exe

MSConfigStartUp-funkyemoticons - c:\program files\FunkyEmoticons\FunkyEmoticons.exe

MSConfigStartUp-HiYo - c:\program files\HiYo\bin\HiYo.exe

MSConfigStartUp-KiweeHook - c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe

MSConfigStartUp-ORAHSSSessionManager - c:\program files\Orange HSS\SessionManager\SessionManager.exe

MSConfigStartUp-ORAHSSStartup - c:\program files\Orange HSS\Launcher\launcher.exe

MSConfigStartUp-SetPanel - c:\acer\APanel\APanel.cmd

MSConfigStartUp-SystrayORAHSS - c:\program files\Orange HSS\Systray\SystrayApp.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-01-17 21:30

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.032"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.amr"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ani"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bay"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bmp"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bwf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cel"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cr2"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.crw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cs1"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cur"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcr"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcx"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dib"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djv"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djvu"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dng"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.emf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.eps"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.erf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fff"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.flc"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fli"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fpx"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.gif"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icl"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icn"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ico"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iff"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ilbm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.int"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.inta"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iw4"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2c"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2k"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jfif"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jif"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jp2"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpc"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpe"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpeg"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpg"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpk"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpx"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.kar"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.lbm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.m15"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.m1a"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.m2a"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.m75"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mos"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mpv"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mrw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.nef"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.orf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pbm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcd"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pct"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcx"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pef"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pgm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pic"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pics"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pict"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pix"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.png"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ppm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psd"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psp"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.qcp"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.qtpf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ras"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgb"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgba"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rle"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rsb"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sdv"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sfil"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sgi"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.smf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.smi"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.smil"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sml"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sr2"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.srf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.swa"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tga"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.thm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tif"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tiff"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttc"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ulw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9o"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9p"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9pf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.vfw"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbmp"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wmf"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xbm"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xif"

 

[HKEY_USERS\S-1-5-21-2145843892-3295813196-4130612218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xpm"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(596)

c:\windows\system32\eNetHook.dll

 

- - - - - - - > 'lsass.exe'(664)

c:\windows\system32\eNetHook.dll

.

Heure de fin: 2011-01-17 21:40:38

ComboFix-quarantined-files.txt 2011-01-17 20:40

 

Avant-CF: 24 089 255 936 octets libres

Après-CF: 24 409 047 040 octets libres

 

- - End Of File - - 6C865528D7C0702F5E089AFC4B200B6E

[sylwya]

Voici

 

Results of screen317's Security Check version 0.99.8

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 23

Adobe Flash Player 10.1.102.64

Adobe Reader 9.1 - Français

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.13)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Empowering Technology eSettings Service capuserv.exe

``````````End of Log````````````

 

 

Merci

[lance_yien]

Bonjour sylwya,

 

En effet il y a du monde (nettoyé par ComboFix

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Analyse de fichier(s):

• Copier la ligne suivante et aller sur le site Jotti.
   
  c:\users\Frédérique\AppData\Local\qkuso.bat
   
  
• Cliquer sur Parcourir....
  
• Dans la nouvelle fenêtre, cliquer-droit dans "Nom du fichier" => "Coller" puis cliquer sur "Ouvrir".
  
• Cliquer sur Envoyer et laisser faire l'analyse.
  
• A la fin cliquer-droit sur le bouton Votre lien permanent... => "Copier l'adresse du lien".
  Ouvrir le bloc-note et cliquer-droit => "Coller"
  
  

  
  

Copier le contenu du bloc-note et le coller dans la prochaine réponse.

Si Jotti est surchargé, aller sur Virustotal,

 

 

>>> Utiliser OTL: Télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

 

Fermer tout et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

Rapports demandés:

• Adresse du lien permanent
• OTL.txt
• Extras.txt

[sylwya]

Bonjour Lance-yien et merci

 

Voici Jotti

 

qkuso.bat - Le scanner antivirus de Jotti

[sylwya]

Voici OTL

 

 

 

OTL logfile created on: 18/01/2011 09:30:19 - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Frédérique\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

765,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 33,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,78 Gb Total Space | 22,23 Gb Free Space | 31,86% Space Free | Partition Type: NTFS

Drive D: | 69,51 Gb Total Space | 50,80 Gb Free Space | 73,08% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-FRÉDÉRIQU | User Name: Frédérique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/01/18 09:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frédérique\Desktop\OTL.exe

PRC - [2011/01/17 15:05:35 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/08/17 15:20:48 | 001,631,224 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/08/31 10:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009/02/10 17:54:02 | 000,485,376 | ---- | M] (Micro Application) -- C:\Program Files\Micro Application\LauncherMA.exe

PRC - [2009/01/09 18:58:10 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/01/09 18:57:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2007/04/24 18:17:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/03/22 17:21:52 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/02/06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/01/26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe

PRC - [2007/01/02 08:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2006/12/22 13:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2006/12/01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006/11/24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/01/18 09:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frédérique\Desktop\OTL.exe

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)

SRV - [2011/01/17 15:05:35 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/04/24 18:17:34 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/03/22 17:21:52 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/02/06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/01/26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)

SRV - [2007/01/02 08:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2006/12/22 13:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2006/11/24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/01/17 15:05:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/01/17 15:05:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007/12/04 17:55:08 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2007/04/05 23:36:16 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007/04/05 23:36:16 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/04/05 01:25:41 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2007/02/06 23:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)

DRV - [2007/02/06 23:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)

DRV - [2007/02/06 23:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)

DRV - [2006/12/27 02:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2006/12/19 05:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2006/12/19 05:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/12/01 06:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/28 21:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)

DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2006/11/21 07:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/10 14:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/11/09 00:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2006/11/09 00:53:58 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2006/11/09 00:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2006/11/06 03:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)

DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO)

DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 09:57:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)

DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006/10/25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006/10/25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2006/10/23 04:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/10/18 08:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)

DRV - [2006/08/05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! France

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live France Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567681&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/"

FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:3.27.3

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 23:59:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/16 23:59:22 | 000,000,000 | ---D | M]

 

[2008/08/01 21:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frédérique\AppData\Roaming\mozilla\Extensions

[2008/04/25 21:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frédérique\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011/01/17 01:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frédérique\AppData\Roaming\mozilla\Firefox\Profiles\yq8s6mhg.default\extensions

[2011/01/17 00:53:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frédérique\AppData\Roaming\mozilla\Firefox\Profiles\yq8s6mhg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/17 01:05:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Frédérique\AppData\Roaming\mozilla\Firefox\Profiles\yq8s6mhg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/12/06 11:58:11 | 000,003,715 | ---- | M] () -- C:\Users\Frédérique\AppData\Roaming\Mozilla\Firefox\Profiles\yq8s6mhg.default\searchplugins\Searcheo.xml

[2011/01/16 12:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/01/16 12:55:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/09/25 18:38:03 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\mozilla firefox\extensions\webbooster@iminent.com

File not found (No name found) -- C:\USERS\FRéDéRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQ8S6MHG.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}

File not found (No name found) -- C:\USERS\FRéDéRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQ8S6MHG.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/01/16 23:59:17 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2011/01/16 23:59:17 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2011/01/16 23:59:17 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/08/14 20:09:45 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2010/07/10 01:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml

[2011/01/16 23:59:17 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2011/01/16 23:59:17 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/01/17 21:30:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)

O4 - HKLM..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\RunOnce: [.IMinentUpdate] File not found

O4 - Startup: C:\Users\Frédérique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)

O4 - Startup: C:\Users\Frédérique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Trusted sites)

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab (Module de délivrance de certificat MINEFI)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab (OrangeInstaller_ModuleIE Control)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab (AdVerifierADPCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Frédérique\Pictures\Documents\Images\fpcyu9bz.jpg

O24 - Desktop BackupWallPaper: C:\Users\Frédérique\Pictures\Documents\Images\fpcyu9bz.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/18 09:28:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frédérique\Desktop\OTL.exe

[2011/01/17 21:41:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/01/17 21:40:48 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/01/17 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Local\temp

[2011/01/17 21:00:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/01/17 21:00:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/01/17 21:00:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/01/17 21:00:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/01/17 21:00:20 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/01/17 20:56:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/01/17 20:56:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/01/16 17:49:54 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Roaming\Avira

[2011/01/16 16:23:39 | 000,000,000 | ---D | C] -- C:\Windows\fr

[2011/01/16 16:22:28 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2011/01/16 16:04:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2011/01/16 16:04:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2011/01/16 16:04:23 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2011/01/16 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Local\Windows Live

[2011/01/16 15:57:45 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[2011/01/16 13:57:33 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Roaming\Malwarebytes

[2011/01/16 13:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/16 13:57:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/01/16 13:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/16 13:56:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/01/16 13:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/01/16 13:51:01 | 000,000,000 | R--D | C] -- C:\Users\Frédérique\Desktop\sécurité

[2011/01/16 13:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/01/16 13:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/01/16 13:07:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/01/16 13:07:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/01/16 13:07:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/01/16 13:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/01/16 13:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/01/16 12:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/01/16 12:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/01/16 12:55:28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011/01/16 12:55:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/01/16 12:55:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/01/16 12:55:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/01/14 15:59:51 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Roaming\Windows Live Writer

[2011/01/14 15:59:51 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\AppData\Local\Windows Live Writer

[2011/01/14 15:59:51 | 000,000,000 | ---D | C] -- C:\Users\Frédérique\Pictures\Documents\My Weblog Posts

[2011/01/12 19:18:23 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2011/01/12 19:18:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2007/04/05 01:27:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/18 09:28:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frédérique\Desktop\OTL.exe

[2011/01/18 07:59:54 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{947FB9E1-82FD-46D2-9C8D-5201D15AD466}.job

[2011/01/18 07:42:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/18 07:42:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/18 07:38:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/18 07:38:43 | 803,389,440 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/17 21:30:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/01/17 15:05:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/01/17 15:05:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/01/16 17:48:26 | 000,000,093 | ---- | M] () -- C:\Users\Frédérique\AppData\Local\qkuso.bat

[2011/01/16 16:44:09 | 000,316,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/01/16 16:31:17 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011/01/16 16:06:56 | 000,000,947 | ---- | M] () -- C:\Users\Frédérique\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/12/28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 

========== Files Created - No Company Name ==========

 

[2011/01/17 21:00:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/01/17 21:00:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/01/17 21:00:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/01/17 21:00:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/01/17 21:00:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/01/16 16:31:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010/07/29 18:44:17 | 000,014,090 | ---- | C] () -- C:\Users\Frédérique\AppData\Local\slot1.mm1

[2010/07/25 12:01:26 | 000,000,093 | ---- | C] () -- C:\Users\Frédérique\AppData\Local\qkuso.bat

[2009/08/05 13:40:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/03/22 18:38:18 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2009/03/22 18:38:18 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2009/03/22 14:47:29 | 000,000,093 | ---- | C] () -- C:\Users\Frédérique\AppData\Local\acesg.bat

[2008/09/05 14:11:01 | 000,024,206 | ---- | C] () -- C:\Users\Frédérique\AppData\Roaming\UserTile.png

[2008/02/16 13:34:54 | 000,000,680 | ---- | C] () -- C:\Users\Frédérique\AppData\Local\d3d9caps.dat

[2007/12/12 16:10:25 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/11/04 20:48:19 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini

[2007/11/01 18:26:51 | 000,013,312 | ---- | C] () -- C:\Users\Frédérique\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/11/01 16:46:33 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini

[2007/08/17 08:34:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/08/17 08:34:40 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI

[2007/08/17 08:34:32 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI

[2007/08/17 00:48:43 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini

[2007/04/05 11:42:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/04/05 09:34:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/04/05 09:33:29 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini

[2007/04/05 01:43:15 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll

[2007/04/05 01:33:48 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/04/05 01:33:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/04/05 01:33:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/04/05 01:27:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/04/05 01:10:57 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll

[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

[2001/12/26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2007/04/05 01:28:57 | 000,003,377 | ---- | M] () -- C:\-20070405.log

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2007/04/05 09:35:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2011/01/17 21:40:41 | 000,042,141 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2007/11/07 21:31:39 | 000,002,516 | ---- | M] () -- C:\FT_Splash.img

[2011/01/18 07:38:43 | 803,389,440 | -HS- | M] () -- C:\hiberfil.sys

[2010/02/07 10:18:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/02/07 10:18:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/01/18 07:38:41 | 1117,200,384 | -HS- | M] () -- C:\pagefile.sys

[2007/08/17 00:39:35 | 000,000,383 | ---- | M] () -- C:\RHDSetup.log

[2007/12/12 14:12:15 | 000,000,159 | ---- | M] () -- C:\Setup.log

[2007/04/05 01:40:11 | 000,000,000 | ---- | M] () -- C:\Trace.log

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011/01/17 15:05:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/01/17 15:05:39 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-18 06:58:45

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9A8247A9

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:712DCF50

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:BA5B6FAE

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:F7862839

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5925E400

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:981349EA

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E7123C4C

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:89CC7FD8

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:0BB81F68

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9A7901A9

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:481DAC2B

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:680DD2F1

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:33A7CC67

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:14168AA3

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:193426B4

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FEF919E6

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:666D6386

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:49F896E9

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:07FFC655

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F878F14A

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DF3D49ED

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E1069F99

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E8C4808B

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:47D037EF

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2556A8A0

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F79DAA38

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:981884E7

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D9B06E3D

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F8A67568

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:557AD709

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2A8A3140

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:81F83028

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DF695222

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BB24555F

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:54362937

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5A27D490

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D0851FBD

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4041DE6B

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:37F44C44

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A724744F

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0BFCB272

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CBC7CEA3

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5D7E5A8F

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:45FE2B4E

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1BC99E01

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:926B6E7A

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:389D51A1

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:54997B77

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BD2054EF

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7C3E753C

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:95B8F7F6

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FFC63BDF

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:94188BC6

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E660858

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0B9176C0

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:ABE30DDB

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3D4D405C

 

< End of report >

[sylwya]

Et le petitdernier Extra

 

 

 

OTL Extras logfile created on: 18/01/2011 09:30:19 - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Frédérique\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

765,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 33,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,78 Gb Total Space | 22,23 Gb Free Space | 31,86% Space Free | Partition Type: NTFS

Drive D: | 69,51 Gb Total Space | 50,80 Gb Free Space | 73,08% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-FRÉDÉRIQU | User Name: Frédérique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{22324AE5-F16B-4F83-93A6-61F9178E6A94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{9613E741-5AEC-45B3-A29B-67B9D498F6DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9DAA8470-E8DB-42DA-96B2-891A08AE07FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C9E30DF3-5D21-4953-A647-5DC2B3A42E55}" = lport=2869 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D0421A0-A233-4FCB-8063-B566C737391A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{579B8DA3-32C7-4B41-922D-48F554428716}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5A893E22-A807-403E-8A62-D1B06C899319}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A891FE4E-5F49-47DA-8BA3-3D2F6255082B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ADA55A4D-191E-4891-A423-0213E07A56F7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{BA099FE1-BF14-4B80-AE27-C519C3039686}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{C3C69550-8560-4B80-8DD5-4A6971B5395C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E422CE8A-F363-4CEF-8D2C-B4E7FE46E222}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{EF48618E-9856-413E-81F5-4C496E1F3F24}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{F07F290C-5758-48F5-8657-40575876E5D4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{FDE4D1E4-A465-4729-A3D8-B93E8949BD81}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{099969B0-E949-4081-B20E-0C22E556E91E}C:\program files\orange hss\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\orange hss\browser\browser.exe |

"TCP Query User{0C0E9F74-5ACD-477F-A656-98C8422729D2}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{29F15917-EEC2-4E75-8504-419C59F358F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{4A1FF37F-6088-4C96-B5D9-D38A7850A4DE}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{72DDA588-733F-43AB-B066-D7EBF8914BE4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{D201AD15-DA0B-4A76-B1B2-A2BE83955209}C:\program files\steam\steamapps\ilovethisgame993\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ilovethisgame993\half-life 2 deathmatch\hl2.exe |

"TCP Query User{E8C65C10-56F3-419C-80C4-27677F471948}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{16650ED2-8239-49DC-840D-BFFC79A84FB9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{AB779ABF-9D79-4A1B-A60E-42368FE6673A}C:\program files\steam\steamapps\ilovethisgame993\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ilovethisgame993\half-life 2 deathmatch\hl2.exe |

"UDP Query User{B3D3B723-BAE7-4493-9043-BAB337AC0B74}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{D21B0CA4-B954-4391-838A-41D6C228728C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{EDDED6E9-4424-4DE8-8135-F81E97A74915}C:\program files\orange hss\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\orange hss\browser\browser.exe |

"UDP Query User{F16D6E73-8C40-49EB-964C-91C3A6692546}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{F9104AA2-B744-49A6-90A8-15C6D97C4DC4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{089B527F-71D8-A189-52F2-608D18E2629E}" = Catalyst Control Center Localization French

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)

"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{100F1E9F-9E5A-A6D5-EA06-9B7C7A164260}" = CCC Help English

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{1161D512-0A42-2A46-61F9-8D080928E36F}" = Catalyst Control Center Localization Chinese Standard

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox

"{1E0A0234-2A40-11A7-0BFA-3AD17390156A}" = Catalyst Control Center Graphics Previews Vista

"{1E3ABA8F-68B2-BE73-3007-C65E4BF40318}" = Catalyst Control Center Localization Hungarian

"{1E8E1865-3388-902F-C614-CF4C5D0AC6F3}" = Catalyst Control Center Graphics Previews Common

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26286999-D97D-7DB1-0DFD-91DC24392D10}" = CCC Help Russian

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 23

"{270DC93A-198E-23CA-33AE-F6B53638D48D}" = CCC Help Danish

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program

"{2C37F3BB-40DD-FB52-6D18-02C7B9DC6AE7}" = CCC Help Chinese Standard

"{2E2E6F05-21E5-9915-37CB-82413671A746}" = Catalyst Control Center Graphics Full New

"{3038FE0E-0404-B7D0-8D6F-7168E05B8E56}" = CCC Help German

"{314F37FA-CD34-0B16-29AF-A7FE3DDCA912}" = Catalyst Control Center Graphics Light

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding

"{35303F97-11D7-C365-AC2A-FF05D8A063B2}" = CCC Help Czech

"{35658970-56F2-04DD-229F-21681C97E0F6}" = Catalyst Control Center Localization Russian

"{36ADF254-0401-B88B-D5BF-AABFC4378DDA}" = CCC Help Norwegian

"{381DCEB5-0372-2FB1-C283-9EEA909E0741}" = Catalyst Control Center Localization Norwegian

"{394F7A5B-336D-5463-83B4-83E470FCD56C}" = Skins

"{3A7B797C-D53A-3E14-7AA9-C35B6F4ACC73}" = Catalyst Control Center Localization Finnish

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3BB8D024-BF3F-5378-C34E-E79A6FF767FF}" = CCC Help Russian

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3E6AFB15-0F47-9D37-B1E1-CD81E00B911F}" = CCC Help English

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{400A8618-1608-3682-1249-E3EA4B9E87B6}" = Catalyst Control Center Localization Turkish

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{43A35C49-0E70-6A86-B12F-116D73B89E8E}" = Catalyst Control Center Localization Chinese Traditional

"{44DB81F7-5E93-777D-6C93-8B0729BCADD0}" = CCC Help Polish

"{44E6626B-57DD-4521-FBB3-F71ED76FE8EA}" = CCC Help Portuguese

"{45CA4898-719E-52F9-786B-7CDE924D06C6}" = Catalyst Control Center Localization German

"{46EF5665-23F6-B09A-5358-82576144BCAE}" = CCC Help Finnish

"{478F8424-10B6-1516-3FE7-57EDBF113212}" = CCC Help Chinese Standard

"{47A5A141-C326-AD10-2046-4519455DE0AC}" = Catalyst Control Center Core Implementation

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C4381D-7DF6-35C5-A77D-2AF87D491284}" = Catalyst Control Center Localization Finnish

"{490F34DA-BBF2-8C03-1BE1-7587A8F3297F}" = CCC Help Korean

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AC08D6B-8DED-A952-A2F4-7AB3D2B4361B}" = CCC Help Turkish

"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840

"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam

"{4CA80740-E2B1-41FF-C4A9-A3878C51191B}" = Catalyst Control Center Localization Japanese

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4DC809F5-90C1-A199-759C-20DCAEFFE37A}" = Catalyst Control Center Localization Chinese Traditional

"{5309BBA9-B94A-5874-C6DF-995D577C9738}" = Catalyst Control Center Localization Czech

"{537ECCE7-EA10-2097-22BF-DC3578459111}" = CCC Help Greek

"{5479CB0D-0CB1-1721-07EE-1B3AA00D461B}" = CCC Help Korean

"{56FFC7C4-0117-94D6-9B6E-6B053B7D7523}" = Catalyst Control Center Localization Portuguese

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5BFC0259-D07A-98CC-A6D5-C22770F9DCD4}" = Catalyst Control Center Localization Spanish

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5FB59518-6B2E-B62E-0398-AFBE475B8AF1}" = CCC Help French

"{5FC77015-2AC3-260C-6167-11944DEAA9AD}" = CCC Help Norwegian

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{614444AE-DE33-0BFC-325A-C3272B93E825}" = Catalyst Control Center Localization Portuguese

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{649EBDA0-DE80-4935-D403-530EBD9826FC}" = CCC Help Dutch

"{64B69740-D11B-37A1-B7DB-6E7E90638728}" = CCC Help Italian

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0

"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync

"{68FF49E6-3894-1420-10FF-F4FEE62CB6DE}" = Catalyst Control Center Localization Thai

"{6929E54F-351F-8124-A275-E71000018E69}" = Catalyst Control Center Localization Polish

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69C18158-FBAE-F975-26DE-7C36EAE64DC3}" = Catalyst Control Center Localization Thai

"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{71360149-4683-56E2-3E89-CB6F5F459BE3}" = Catalyst Control Center Localization Dutch

"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{79BB5651-ED90-06CE-0DF1-C66DAB9313B9}" = CCC Help Spanish

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7A1A458A-18F5-D4FE-6155-E1F774246DB9}" = Catalyst Control Center Localization Russian

"{7D618758-0626-8AD7-78A4-DAEE64131F39}" = Catalyst Control Center Localization Korean

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)

"{82515476-A57B-4C43-B642-5F396E20C648}" = ACDSee for PENTAX 3.0

"{86087A16-FDFC-6DB2-793F-C62DF17A967E}" = CCC Help Swedish

"{868C4EDC-E8DD-59A0-6A47-194817C5F11F}" = CCC Help Portuguese

"{874DA2F5-79A7-5F13-5F00-852F102F6A86}" = Catalyst Control Center Localization Italian

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AF46C83-08E1-8184-929B-709DB8A2BE1A}" = CCC Help Spanish

"{8C468404-1675-A336-DA0E-406440594C4E}" = Catalyst Control Center Localization German

"{8CBA2A0E-C96D-943B-37E8-933CCB52AD01}" = CCC Help Greek

"{8D55C829-384F-1B2B-EF02-26FD0D3E9E64}" = CCC Help Hungarian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI

"{9012040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage

"{9041748F-94DC-9FE2-E9DC-1FEBB33ACFBC}" = Catalyst Control Center Localization Japanese

"{90FB9587-8A22-1453-E8E6-3E358605EB38}" = CCC Help German

"{913B22B3-7EE3-3488-173E-FC9C07AF6B51}" = CCC Help Danish

"{9201CBD3-5EED-EBE2-1CD9-0C47440DCC60}" = Catalyst Control Center Localization Hungarian

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9440B693-A58F-C2AD-FFC2-A404ECB8CDC4}" = Catalyst Control Center Localization Danish

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96221FFE-0C5C-4113-963A-DCC523AD0260}" = IMBooster

"{9C51AC8F-AD40-9CF4-AFCC-49F67EF58CE7}" = Catalyst Control Center Graphics Full Existing

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F0CC529-0F2B-83F8-DAEE-9FEBCB11C579}" = Catalyst Control Center Localization Swedish

"{9F3CF960-81D1-19DF-6DCA-2DEA3BFF2AE1}" = CCC Help Turkish

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A2B50900-EC7F-2737-C408-BC3FF100F335}" = CCC Help Chinese Traditional

"{A6D106E7-C1B9-C837-8938-1B0801AA89E2}" = Catalyst Control Center Localization Polish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français

"{AD36DAF3-44A7-A4EC-E0D8-AD588DE22076}" = CCC Help Japanese

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{AFD05227-9B6A-D79A-4077-D95433424CBB}" = Catalyst Control Center Localization Turkish

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5A0DCB5-2521-7186-D1C7-101A04833DEF}" = CCC Help Thai

"{B79E070F-D77C-F4E8-0228-7958B5E89963}" = CCC Help Finnish

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BA33A95C-AB2D-B00B-E6B0-63827FA399E0}" = Catalyst Control Center Graphics Previews Vista

"{BBC4DE36-34F7-9962-E69B-A64A6BD80E6A}" = Catalyst Control Center Graphics Previews Common

"{BCB6A03C-7D63-A17B-C91E-9B13EEAA725F}" = CCC Help Hungarian

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA

"{C308E43D-8F0B-05F0-C6E9-8511BC8CA5E9}" = CCC Help Thai

"{C3E865B9-C89D-289E-1F94-A2A8EF3B1420}" = Catalyst Control Center Localization Chinese Standard

"{C4ACE6CB-282E-B8B9-C3B2-1FEB50E9B5DF}" = CCC Help French

"{C7A43F17-9177-5CBF-6DE1-3972DA387F49}" = CCC Help Japanese

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D13FE823-C575-4451-AC37-E645A67AA581}_1.0.0.0" = OrangeInstaller version 1.0.0.0

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D754B497-E4A8-4F54-A528-3AFC637DFB14}" = Catalyst Control Center Localization Korean

"{D82AC4E9-AE8F-0244-8757-2F3A7FF7C053}" = Catalyst Control Center Localization Norwegian

"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam

"{DE2426EC-1385-CDA0-A307-78A57F1E4FD4}" = CCC Help Swedish

"{DFD969AB-56EF-9A2C-87D2-30A3D5E588FB}" = Catalyst Control Center Localization French

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E32DE61D-CAD1-FB3D-0D94-631F71469C05}" = CCC Help Czech

"{E387CEA0-8441-0347-0FD9-829EE7F6F6CD}" = Catalyst Control Center Localization Spanish

"{E3899B68-AAB0-EA5B-81EF-4CC98564248C}" = Catalyst Control Center Localization Italian

"{E3B76221-E0D4-FC2B-FDBD-3070503BB708}" = ccc-utility

"{E40D701F-D184-C7A3-83E8-7932ED54CF1F}" = Catalyst Control Center Localization Greek

"{E826B719-9EF5-B3A9-8A84-0C5591287F02}" = Catalyst Control Center Localization Swedish

"{E99A280C-696E-0491-1FF1-564A18AB6D7B}" = Catalyst Control Center Localization Greek

"{EB3BA059-0CB5-3047-862E-CEF53E2B1B65}" = CCC Help Italian

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC105691-DFC0-35CE-86F7-11588BF2AE74}" = ccc-core-static

"{EC295C23-2E4B-5699-ADB5-4F05E0CDC044}" = CCC Help Chinese Traditional

"{EC3462E6-05F1-768D-9755-FB5AD32B628E}" = CCC Help Polish

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1ED3A0F-5211-4AB4-AB05-0C8310ADDBF7}" = SearchTheWeb

"{F225526D-9B2A-955A-8B44-045B028D5BA7}" = Catalyst Control Center Localization Dutch

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F9680369-1B2F-46C2-B269-16DE245D97C8}" = CCC Help Dutch

"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety

"acesg" = Favorit

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ATI Uninstaller" = ATI Uninstaller

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"GridVista" = Acer GridVista

"IMBoosterARP" = IMBooster

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"PhotoMail" = PhotoMail Maker

"SearchTheWebARP" = SearchTheWeb

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinLiveSuite" = Windows Live

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/01/2011 19:41:12 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:12 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 19:41:13 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3013

Description =

 

Error - 16/01/2011 20:11:32 | Computer Name = PC-de-Frédériqu | Source = EventSystem | ID = 4621

Description =

 

Error - 17/01/2011 02:24:24 | Computer Name = PC-de-Frédériqu | Source = Windows Search Service | ID = 3024

Description =

 

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

[lance_yien]

Bonjour Lance-yien et merci

 

Voici Jotti

 

qkuso.bat - Le scanner antivirus de Jotti

Visiblement, il n'est pas dangereux mais je voudrai savoir ce qu'il contient:

 

Relancer OTL.exe et copier la liste suivante et la coller dans l'espace sous "Personnalisation".

 

type c:\users\Frédérique\AppData\Local\qkuso.bat /c

 

Cliquer sur le bouton "Aucun" puis sur "Analyse".

Copier/ Coller le contenu du rapport qui s'ouvre à la fin de l'analyse.

[sylwya]

Voilà

 

OTL logfile created on: 18/01/2011 14:26:21 - Run 2

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Frédérique\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

765,00 Mb Total Physical Memory | 158,00 Mb Available Physical Memory | 21,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,78 Gb Total Space | 22,08 Gb Free Space | 31,64% Space Free | Partition Type: NTFS

Drive D: | 69,51 Gb Total Space | 50,80 Gb Free Space | 73,08% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-FRÉDÉRIQU | User Name: Frédérique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Custom Scans ==========

 

 

< type c:\users\Frédérique\AppData\Local\qkuso.bat /c >

No captured output from command...

 

< >