Dit en un peu plus.est ce que tu a quand meme le logo de la marque de ta tour qui s'affiche quand tu demmarre ou est-ce que l'ordi lui meme ne demarre pas? "Toujours remercier les gens qui se donnent la peine de t'aider."

Bonjour,

rien de visible dans ce rapport HJT, mais c'est assez normal.

Si tu peux démarrer en mode sans échec avec prise enncharge réseau, fais ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
.

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

===========================

Ajoute un nouveau compte utilisateur.

Est ce que l'ordi démarrerait sur ce nouveau compte en mode normal ?

@+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. Merci

Re,

supprime le compte.

32 ou 64 bits ton Windows ? @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Re,

tu supprimes le compte que tu viens de créer.

Tu te mets en mode sans échec avec prise en charge réseau.

Tu regardes ce que tu as comme points de restauration.

Il y a les 2 versions de Vista (32 et 64).

Si j'ai bien compris, tu as un 32 bits (x86).

================

Ton problème date de quand ?

Tu as fait quoi juste avant ? (donc hier soir)

=================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Re,

qu'est ce que tu as comme point de restauration ? @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Ayé j'ai trouvé les points de restauration. Le premier proposé remonte à ce matin 7h56 (juste avant un Windows Udpate) sinon j'ai plusieurs points de restauration jusqu'au 1er janvier...

Re,

tu restaures avec le point immédiatement antérieur aux alertes de Ad Aware.

Tu me dis le résultat. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Re,

parfait.

Si cela fonctionne, je préfererai (à Hiajckthis) que tu fasses ceci :

Télécharge OTViewIt.exe depuis http://oldtimer.geekstogo.com/OTViewIt.exe

Enregistre ce fichier sur le Bureau.

Ferme toutes les fenêtres de programme ouvertes.

Fais un double clic sur OTViewIt.exe pour lancer l'outil.

Clique sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.

Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.

Ferme le Bloc-notes.

Le second rapport est visible dans la Barre des tâches. Le fermer également.

Ferme la fenêtre de OTViewIt.

Copie le contenu de OTViewIt.txt qui est sur ton Bureau dans ta réponse @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Merci de ton aide.
Je viens de lancer OTViewIt. Le problème c'est qu'il s'arrête de façon bizarre. Alors qu'il en est à l'étape "Scanning Application Event Log", une fenêtre s'affiche avec ce texte : "Access violation at address 770F10B0 in module 'nfdll.dll'. Read of address 0000001E". C'est normal ?

Je te poste quand même le rapport ci-dessous.

Sinon j'ai une autre question. Un peu échaudé par les problèmes qui me sont arrivés hier, j'ai installé LOOK 'N' STOP à la place du firewall de Windows. Seulement voilà il "buzze" sans arrêt comme s'il interceptait constamment des tentatives d'entrées UDP/TCP (alors que e-mule ne tourne pas, mais ça n'a peut-être rien à voir). C'est normal ?
Merci d'avance pour ton aide.

Le rapport OTViewIt :

OTViewIt logfile created on: 05/02/2009 11:27:27 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Pierre-Lau\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 51,01% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,00 Gb Total Space | 143,68 Gb Free Space | 59,62% Space Free | Partition Type: NTFS
Drive D: | 11,98 Gb Total Space | 1,61 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 671,23 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive H: | 212,78 Gb Total Space | 40,61 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: FAURE-MARGERIE
Current User Name: Pierre-Lau
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[color=orange]========== Processes ==========/color

[2009/01/01 11:42:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/08/01 20:47:00 | 00,021,296 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
[2008/05/03 13:15:42 | 00,101,376 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
[2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
[2008/08/01 20:47:00 | 00,026,416 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
[2008/01/21 03:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
[2006/11/02 16:04:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
[2008/09/02 13:42:04 | 08,203,352 | ---- | M] (GARMIN Corp.) -- C:\Garmin\ANT Agent\ANT Agent.exe
[2008/07/23 17:39:18 | 03,658,032 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
[2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[2008/12/25 19:50:04 | 00,091,136 | ---- | M] (grenouille.com) -- C:\Program Files (x86)\PyGrenouille\pygrenouille.exe
[2008/05/24 10:40:24 | 00,463,360 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
[2007/12/19 09:19:48 | 01,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2008/01/18 07:04:56 | 03,641,344 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
[2008/04/18 15:32:22 | 02,199,552 | ---- | M] () -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
[2007/04/07 01:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
[2008/04/09 16:01:46 | 00,102,400 | ---- | M] () -- C:\Windows\SysWOW64\OSDForm.exe
[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
[2008/08/18 16:53:42 | 00,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[2008/08/18 16:53:48 | 00,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[2008/09/03 22:05:28 | 01,144,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
[2008/09/03 22:05:38 | 00,210,216 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
[2008/01/21 03:49:12 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
[2008/01/21 03:47:33 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
[2007/10/30 10:45:00 | 00,014,376 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[2008/08/01 20:46:48 | 03,448,112 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
[2008/09/03 22:05:28 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
[2008/05/03 13:15:46 | 00,065,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
[2008/09/03 22:05:26 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
[2007/01/09 11:25:30 | 00,272,024 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[2008/09/03 22:05:26 | 00,324,904 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
[2008/07/23 17:40:58 | 00,368,432 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
[2008/07/23 17:38:10 | 00,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
[2008/07/23 17:44:58 | 00,080,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
[2009/02/05 10:33:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe

[color=orange]========== (O23) Win32 Services ==========/color

[2008/12/17 08:32:06 | 00,419,448 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free [Auto | Running])
[2009/01/01 11:42:03 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- -- (AEADIFilters [Auto | Running])
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/08/01 20:47:00 | 00,021,296 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/21 03:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/21 03:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/21 03:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/21 03:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/21 03:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2007/07/24 00:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2008/07/31 23:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/03/14 17:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2008/05/03 13:15:42 | 00,101,376 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE -- (HP Touch Screen Enhance [Auto | Running])
[2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
File not found -- -- (lnssvcVista [Auto | Running])
[2006/11/02 14:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/21 03:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/21 03:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2008/01/21 03:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2007/07/24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/21 03:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/11/02 07:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 07:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

[color=orange]========== Driver Services ==========/color

File not found -- -- (ACPIService [On_Demand | Running])
File not found -- -- (ADIHdAudAddService [On_Demand | Running])
[2008/01/21 03:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/21 03:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/01/21 03:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/21 03:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/21 03:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (AVerBDA6x_x64 [On_Demand | Running])
File not found -- -- (avgntflt [Auto | Running])
[2008/01/21 03:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/21 03:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (btwaudio [On_Demand | Running])
File not found -- -- (btwavdt [On_Demand | Running])
File not found -- -- (btwl2cap [On_Demand | Running])
File not found -- -- (btwrchid [On_Demand | Running])
[2008/01/21 03:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/21 03:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/21 03:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found -- -- (iaStor [Boot | Running])
[2008/01/21 03:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (lnsfw [On_Demand | Running])
File not found -- -- (lnsfw1 [System | Running])
[2008/01/21 03:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/21 03:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
File not found -- -- (ManyCam [On_Demand | Running])
[2008/01/21 03:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/21 03:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2006/09/18 22:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (netr28x [On_Demand | Running])
[2008/01/21 03:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/21 03:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/21 03:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/21 03:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (RTL8169 [On_Demand | Running])
[2006/09/30 00:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/21 03:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/09/18 22:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008/01/21 03:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2008/01/21 03:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/21 03:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/21 03:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])

[color=orange]========== (R ) Internet Explorer ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/...
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/...

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/...
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://ie.redirect.hp.com/...
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/...
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://ie.redirect.hp.com/...
"StartPageCache"=

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[color=orange]========== (O1) Hosts File ==========/color

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

[color=orange]========== (O2) BHO's ==========/color

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

[color=orange]========== (O4) Run Keys ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe" (Google Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avgnt"="C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"Buttons & OSDs control application gen2"="C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe" ()
"CLMLServer for HP TouchSmart"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (CyberLink)
"Corel File Shell Monitor"=C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (Corel, Inc.)
"HP KEYBOARD"="C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" (Hewlett-Packard)
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
"OpwareSE4"="C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe File not found
"SoundMAX"="C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.)
"TSMAgent"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (CyberLink Corp.)
"UCam_Menu"="c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" (CyberLink Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"=C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
"HPSmartCenterBoot"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe" (Hewlett-Packard)
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"=C:\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
"HPSmartCenterBoot"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe" (Hewlett-Packard)
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" ()
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

[color=orange]========== (O6 & O7) Current Version Policies ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[color=orange]========== (O8) IE Context Menu Extensions ==========/color

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
Envoyer au périphérique &Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
Envoyer l'&image au périphérique Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 22:47:18 | 03,751,995 | ---- | M] (Google Inc.)
Envoyer au périphérique &Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
Envoyer l'&image au périphérique Bluetooth...: c:\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

[color=orange]========== (O9) IE Extensions ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [2007/04/07 01:56:44 | 00,501,400 | ---- | M] (Sun Microsystems, Inc.)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Envoyer à Bluetooth -- %SystemDrive%\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Envoyer au périphérique &Bluetooth... -- %SystemDrive%\Programmes\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2003/04/14 20:05:50 | 01,498,032 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2003/04/14 20:05:50 | 01,498,032 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Envoyer à Bluetooth] -> File not found

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Envoyer à Bluetooth] -> File not found

[color=orange]========== (O12) Internet Explorer Plugins ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========/color

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-107450602-193270753-2793107953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[color=orange]========== (O16) DPF ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01

[color=orange]========== (O17) DNS Name Servers ==========/color

{7D135330-7CC8-4C4E-9B57-D33F20090AC4} (Servers: | Description: )
{A2DF3F56-9576-4AC9-8A9C-CE83E4885169} (Servers: 212.27.40.240,212.27.40.241 | Description: 802.11n Wireless LAN Card)
{BDCD3392-725B-4956-A61F-BB5FB9B97AE6} (Servers: | Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))

[color=orange]========== (O20) HKLM Winlogon Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


[color=orange]========== (O21) SSODL Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

[color=orange]========== HKLM *SecurityProviders* ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/21 03:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

[color=orange]========== LSA *Security Packages* ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/21 03:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

[color=orange]========== Safeboot Options ==========/color

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1


[color=orange]========== MountPoints2 ==========/color

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10df5478-d814-11dd-8dc8-0021868db911}\Shell\AutoRun\command]
""=G:\Launch.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\AutoRun\command]
""=E:\install.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\configure\command]
""=E:\install.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e1ba830-88a7-11dd-8197-806e6f6e6963}\Shell\install\command]
""=E:\install.EXE -- File not found

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[2009/02/05 10:33:09 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe
[2009/02/04 23:38:19 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Local\looknstop
[2009/02/04 23:35:58 | 02,214,740 | -H-- | C] () -- C:\Users\Pierre-Lau\AppData\Local\IconCache.db
[2009/02/04 23:35:44 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/04 23:28:43 | 01,199,616 | ---- | C] (Microsoft Corporation) -- C:\Users\Pierre-Lau\Desktop\Installation_LooknStop_206p3_x64_VC2005.exe
[2009/02/04 20:09:52 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/04 18:36:23 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/04 09:56:45 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Malwarebytes
[2009/02/04 09:56:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/04 09:56:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/02/04 08:51:38 | 00,000,732 | ---- | C] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps64.dat
[2009/02/04 00:00:27 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Template
[2009/02/04 00:00:23 | 00,000,100 | ---- | C] () -- C:\Users\Pierre-Lau\AppData\Roaming\wklnhst.dat
[2009/02/03 10:12:09 | 00,000,000 | -H-D | C] -- C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
[2009/02/03 10:12:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft(86)
[2009/02/02 15:11:46 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Corel(135)
[2009/02/02 15:07:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel(89)
[2009/02/02 15:07:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel(36)
[2009/02/02 14:57:01 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\InstallShield
[2009/02/02 09:47:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Undelete
[2009/02/02 09:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NTFS Undelete
[2009/02/02 09:09:06 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\CyberLink
[2009/02/02 09:08:36 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Macromedia
[2009/02/02 09:08:33 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\Adobe(56)
[2009/02/02 09:07:39 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\drivers
[2009/02/02 09:07:33 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\GARMIN
[2009/02/01 12:20:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel(95)
[2009/02/01 12:20:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel(26)
[2009/02/01 10:51:40 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/01 10:51:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft(92)
[2009/01/30 23:21:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Freeplayer
[2009/01/29 23:52:04 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus
[2009/01/29 11:38:55 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Desktop\PACS Party
[2009/01/29 11:35:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NetSurveyor
[2009/01/27 18:10:43 | 00,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2009/01/27 18:10:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2009/01/24 15:19:17 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\Documents\My Music
[2009/01/24 15:14:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HotzicBurner
[2009/01/22 15:54:20 | 01,316,691 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.png
[2009/01/22 15:46:48 | 00,909,254 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.jpg
[2009/01/22 15:31:35 | 21,071,8330 | ---- | C] () -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus.zip
[2009/01/18 22:07:15 | 00,022,528 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\Lettre Spirou.doc
[2009/01/18 21:25:43 | 02,012,730 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.bmp
[2009/01/18 20:15:26 | 00,129,113 | ---- | C] () -- C:\Users\Pierre-Lau\Desktop\CV2009.pdf
[2009/01/18 20:11:53 | 04,372,480 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\CV2009.doc
[2009/01/12 21:57:40 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Roaming\dvdcss
[2009/01/12 00:36:35 | 00,402,696 | ---- | C] () -- C:\Users\Pierre-Lau\Documents\pacs1.jpg
[2009/01/10 12:00:08 | 00,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE3229FB-8FFC-4513-B46C-1D8F55B93289}.job
[2009/01/08 14:18:10 | 00,000,000 | ---D | C] -- C:\Users\Pierre-Lau\AppData\Local\BuildAGadget Content
[2009/01/06 16:57:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp

[color=orange]========== Files - Modified Within 30 Days ==========/color

[2009/02/05 10:52:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/05 10:52:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/05 10:51:11 | 00,001,892 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/05 10:50:48 | 02,214,740 | -H-- | M] () -- C:\Users\Pierre-Lau\AppData\Local\IconCache.db
[2009/02/05 10:40:14 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE3229FB-8FFC-4513-B46C-1D8F55B93289}.job
[2009/02/05 10:33:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre-Lau\Desktop\OTViewIt.exe
[2009/02/04 23:37:52 | 00,008,268 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps.dat
[2009/02/04 23:28:44 | 01,199,616 | ---- | M] (Microsoft Corporation) -- C:\Users\Pierre-Lau\Desktop\Installation_LooknStop_206p3_x64_VC2005.exe
[2009/02/04 23:00:56 | 00,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C4E0C14B-5A8D-487B-8953-718916220A0D}.job
[2009/02/04 22:37:28 | 00,000,732 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\d3d9caps64.dat
[2009/02/04 00:00:36 | 00,000,100 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Roaming\wklnhst.dat
[2009/02/02 11:31:20 | 00,161,648 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/22 16:03:48 | 21,071,8330 | ---- | M] () -- C:\Users\Pierre-Lau\Desktop\OneTouch4-Plus.zip
[2009/01/22 15:54:21 | 01,316,691 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.png
[2009/01/22 15:46:49 | 00,909,254 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.jpg
[2009/01/18 22:17:31 | 00,022,528 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\Lettre Spirou.doc
[2009/01/18 21:36:28 | 00,129,113 | ---- | M] () -- C:\Users\Pierre-Lau\Desktop\CV2009.pdf
[2009/01/18 21:36:06 | 04,372,480 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\CV2009.doc
[2009/01/18 21:25:43 | 02,012,730 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\PhotoCV2009.bmp
[2009/01/17 01:15:27 | 00,298,496 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\questionnaire.doc
[2009/01/16 12:43:51 | 00,074,240 | ---- | M] () -- C:\Users\Pierre-Lau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 11:28:29 | 00,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/01/16 11:28:27 | 00,000,088 | RHS- | M] () -- C:\ProgramData\CED992118A.sys
[2009/01/11 21:37:23 | 00,402,696 | ---- | M] () -- C:\Users\Pierre-Lau\Documents\pacs1.jpg
< End of report >

Bonjour,

refais tourner MBAM et poste le rapport (en mode normal et scan rapide).

Scanne ton ordi avec l'antivirus et poste le rapport. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Alors voilà déjà le rapport de MBAM qui a trouvé un truc (je dois le supprimer ?). Je suis en train de faire tourner le scan de mon antivirus. Et par rapport au scan OTViewIt de ce matin, y'a rien de suspect ou d'inutile ?
A force je me demande si je ne vais pas purement et simplement faire une réinstallation du système. Vista s'est quand même "figé" 3 ou 4 fois dans la journée sans explication...
Merci encore.

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1731
Windows 6.0.6001 Service Pack 1

05/02/2009 18:13:24
mbam-log-2009-02-05 (18-13-19).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197680
Temps écoulé: 40 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Re,

tu supprimes. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Re,

fais ceci :

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ce fichier : C:\Windows\System32\explorer.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

==================

Je voudrais aussi que tu vérifies l'existence de C:\Windows\explorer.exe @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Re,

peux faire scanner aussi sur VirusTotal C:\Windows\explorer.exe et poster le rapport. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci

Et voilà (mais c'est grave docteur ??) :


Fichier explorer.exe reçu le 2009.02.05 23:24:06 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -
Information additionnelle
File size: 3080704 bytes
MD5...: bbd8e74f23d7605cb0cdb57a1b25d826
SHA1..: d84af003a6a9dcf6ca9bd68bb66f2b96dcd1fce8
SHA256: 2e5e05f85aa53789a88cccb98dc6a52864492cf92f259ed24f4ffd894e91­d096
SHA512: 1ad2a4c92ff062234a42ddb9029a0587c770036c5f1868291494d8b8c695­ddc3<br>dd8ca800fec0b30b8931ca61ca62281e8023f8baab20a2defc1f7cae63dd1642<br>
ssdeep: 24576:F3/xDOesUVC38HDINpGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:FPxDOesUVP<br>HDIvLC8A7/eFw33l<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (95.5%)<br>Generic Win/DOS Executable (2.2%)<br>DOS Executable Generic (2.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x23550<br>timedatestamp.....: 0x4907e791 (Wed Oct 29 04:33:21 2008)<br>machinetype.......: 0x8664 (AMD64)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x731b9 0x73200 6.29 035ef792c6c677dda650715b324ea77b<br>.rdata 0x75000 0x19a64 0x19c00 4.63 a948cba1882a42bc64d94d561990b7e3<br>.data 0x8f000 0x2ffa 0x2e00 0.86 2db36e4ae57f1a7f36ba150aab05b050<br>.pdata 0x92000 0x858c 0x8600 5.97 5e3de5edca57db3504ae375153bbbfa9<br>.rsrc 0x9b000 0x2566a0 0x256800 7.04 4c8ed0154caccb7d6d39343edc8c8e27<br>.reloc 0x2f2000 0x1188 0x1200 5.39 7a0d23ff7ebf06fd655b80e02cb2ae13<br><br>( 19 imports ) <br>> ADVAPI32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, EventEnabled, EventWrite, EventRegister, EventUnregister, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid<br>> KERNEL32.dll: GetCurrentProcessId, MultiByteToWideChar, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetLocaleInfoW, GetSystemWindowsDirectoryW, FlushInstructionCache, SetLastError, RaiseException, CreateFileW, GetFileSize, ReadFile, LoadLibraryA, GetModuleHandleW, OpenEventW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, GlobalGetAtomNameW, ExpandEnvironmentStringsW, GetUserDefaultUILanguage, SystemTimeToFileTime, GetSystemTime, SetEvent, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GetUserDefaultLangID, GetPrivateProfileIntW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetBinaryTypeW, CompareFileTime, GetSystemTimeAsFileTime, MulDiv, GetTickCount, CompareStringOrdinal, lstrcmpiW, ExitProcess, GetTimeZoneInformation, SetFilePointer, DeleteCriticalSection, HeapDestroy, RegisterApplicationRestart, SetTermsrvAppInstallMode, CreateEventW, GetSystemDirectoryW, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, InitializeCriticalSection, GetCurrentProcess, SetErrorMode, FreeLibrary, GetProcAddress, GetEnvironmentVariableW, QueryPerformanceFrequency, GetFileAttributesExW, GetLongPathNameW, QueueUserWorkItem, GetProcessTimes, GetProcessId, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, GetModuleHandleA, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, GlobalAlloc, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, WaitForSingleObject, HeapAlloc, HeapFree, GetProcessHeap, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, GetCommandLineW, GetStartupInfoW, OpenProcess, LocalFree, LocalAlloc, GetLastError, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, CreateJobObjectW, CloseHandle, LoadLibraryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedPushEntrySList, VirtualAlloc, InterlockedPopEntrySList, VirtualFree, DelayLoadFailureHook<br>> GDI32.dll: GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, SetWindowOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, CreatePatternBrush, GetTextMetricsW, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, PatBlt, GetBkColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, CreateFontIndirectW, CreateSolidBrush, SetBkMode, SetTextColor, GetObjectW, DeleteObject, GetPixel, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps<br>> USER32.dll: GetScrollInfo, SetScrollInfo, SendMessageCallbackW, GetWindowLongPtrW, SwitchToThisWindow, EnableMenuItem, IsZoomed, IsIconic, GetSystemMenu, IsWindowVisible, GetWindowInfo, GetMonitorInfoW, MonitorFromWindow, GetWindowThreadProcessId, IsRectEmpty, KillTimer, SetTimer, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsWindow, SetFocus, GetFocus, GetMenuItemCount, LoadImageW, TrackPopupMenuEx, GetSubMenu, SetMenuDefaultItem, SetMenuInfo, LoadMenuW, InsertMenuItemW, SetForegroundWindow, DestroyIcon, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, CharUpperBuffW, GetWindowLongPtrA, PostQuitMessage, SetWindowLongPtrW, ShutdownBlockReasonCreate, LoadStringW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, UnregisterClassW, DestroyWindow, UpdateWindow, GetDesktopWindow, RegisterClassExW, EndPaint, SetLayeredWindowAttributes, LoadBitmapW, BeginPaint, InvalidateRect, DefWindowProcW, ShowWindow, MoveWindow, PostMessageW, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, ActivateKeyboardLayout, GetKeyboardLayout, IsProcessDPIAware, SetClassLongW, GetDCEx, PrintWindow, SetWindowLongW, GetPropW, GetGUIThreadInfo, GetCapture, GetNextDlgGroupItem, GetDlgCtrlID, GetNextDlgTabItem, ChildWindowFromPointEx, GetWindowDC, CharUpperW, SetWindowLongPtrA, RegisterClipboardFormatW, ReleaseCapture, SetWinEventHook, UnhookWinEvent, GetUserObjectInformationW, GetProcessWindowStation, LoadIconW, GetClassLongPtrW, GetIconInfo, InternalGetWindowText, GetShellWindow, SetProcessDPIAware, ReleaseDC, GetKeyState, GetForegroundWindow, IsWindowEnabled, GetAncestor, ShowWindowAsync, BringWindowToTop, MsgWaitForMultipleObjectsEx, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, EnableWindow, SetDlgItemInt, GetDlgItemInt, CheckDlgButton, SetParent, CopyIcon, DrawFocusRect, NotifyWinEvent, LockWorkStation, RegisterClassW, LoadCursorW, CascadeWindows, TileWindows, GetClassInfoExW, GetMenuItemID, TrackPopupMenu, FillRect, GetParent, CloseDesktop, OpenInputDesktop, GetThreadDesktop, EndTask, SetThreadDesktop, GetWindowLongW, EnumChildWindows, SendMessageW, MonitorFromRect, MapWindowPoints, AdjustWindowRectEx, SetRectEmpty, SetActiveWindow, DeregisterShellHookWindow, SetScrollPos, GetDlgItem, FlashWindowEx, GetClientRect, SetClassLongPtrW, GetClassLongW, GetClassInfoW, DrawTextW, GetSysColor, ScreenToClient, ClientToScreen, GetWindowRect, PtInRect, GetWindow, GetAsyncKeyState, HungWindowFromGhostWindow, GhostWindowFromHungWindow, IsDlgButtonChecked, EndDialog, GetSysColorBrush, UnionRect, EqualRect, IsHungAppWindow, GetLastActivePopup, AppendMenuW, WindowFromPoint, CheckMenuItem, ExitWindowsEx, DrawEdge, GetMessagePos, SetCursorPos, ChildWindowFromPoint, SendDlgItemMessageW, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, GetActiveWindow, MessageBeep, RemovePropW, GetLastInputInfo, GetWindowPlacement, GetWindowRgnBox, UpdateLayeredWindow, SetWindowRgn, SendMessageTimeoutW, OffsetRect, RedrawWindow, SubtractRect, WaitMessage, TranslateAcceleratorW, GetClassNameW, EnumDisplayMonitors, IntersectRect, LoadAcceleratorsW, SendNotifyMessageW, InflateRect, SetWindowPlacement, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockSetForegroundWindow, CopyRect, SetRect, MonitorFromPoint, SetPropW, ModifyMenuW, InsertMenuW, GetMenuState, GetMessageW, TranslateMessage, DispatchMessageW, CharNextW, CharPrevW, CreatePopupMenu, GetMenuDefaultItem, EnumWindows, RegisterShellHookWindow, IsChild, GetCursorPos, GetDC, FindWindowW, GetSystemMetrics, DestroyMenu, SystemParametersInfoW, SetWindowTextW<br>> msvcrt.dll: free, _vsnwprintf, memset, memcpy, memcmp, _terminate@@YAXXZ, _onexit, realloc, memmove, malloc, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _lock, __dllonexit, _unlock, __set_app_type, _fmode, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode<br>> ntdll.dll: NtClose, NtOpenThreadToken, NtQueryInformationToken, RtlGetProductInfo, NtOpenProcessToken, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation<br>> SHLWAPI.dll: PathGetDriveNumberW, -, StrChrIW, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, -, AssocQueryStringW, StrCmpW, -, PathParseIconLocationW, AssocQueryKeyW, PathIsPrefixW, -, -, -, -, SHOpenRegStream2W, -, -, PathFileExistsW, PathFindExtensionW, PathRemoveExtensionW, -, -, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, SHSetValueW, -, -, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, SHGetValueW, PathFindFileNameW, -, PathGetArgsW, SHSetThreadRef, SHCreateThreadRef, PathCombineW, -, -, -, -, -, StrChrW, StrToIntW, SHRegGetValueW, -, SHStrDupW, -, -, -, -, -, -, -, -, StrCmpNW, -, -, -, -, -, -, -, PathMatchSpecW, SHQueryValueExW, AssocCreate, StrCmpIW, -, PathIsRootW, PathIsNetworkPathW, -, SHQueryInfoKeyW, StrRetToBufW, -, -, -, -, -, StrStrIW, -, StrPBrkW, -, -, -, -, StrRetToStrW, PathStripToRootW<br>> SHELL32.dll: SHGetDesktopFolder, -, -, -, -, SHGetIDListFromObject, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetFolderPathW, -, -, -, SHBindToFolderIDListParentEx, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, ShellExecuteW, -, -, -, SHGetPathFromIDListA, -, -, -, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, Shell_NotifyIconW, -, -, -, SHGetFolderPathAndSubDirW, ExtractIconExW, Shell_GetCachedImageIndexW, -, -, SHGetSpecialFolderLocation, -, SHBindToParent, -, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, SHBindToObject, -, SHGetSpecialFolderPathW, -, SHGetFolderLocation, -, -, SHParseDisplayName, -, -, -<br>> ole32.dll: CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, StringFromGUID2, CoGetObject, RegisterDragDrop, RevokeDragDrop, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoFreeUnusedLibraries, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> SHDOCVW.dll: -, -<br>> UxTheme.dll: GetThemeColor, DrawThemeTextEx, GetThemeFont, GetThemeBackgroundRegion, GetThemeBool, IsCompositionActive, IsAppThemed, SetWindowTheme, GetThemeTextExtent, DrawThemeText, DrawThemeBackground, GetThemeRect, GetThemeMargins, GetThemeInt, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemeMetric, GetThemePartSize, GetThemeBackgroundContentRect, IsThemePartDefined<br>> POWRPROF.dll: GetPwrCapabilities<br>> dwmapi.dll: -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmIsCompositionEnabled, DwmUnregisterThumbnail, DwmRegisterThumbnail<br>> gdiplus.dll: GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipLoadImageFromFile, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDisposeImage, GdipAlloc, GdipFree, GdipCreateBitmapFromStream<br>> slc.dll: SLGetWindowsInformationDWORD<br>> RPCRT4.dll: RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFree, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingFromStringBindingW, NdrClientCall3<br>> PROPSYS.dll: VariantToInt32WithDefault, VariantToStringAlloc, PSCreateMemoryPropertyStore, VariantToStringWithDefault, VariantToBooleanWithDefault, PSGetPropertyDescription, PropVariantToStringAlloc, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyKeyFromName<br>> BROWSEUI.dll: -, -<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -

Information additionnelle
File size: 3080704 bytes
MD5...: bbd8e74f23d7605cb0cdb57a1b25d826
SHA1..: d84af003a6a9dcf6ca9bd68bb66f2b96dcd1fce8
SHA256: 2e5e05f85aa53789a88cccb98dc6a52864492cf92f259ed24f4ffd894e91d096
SHA512: 1ad2a4c92ff062234a42ddb9029a0587c770036c5f1868291494d8b8c695ddc3<br>dd8ca800fec0b30b8931ca61ca62281e8023f8baab20a2defc1f7cae63dd1642<br>
ssdeep: 24576:F3/xDOesUVC38HDINpGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:FPxDOesUVP<br>HDIvLC8A7/eFw33l<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (95.5%)<br>Generic Win/DOS Executable (2.2%)<br>DOS Executable Generic (2.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x23550<br>timedatestamp.....: 0x4907e791 (Wed Oct 29 04:33:21 2008)<br>machinetype.......: 0x8664 (AMD64)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x731b9 0x73200 6.29 035ef792c6c677dda650715b324ea77b<br>.rdata 0x75000 0x19a64 0x19c00 4.63 a948cba1882a42bc64d94d561990b7e3<br>.data 0x8f000 0x2ffa 0x2e00 0.86 2db36e4ae57f1a7f36ba150aab05b050<br>.pdata 0x92000 0x858c 0x8600 5.97 5e3de5edca57db3504ae375153bbbfa9<br>.rsrc 0x9b000 0x2566a0 0x256800 7.04 4c8ed0154caccb7d6d39343edc8c8e27<br>.reloc 0x2f2000 0x1188 0x1200 5.39 7a0d23ff7ebf06fd655b80e02cb2ae13<br><br>( 19 imports ) <br>> ADVAPI32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, EventEnabled, EventWrite, EventRegister, EventUnregister, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid<br>> KERNEL32.dll: GetCurrentProcessId, MultiByteToWideChar, GetLocalTime, GetTimeFormatW, GetDateFormatW, GetLocaleInfoW, GetSystemWindowsDirectoryW, FlushInstructionCache, SetLastError, RaiseException, CreateFileW, GetFileSize, ReadFile, LoadLibraryA, GetModuleHandleW, OpenEventW, FindClose, FindNextFileW, FindFirstFileW, GetFileAttributesW, GlobalGetAtomNameW, ExpandEnvironmentStringsW, GetUserDefaultUILanguage, SystemTimeToFileTime, GetSystemTime, SetEvent, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GetUserDefaultLangID, GetPrivateProfileIntW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetBinaryTypeW, CompareFileTime, GetSystemTimeAsFileTime, MulDiv, GetTickCount, CompareStringOrdinal, lstrcmpiW, ExitProcess, GetTimeZoneInformation, SetFilePointer, DeleteCriticalSection, HeapDestroy, RegisterApplicationRestart, SetTermsrvAppInstallMode, CreateEventW, GetSystemDirectoryW, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, InitializeCriticalSection, GetCurrentProcess, SetErrorMode, FreeLibrary, GetProcAddress, GetEnvironmentVariableW, QueryPerformanceFrequency, GetFileAttributesExW, GetLongPathNameW, QueueUserWorkItem, GetProcessTimes, GetProcessId, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, GetModuleHandleA, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, GlobalAlloc, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, WaitForSingleObject, HeapAlloc, HeapFree, GetProcessHeap, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, GetCommandLineW, GetStartupInfoW, OpenProcess, LocalFree, LocalAlloc, GetLastError, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, CreateJobObjectW, CloseHandle, LoadLibraryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, InterlockedPushEntrySList, VirtualAlloc, InterlockedPopEntrySList, VirtualFree, DelayLoadFailureHook<br>> GDI32.dll: GetStockObject, OffsetViewportOrgEx, GetLayout, CombineRgn, SetWindowOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, CreatePatternBrush, GetTextMetricsW, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, PatBlt, GetBkColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, CreateFontIndirectW, CreateSolidBrush, SetBkMode, SetTextColor, GetObjectW, DeleteObject, GetPixel, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps<br>> USER32.dll: GetScrollInfo, SetScrollInfo, SendMessageCallbackW, GetWindowLongPtrW, SwitchToThisWindow, EnableMenuItem, IsZoomed, IsIconic, GetSystemMenu, IsWindowVisible, GetWindowInfo, GetMonitorInfoW, MonitorFromWindow, GetWindowThreadProcessId, IsRectEmpty, KillTimer, SetTimer, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsWindow, SetFocus, GetFocus, GetMenuItemCount, LoadImageW, TrackPopupMenuEx, GetSubMenu, SetMenuDefaultItem, SetMenuInfo, LoadMenuW, InsertMenuItemW, SetForegroundWindow, DestroyIcon, SetMenuItemInfoW, GetMenuItemInfoW, DeleteMenu, CharUpperBuffW, GetWindowLongPtrA, PostQuitMessage, SetWindowLongPtrW, ShutdownBlockReasonCreate, LoadStringW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, UnregisterClassW, DestroyWindow, UpdateWindow, GetDesktopWindow, RegisterClassExW, EndPaint, SetLayeredWindowAttributes, LoadBitmapW, BeginPaint, InvalidateRect, DefWindowProcW, ShowWindow, MoveWindow, PostMessageW, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, ActivateKeyboardLayout, GetKeyboardLayout, IsProcessDPIAware, SetClassLongW, GetDCEx, PrintWindow, SetWindowLongW, GetPropW, GetGUIThreadInfo, GetCapture, GetNextDlgGroupItem, GetDlgCtrlID, GetNextDlgTabItem, ChildWindowFromPointEx, GetWindowDC, CharUpperW, SetWindowLongPtrA, RegisterClipboardFormatW, ReleaseCapture, SetWinEventHook, UnhookWinEvent, GetUserObjectInformationW, GetProcessWindowStation, LoadIconW, GetClassLongPtrW, GetIconInfo, InternalGetWindowText, GetShellWindow, SetProcessDPIAware, ReleaseDC, GetKeyState, GetForegroundWindow, IsWindowEnabled, GetAncestor, ShowWindowAsync, BringWindowToTop, MsgWaitForMultipleObjectsEx, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, EnableWindow, SetDlgItemInt, GetDlgItemInt, CheckDlgButton, SetParent, CopyIcon, DrawFocusRect, NotifyWinEvent, LockWorkStation, RegisterClassW, LoadCursorW, CascadeWindows, TileWindows, GetClassInfoExW, GetMenuItemID, TrackPopupMenu, FillRect, GetParent, CloseDesktop, OpenInputDesktop, GetThreadDesktop, EndTask, SetThreadDesktop, GetWindowLongW, EnumChildWindows, SendMessageW, MonitorFromRect, MapWindowPoints, AdjustWindowRectEx, SetRectEmpty, SetActiveWindow, DeregisterShellHookWindow, SetScrollPos, GetDlgItem, FlashWindowEx, GetClientRect, SetClassLongPtrW, GetClassLongW, GetClassInfoW, DrawTextW, GetSysColor, ScreenToClient, ClientToScreen, GetWindowRect, PtInRect, GetWindow, GetAsyncKeyState, HungWindowFromGhostWindow, GhostWindowFromHungWindow, IsDlgButtonChecked, EndDialog, GetSysColorBrush, UnionRect, EqualRect, IsHungAppWindow, GetLastActivePopup, AppendMenuW, WindowFromPoint, CheckMenuItem, ExitWindowsEx, DrawEdge, GetMessagePos, SetCursorPos, ChildWindowFromPoint, SendDlgItemMessageW, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, GetActiveWindow, MessageBeep, RemovePropW, GetLastInputInfo, GetWindowPlacement, GetWindowRgnBox, UpdateLayeredWindow, SetWindowRgn, SendMessageTimeoutW, OffsetRect, RedrawWindow, SubtractRect, WaitMessage, TranslateAcceleratorW, GetClassNameW, EnumDisplayMonitors, IntersectRect, LoadAcceleratorsW, SendNotifyMessageW, InflateRect, SetWindowPlacement, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockSetForegroundWindow, CopyRect, SetRect, MonitorFromPoint, SetPropW, ModifyMenuW, InsertMenuW, GetMenuState, GetMessageW, TranslateMessage, DispatchMessageW, CharNextW, CharPrevW, CreatePopupMenu, GetMenuDefaultItem, EnumWindows, RegisterShellHookWindow, IsChild, GetCursorPos, GetDC, FindWindowW, GetSystemMetrics, DestroyMenu, SystemParametersInfoW, SetWindowTextW<br>> msvcrt.dll: free, _vsnwprintf, memset, memcpy, memcmp, _terminate@@YAXXZ, _onexit, realloc, memmove, malloc, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _lock, __dllonexit, _unlock, __set_app_type, _fmode, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode<br>> ntdll.dll: NtClose, NtOpenThreadToken, NtQueryInformationToken, RtlGetProductInfo, NtOpenProcessToken, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation<br>> SHLWAPI.dll: PathGetDriveNumberW, -, StrChrIW, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, -, AssocQueryStringW, StrCmpW, -, PathParseIconLocationW, AssocQueryKeyW, PathIsPrefixW, -, -, -, -, SHOpenRegStream2W, -, -, PathFileExistsW, PathFindExtensionW, PathRemoveExtensionW, -, -, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, SHSetValueW, -, -, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, SHGetValueW, PathFindFileNameW, -, PathGetArgsW, SHSetThreadRef, SHCreateThreadRef, PathCombineW, -, -, -, -, -, StrChrW, StrToIntW, SHRegGetValueW, -, SHStrDupW, -, -, -, -, -, -, -, -, StrCmpNW, -, -, -, -, -, -, -, PathMatchSpecW, SHQueryValueExW, AssocCreate, StrCmpIW, -, PathIsRootW, PathIsNetworkPathW, -, SHQueryInfoKeyW, StrRetToBufW, -, -, -, -, -, StrStrIW, -, StrPBrkW, -, -, -, -, StrRetToStrW, PathStripToRootW<br>> SHELL32.dll: SHGetDesktopFolder, -, -, -, -, SHGetIDListFromObject, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetFolderPathW, -, -, -, SHBindToFolderIDListParentEx, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, ShellExecuteW, -, -, -, SHGetPathFromIDListA, -, -, -, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, Shell_NotifyIconW, -, -, -, SHGetFolderPathAndSubDirW, ExtractIconExW, Shell_GetCachedImageIndexW, -, -, SHGetSpecialFolderLocation, -, SHBindToParent, -, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, SHBindToObject, -, SHGetSpecialFolderPathW, -, SHGetFolderLocation, -, -, SHParseDisplayName, -, -, -<br>> ole32.dll: CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, StringFromGUID2, CoGetObject, RegisterDragDrop, RevokeDragDrop, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoFreeUnusedLibraries, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx<br>> OLEAUT32.dll: -, -, -, -, -, -<br>> SHDOCVW.dll: -, -<br>> UxTheme.dll: GetThemeColor, DrawThemeTextEx, GetThemeFont, GetThemeBackgroundRegion, GetThemeBool, IsCompositionActive, IsAppThemed, SetWindowTheme, GetThemeTextExtent, DrawThemeText, DrawThemeBackground, GetThemeRect, GetThemeMargins, GetThemeInt, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemeMetric, GetThemePartSize, GetThemeBackgroundContentRect, IsThemePartDefined<br>> POWRPROF.dll: GetPwrCapabilities<br>> dwmapi.dll: -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmIsCompositionEnabled, DwmUnregisterThumbnail, DwmRegisterThumbnail<br>> gdiplus.dll: GdiplusShutdown, GdiplusStartup, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipLoadImageFromFile, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDisposeImage, GdipAlloc, GdipFree, GdipCreateBitmapFromStream<br>> slc.dll: SLGetWindowsInformationDWORD<br>> RPCRT4.dll: RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcBindingFree, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingFromStringBindingW, NdrClientCall3<br>> PROPSYS.dll: VariantToInt32WithDefault, VariantToStringAlloc, PSCreateMemoryPropertyStore, VariantToStringWithDefault, VariantToBooleanWithDefault, PSGetPropertyDescription, PropVariantToStringAlloc, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyKeyFromName<br>> BROWSEUI.dll: -, -<br><br>( 0 exports ) <br>

Re,

grave pas forcément.

Mais tu as 2 fichiers qui ont le même nom, n'ont pas la même taille, sont localisés dans 2 répertoires différents et sont non infectieux.

Il faut que je regarde.

Je ferai ça au jour. @+
Faites ce que l'on vous demande, ni plus, ni moins.
Ne créez pas de doublons, ni sur CCM ni sur un autre site. M­erci