Infections - PC lent - Vundo

Bonjour jlpjlp,

Merci de ton aide. J'ai fait comme tu as dit. Je colle le rapport de combofix.
Windows n'était malheureusement pas à jour car les virus bloquaient la mise à jour :-(

Encore merci de ton intéret.

ComboFix 09-01-11.04 - Pierre 2009-01-12 15:31:46.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\Pierre\Desktop\ComboFix.exe
AV: AntiVir Windows Workstation *On-access scanning disabled* (Outdated)

[COLOR=RED][B]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/B][/COLOR]
.
[color=purple]Die folgenden Dateien wurden während des Laufs deaktiviert:[/color]
c:\windows\system32\barusaya.dll

[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i]
[i] ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams. [/i]
[i] ADS - explorer.exe: deleted 132 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
c:\dokumente und einstellungen\Pierre\Anwendungsdaten\NI.GSCNS
c:\dokumente und einstellungen\Pierre\Anwendungsdaten\NI.GSCNS\dl.ini
c:\dokumente und einstellungen\Pierre\Anwendungsdaten\NI.GSCNS\settings.ini
c:\programme\webhancer
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\system32\barusaya.dll.vir
c:\windows\system32\iyezuvag.ini
c:\windows\system32\MabryObj.dll
c:\windows\system32\mekawiba.dll
c:\windows\system32\nukiyofi.dll
c:\windows\system32\S4
c:\windows\system32\tmp.reg
c:\windows\system32\twex.exe
c:\windows\Tasks\gmyqloze.job

----- BITS: Eventuell infizierte Webseiten -----

hxxp://untergang.info
.
((((((((((((((((((((((( Dateien erstellt von 2008-12-12 bis 2009-01-12 ))))))))))))))))))))))))))))))
.

2009-01-12 14:04 . 2009-01-12 14:04 <DIR> d-------- C:\VundoFix Backups
2009-01-12 13:51 . 2009-01-12 13:51 <DIR> d-------- c:\programme\CCleaner
2009-01-12 12:03 . 2009-01-12 12:03 <DIR> d-------- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-01-08 10:12 . 2009-01-08 10:12 <DIR> d-------- c:\programme\Avira
2009-01-08 10:12 . 2009-01-08 10:12 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-01-08 08:39 . 2009-01-12 10:50 <DIR> d-------- c:\programme\Spybot - Search & Destroy
2009-01-08 08:39 . 2009-01-12 14:22 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-01-07 08:24 . 2009-01-07 08:24 74,582 --a------ c:\windows\SYSTEM32\potrxkgnvizw
2008-12-19 09:23 . 2008-12-19 09:23 <DIR> d--hs---- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\twain32
2008-12-19 09:22 . 2008-12-19 09:22 <DIR> d--hs---- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\twain32
2008-12-19 09:19 . 2009-01-12 15:35 <DIR> d--hs---- c:\windows\SYSTEM32\twain32
2008-12-15 17:00 . 2008-12-15 17:00 <DIR> d-------- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\McAfee

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 14:37 --------- d-----w c:\dokumente und einstellungen\Pierre\Anwendungsdaten\VMware
2009-01-08 13:51 --------- d-----w c:\programme\Java
2009-01-08 13:42 --------- d-----w c:\programme\Mozilla Thunderbird
2009-01-08 12:32 --------- d-----w c:\programme\eclipse
2009-01-08 09:05 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2009-01-08 08:41 --------- d-----w c:\dokumente und einstellungen\Pierre\Anwendungsdaten\McAfee
2008-12-22 07:28 --------- d-----w c:\dokumente und einstellungen\LocalService\Anwendungsdaten\SACore
2008-12-19 11:56 --------- d-----w c:\programme\eclipse2
2008-12-11 13:53 --------- d-----w c:\programme\Notepad++
2008-12-10 09:31 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-12-09 14:57 --------- d-----w c:\programme\INCOME2010_0.2.4.win32
2008-12-09 07:56 --------- d-----w c:\programme\SiteAdvisor
2008-12-09 07:56 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\SiteAdvisor
2008-12-05 11:12 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-12-05 08:17 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\VMware
2008-12-05 08:13 --------- d-----w c:\dokumente und einstellungen\LocalService\Anwendungsdaten\VMware
2008-12-05 08:02 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-05 08:02 --------- d-----w c:\programme\GE Fanuc
2008-12-01 09:29 --------- d-----w c:\programme\eclipse-java-ganymede-SR1-win32
2008-11-13 10:41 --------- d-----w c:\dokumente und einstellungen\Pierre\Anwendungsdaten\TortoiseSVN
2007-10-08 15:27 15,453,416 ----a-w c:\dokumente und einstellungen\oracle\clj3550hbwinvista2kxp2003.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"openvpn-gui"="c:\programme\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"vmware-tray"="c:\programme\VMware\VMware Workstation\vmware-tray.exe" [2007-08-21 72240]
"VMware hqtray"="c:\programme\VMware\VMware Workstation\hqtray.exe" [2007-08-21 55856]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"avgnt"="c:\programme\Avira\AntiVir Workstation\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Oracle Drive.lnk - c:\programme\Oracle\ODrive\odrive.exe [2007-02-09 73728]
Printkey2000.lnk - c:\programme\PrintKey2000\Printkey2000.exe [2007-10-11 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\fefiyiri.dll c:\windows\system32\tabisape.dll c:\windows\system32\pefedamu.dll c:\windows\system32\ c:\windows\system32\barusaya.dll c:\windows\system32\ c:\windows\system32\besigaza.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"10450604"= 33453632433936352d464530392d344543412d413639412d434142443934304142364139
"10450593"= 02d3997f37701ed698acf1e375bba48be7fc7ebd5d70159f807eb31eb72fe748ec095c679e7eb4d9d9f1db228a7b0564a2c2fd0e5b0b8293024e950a4e510f76509ab06d79375ed5bd49567d6040eb76e434342487a513649f85591b22e749447b03a2b9e00b36407bb37b83ebc5b27cc54bad77eebd46aafb3517d8b65cda0efd76dd92ecefb207430683a9a03d76479a08e79f4f27f2004ec636371e5314f2c69a781f6a1aed2653b8d9880003daacab060ad48989500a0c3cfc86f41cf943d86066b89e741d3ddacc26c9d2601b23214c260aaaf538328058b3a32fc52fcde93208504a3f0204b2db110e90a5dd76b1198386110f7dff3e852770ab04e3182d1d48ec29a566019dd10587ecbfd7bf841a5effa4571782e4ee4bad15463b8920c1fa5f72f16160a53744562daa9568d0b1ab55d17ea965aabc52d98c56391b80d96c5bae80dd30bd87501061523bb8ca8a6db0e1e1170494de7722eaead1dc84e5ff0ccf916b1f3d05274558dce9ab31b6ce58f079bf04566fa12d665f4bd8062e103231e000
"aux2"= c_450573.nls
"wave2"= c_450573.nls
"mixer2"= c_450573.nls
"midi1"= c_450573.nls
"aux1"= c_450573.nls
"wave1"= c_450573.nls
"midi2"= c_450573.nls
"10450623"= 36c08e969b78dd676c231b06f9a6348d0f12bb5347a58f14f8d10aea01f06de858c9ff5b48e526de8dd40cec156aa5721b947ab8da19c02e4c4fd237a230c7d40e3236f46dfac3ca45747e0659a6a0b32bb64a52814991748fd03453b1b3c15beb3711ffd05d516a94645cbfb350da520c38a799d9561ea5a285c21bdf19dd84928f9bef3aeeb0f1b2206f8ee5aab6fc291daebbd812dd666160fb063834f949fa908a04d5dd8fd76b386b89cc241bf4c929c549c35e275b4c8d61d7fd48d39bf8fde7e7a96a3cee0cf0f6056d40a52531ce1a7479a77b2e6b17c3772b6e9eba7dc28c8a7ae53fae7d502c35ec0ac80d1481e84f74be728873ed1e95f5c9d3f059d7c322bdd4f4ff7c96ba616cb6e3b385eec0da8c66589e6d66597e19c7ee8c910d051a1594b64648ca2bb56cb464a3135c3990c477c0d01bc255ec446ed95db87f45d2c517c1288815c37be37da8d05fc14da43ba58aaaba505671dd96817fd64cee49527bba843a8d501ff47dea0735bc7f290db10e9a0063684c5ad927630184c62026a28a220c1f1944c62de101abd30306b26f1f9a8ec34c58af75cb45a8c2736ab3f3a902d469b0d3f2475b79d0260ceb194c1e9ff7dba174e3499f66eec793bacbc3a052f502de8cd5317cef0f9202931ebbf5e1d41cf940189cf8e28e4c0243787b5aa592a5c4fc0274c754a8fab4d92cbe85aa1319432976f01b44da221cef3f1adc4e5257fd4277ba4aa3f13b5eaec3e1acf3e036567b51a85a41b0e6fad02fb86d9406abd5bef3d27170fcf36a9ee383658e4570b1af8f58073f3cd6c1c283562b134d81202173b486de97c0a40aa3a9771a4103be88d994c90f8c28b9b1eb6e1f46f02432867e033909866b62505636a3138f67a2fba88c7c07ac559cee40143233faa88ef5644186c853cb143c7db0f08014b23a738b6d2674711414ae9c2f7bbb3d75a9fe318a659761479650a0cfca42a3af9f0709d3f79a976d228214bb5a3ab102405570ff43abfe5292947e6e4b4790684eb794966bc821669d53100f6441888e22e6e660b45cf5db5766de2a9c6937cbc50048d457644f685a9698f156da4d13b7cb9569781397f2c2f95fe50e28752d573552768731de69d4087155ded3f4d3ae2d9e97e6207540ca6af41949822a63c3f151cec286581eaf097e47b7c7bf27c4648b24e207a66ca482834deb95cb6e5cd9a1c39e7126fcc92b51753f84bb4332e7415f53129381fb9ea7b6d4e0168dd0569c7cc6dcee04591bdd7ee7253e1cfb8e33220341d81650c7574fe4583f13c69daa7774bf2456dff0f8d7ff144c84c69001f07201a1524472e8f32682932a3aced83dda6a2fe3a84580453410f21589d42236810b33ac36fc558b93c7fce1efed98e0efb0b6af772eeef457e1795e10e52e77b27292d1a5dda89373592fdc990b70c708287c49bae247b1f14f1adfe014b4bd91f9ac33c2bb17b873bdfbf9d8d5077bfb4aaa90f477e905823b1da1e4abbc697bc0efd51c96c5751ea79e8ed22f6a24a8d038e5a1e2ea8a2e34c6c01d9620968a41ce78daddf3ac87ba708b2000d294220a2e397897cce03ec625b6ab604c92fd3ce3ed8998f3f8c1bb79e7644acee6277a8517890d68a4da50d30df5893e42f018fed0400ba493ccc5c01e8bbb676cb2aae538f5fe731b95563d676665221d6496504aef3937dd4a005dddce899b05811cca2cd571170f0942d2e37f5ca58e1075de8150cc743bbf394e336d4e5b4499f6c982ff943e985d23faccecf6d185498e7ab798bf82e62147de10d4096bce5fd6ec0139745462fe068c6f7d3a74e086e990ae9a8691e18be3f85865fda7a21a8385752305820e589f9947a83900a405671674c46988653b38ee71311bf6ff4036301358f0c23ff931e500e8a160da15b06cb3f5349cab2f7e873a8aeb00d2ad8321d9f9740d04dcc28b5fca86706063bb2ab4ba28c5c097197c3ffd451e8f2880a397cbaa6af508c07da94eca5d2c285c0dd605aa105ee095419d20170ba64dbf594b6228c61c5789225eee631c477edd21e7246f0ee1a4b9e1299553aeb816480076c74e1c71dd63e98e8d8546988578c0b960fea18402d19405c16a92174284d03ecd71a0ecedaeb99871f13a9a535c554b39091dfbdbeaf2deddcb57cd186339c3130cb333aef0953862bebf13cf6a5e35b1ae487cd3c8eb56402c34fce090b9cae08e667d210dcf43e8c6f409358243560ec537b81bed47b02a7202e79984f79f544693b2794c6b013a1234c0fd7cfdae3efe584e2052138a34cf2fa6cba36ba793e75c6e6f9d545ed9f855cdae626200f7f7a8a528296445390c861f77ad012f49d55498666afb9f2ff6c51c9cbe70c4e60831e11e036ddf9bac302006008f8d93fcd5f0ec6df3d2dcd7df39bafd589f7095a39cb1cbca8f14e5fd0fcdba341b76062eeb9ea0c070482935dc700736b9bc5f82136e3077ed395b256748d4299511c722a7c1dc2e9be97d25c7cda62de8fd7ef0b12846b773e4d66d78da0fff9cb326ab8c89d5f86ad0f495386e96bc34bf9e8d067183ff1e72fbe7a72b85d2836ef7ffb0c1ce65c66b72f39ea01453696130833480774a12e60fe3bc98dcb42575b5203bd3d3afffced7c92362b182a9e63ecd0bf189ac2679c96ba1a8619879081cab495d5a832e212e7a753f706450f059b87466379686158cafae23d5a015e9fa9a1270f53432eef3944db2e05e5213df0837256fc8fa059b1e4ab53b013318c2645b9211f6f668ca43337b836d37884fb64cdb477d91db59ad45c43e7e36973cbde97e7690b8e79b94f0c223b08fe0818db393f7eda5f38eb6d7b8c51c4d0662440ec2f5da0a6534912529372476facb56d31f69e2fcd40bcb7fba8914223d3adb8de73b002da32398732f1242b7a14c43430590a06f10df1c37b292df41d9e6438cc41c5e0cdfb5a56094f7c83b4339b69ec1814907e73646415f5c67bff3233e4bf38425917d2f7b6176ff494ec3d71b326cb6041d6b8ef0d04f7eb7b87661e21d41b6c62e8b73216e4364834bb78d63af7c6da297fafabc722d99f194fdd7744e3c76fbad7ef1075faa5d7609f7d4df1268da93a51f7c8dd6ca8f5872c48ca7590ac76bf7dfe5518b8b83f30255f9e97c5d4d49d985c0ab5e47c937336bd0fbd9f83a1b6c2f024a56730d550c68c3e9bf93c80ce653fbb943204c542446122af8448a6020689e801f310c6d7747456256e47144d9daeba6e789f0443ddb76522b924b141cbbacb0c670376fbb6ef7fdd31269d30414e674cd9499169bebd370860e61c6fbbd7822468de2f5671ef4cd706a5f8090acbec663b835b0d860e812e03bade3997195a8d9e7c5518df4aaa28c1d4d3af9400c7716b828d5926893f4772399413ea550431f98ac31d762c07aeee8b272602b99ab92561f2dc15fd425de603aae627084d446991f6f15855e2e140b74c401fdce88010d14b58fe25fd2aa801303016ed6f7630772f8b96c37a35c03fdb5e2c94f70889c1f4237f21a4847c6cc71e18723ec6a4b1927681742779485b5a63b7096fe90b7f12d778f3b32264588b480ca6edcae8e272c743fd887f7478968535d38f297488d30434253e738adba09628bec8c5d7ee1ef7391fd634a38dcb2e86f32600a2ce413981a14faf604a1fde9f24f5cd62c2cf3a7742c096081a59088584bf2a712e1eb6000dd5182701436ce2b2d8d7dce607485b54ce7e30ec36a22956f3bc7863a2dbaeaddc1abb6ba38234c9a764ca91ef7d156e4f9ff7d27c98fdf7490570e1a450e0aef30018ed6f9f1d7766f932a982c6450c3679cd27b651c1dc63e68469d27752300a1a07114cc41b2bef7e0f7a99acb70833caa15c5f3abaeddc03dd9159ee92e0c2384bf2727e3d6e7e4d4639026f651bd84dcaf89f25f16af47a68c0e346ff84c11d736c1e1616f70948ec04598df307d332c2d7908314b95606b040e98758046ba5e419a69587f3241ef76c1a1ec1ae2f64468ef3820af806aed89db1f5236bccc1ad114141d42de3d55e11be87f321d49e1531f47fd628660790ad7b4f3d2f4be70664fe3ff4bc95ec95a59a8c3a9f237256a33eba9eb8cc2d71a89aa6f4bd4d36eeeefc5a809f43f3442125bfa3ed1550cf94a98effdd291b814dc6e31d1e4b6bc6cfe2e665afc652e71126b91a2442d6d0395f46a666636902da394080c4e3ab6bac4d24a1ef4b625aa1858e62e51366949c8402b3fe56c77b3af9128ab13ca93097699446f3dbc4230ad07275e9fd8200d551d23899816d8b0758879ebc5efd9043a09eabeccb313793b4ac33bed467b9cabf6aed12d8ddf1ae1da431ad34581ed2ed5fba6b655d31bb9327cd5d65d640096333446491e27fc3678fefd486d4743477c39adfba665761b00a304f1286466787b8e54f4280656d5185d793f8d0384b4c28d439b3afb5703ebd69acaeb38dd2b1e2047e86b88327a27a751ac71a039c4f5db568fa47f7285c7e375a07d532b9563151c7c6af531d60fb2cef071d3fbb1af2ee040278a33c9ba267afca2329608e9621705597c2d28f5f915e6a2e5f8a676c72354f228f1037f488bcd8d30bcde87881bf1d70a70740133b1a21aec0fcf247f0619d8b23973471cb7dbffc079acb0b7d40448eea9327c5ef602280c99ca28cf567cb44ad6d4561984f11c34f5999f20db10df2b41a73f7c08a085f1eb43b874f3063049e12f08a1d023072eff0818b8552ae0da3bd446e838fd3632046029870e86330ed0c1d0bb79e918728a334c8347a0f6b3184c7272c1c361c5d72f8de676c6645324e0e60108b6772f31a5778e02bccf9661b652781f38fcb836159be019de103c52e9ec1ec8f67e0dcc5ca43723cff150b4a4251e1847094a24daa0a5034823bf9f25ad14fe824a4a3bbd4f34137518bdb3e752352a757320be5f33f73f064ce9cbec11b3e80ec957059b52f805753abb6f379a8e3e624cbe9146ef60b5a3939ff077b988edbece86e08c03943ba6c858db622a6de4a070628d723f3433d246ea755bd3e697688dcb204c607b4e6522b77b3892b6d9ec25af3deb765a7f7a8751e46490e724eeeb6658e566e54d5c9d28b26799258c91a85f8b21bb99bd716d03681d148e00de00c91a342e946e46e62e64fb2fa8fa6108e0a4e07145ccac5221581dc85844a1eb6af51f3ec20a4ecfbeeabd13b0b0cc50476fff934ae7ffa1a3f1f9f1d5c7122aa6f873fbfb259444afc76431304cecaaf527242d6a58e6b7e2ddc647f68aa883dd381956d94def07120999018f49b9f9c1a70f7c6935501a35526bea36e68a9fbf80733da01b5418293b1c79db060896eb231a012cd01bc751ec378d7e815d57199dcc990980e2a999b82cb0b783fdf6b40895d7537369a8ddfd1b6ad7026c5f4a2808a06ba3abb8301e3386a30457d7370c0c21ed224c7a06855432908e172988499164113493447e2e7bf9c80b641d8b69d5826d5aa04d909a981b3f493883b3e3cd3dbdbb10529af064c246f099319f9ec8900cac330cdd6481d338ffeba094877669d269b76b5700ee71abbee78905b4887cc06d3b8b8b963c6dcecdb9275442f54e6daa823d785509338bfc56f4d2634c93af66cb10e7c228fa24634e816c80985f2f574a97bb7362dbf16df96bc7ab00fac4c5d4f8cb22ecebedced28c2d3f4ebed92bbd20291bdb35fe164bef96fd6a79f1f8e13eacbb8272ac6a1410a71c5e32ca888c74219c10d58c3da5c89f25457f7f8991ffe6561f3f79d80935e8a7bdf99addd81025ead6489d80ac884715e26618c53ce304c7d41f8cdb07dedb98ab13928f37acf370f727c9aa83a46eda2c74bd4033b47fed5c26dfdaed0fa42436dae59cc765e5de1477d05ffade6469df47a1fd6705cf7eb9985df708a32aef09b1841d46c3d545f298eea534a99454956f0a5c77b3eb2fcab5c6d192981b6ee3b63e8ef576a6cf4aa1c12a0d4410aaed2124665af2c536c7ffb02433bc7c8ac347b0e3ac6aa374b919c216b4072b3f5ea0456ee9dce5675e88e048add6e4dd584af0d3c90e87e82d1fff84cefc87dc806fcd127357360461b3813662355de24c45c36d01498fbebf7dc7c0bd2d061ef0f280c4d92e3503ebf57632c2d9f9378826bd9364a61845cd9fe9573f0f5dcf5abdc59121971e1277ef4f6db1e7638f673e086d36f565e9f7ba21506892baa362bba850a8b80ebcc01398810b03750c24bd6d6a128e40d6958bb29aa08689a5da46037853fd40c01cbc2bbdaeba47042e057c814623fc56aa5e49ee8830fea786e857bec2b14007c0116a828638fd047b796f3feddfd172b9bfe80a8149fae5961aab1d2114189f14248a6314a8cc5e801c517361e25db600c46136e561755b00feecc44ec95ed69786cedec99bcaf91f2b7f9696da94732d380d591d842f0b9aa1c4f1dbd9e3693401a53922f5b466c2f0a07d7f580bc302283538ce0fd24412931f2c63b5b8607dc22d46e82b32eef45b7f68896c11277f2e8bb4b1133a6bdfdbf1bb3ba5b8f1408500f2674a4db11a13503ce938845ae8c9a7083e3adb93f8d138e30a34fd11f2fe60022f11b1059543fbc0cb1f90d8458c2568492814f56c813647b22e2a71a146254ed7a67a345dc833ae101d26491eba9b143197938408efc3ad166c6373ac7cffa6a06cfe24649e7bd47f456ddd98fd2aa3b0e51ff44e4a0c6dc98cb975d7b51ebff0b7c0aa764de5041d7e8e28b7413d0b34a992cb7aab9d525a7772c98c1c0fc9fd6667ed599c71326ab352ff55e68ec6ec881f7913e0b5e1ef12b8c6eed51ff26c07777bcece97f72b1c16650f92abce308810cd0be2f5e4b0e722f1962e98ab7c9f89ead920a580ab516f14f77ca9dd337f74ca2a8d88e27b3beca7b52773b621fe1434c2d96e874078515b42d4dd33392ef483cd654ec0aa328a6e369efa6a58766665868de419a535a6f37532a8ffce23eed4e413582c86db3d9e2db74f5633cb9cde7cceeb857c54644996f814c1a47e475de5ddb725b01db5dbe935007034fb087608f4ea782a9d6d0b97a3ec8e1b9bb87d6d6c9c00e701d7d831f923203127c3abf16414bca00fa06e9ccbb6b8e565ccf9afe43474b10b5cca86ebe3a5865b8b3cc652cc78b6d759ae93f14e0315d4e267d5b124a4e4a8530b35370682b94408d2cdce94d140c3fb8a1360aec255d933fc479cd1e5b208ce72778299da6e7496c576f15616a3be11951f8882bcd052a15c2f3763be188e89504045babec38b75d9fdeb63a2343aef7792c8a5c7f1601cb58d1d41818b8d678ee359cd466e30386bef640b87c4ae7158a3b2956be3b780bb6978752382bea6ee85367f51f3ba4729abba5d1aa8ba02df704cfed81a21bb7fd11e3aa9bc66733cff7f328327ca07ce67d847dd5be9c035ae34b58a5c969b684dc10e35df4d1f5ce49ae98485d096566e8bc486a485b8b60be33ca17e5e9e1d24b5c30b44a7561c61fc4fae5b9ffc972fa996eb417a52429890176aef2731e6c12b40467943d8cb39080125e337ddc6f3ff64d4c4f026d368990a8de775f34dedb7a312bdf0926ca9ce8c5bcc991a4446389d591fb01ef5d4f85aa41def5d41b8d236e08a071c781d63dcf39936ed744b41c479246b0c1ecc8bc19cd32909823ed9dbe7594f5551e1b6a0c9929132e92e8222850ce7965ae56f7262a8361ad83e3f058c1bbc858c4a2909fb0d52ff57f9f7d3695c7c82fb54f13344802fff7b140bb82a6950b31a94705b3fdeaaa541a90d463fd40d605ef041851c57439560b807e5c875b1cb45fad15d271144a39fabbf0dbad02a1927f96f6e771ef4193544663ab86e007ca8d1c8172fd6c4554eb6e2d93d06285455dcf9fe3865146681e9ff50af8ca43a3c42cdfc8ea67ea97325029414f6d412c5a14616c4d659a247c904dedfe5ef553692bce72cb78a89733311b5b634071dcc3a4ff753509ada3f83cd29be60461e698ae4f17913e33177486f2fa436df6f35a76c21dda4da8af7e6c45a211aae7e81b8b404f3a7fea161c7b12b7685367e8bef299d32e462b5da8064e1918783c83d3c25238b8f69426afe852af0b324c41e69c15b48946ad5d88c3b324765e9f13feeceab158e18a45e169a2dbd134edaf7e16a1ce4fa07cdbeb05bf27ddf94ae93dba8ffa887f8ef08fb102960914e2acc0f747b8c34aab7783b73d6bb5581ffe859f09e8f2a53abe58fa4d939ea94a0618b576468f3025da86ef328b2b751580facb4e5adf01d15c2f4b5dd2b8461d4740bc469fa9961c0a73456d17aca45b91f20f3af110091b7fe3d88cbfafc8d84c3182faab61514390f0e2b9a9d5bd40cc448cd13f78af88969d7783f60c15740b99c2259d3490b568ba89b283626871c90d4ada65eb88b446c172cb1b60c377a412304f08d81f9d58ebdf243f91752b4bc2a55977a6d936ec45e0bd606cc00d039b2430194a4e0d08a6ad6481f28e31c0230438c7d3718004fbd3de92fd6332335700413af726c652413c127846c6701479ebccaf4f9f341828a69bb311453cd6e405727d1b791bab5a0177fa92b03b22524b5093547fdb49c60b36cfb3afea37f341463518c768529b4a820993198f69345acc8ec1e0892bd72364b06a166bb3a18c05d969b62d5901d268cb94fa3936178610483214b8d6bdf8593506595f2afc495f961449b3176c8ed3145b8f9eac702205edd639abb50a354ed74e9792538d8a0caffb1106e879f80982a37858ceb87ff86764d2a620366b456a773b7217610b255fc07e75dde81ed362587502b7d9fd4edef4b48779f595fc9f9e93284fb7c33add3697ea9d610b532d075954b139fd8c0ddf22806c2429efeed5fe5c4446163eac8095879972590edffbc0832191241dafd8ae28c83debeb99c3e9addfcf6abf75e5976a95f47323240bef35d14acc482dc4b724d572c570c510d76edad4c557d60e84b2d872e4d1f8b0f7dbac7207d1642ae1b2ec9c4bb850b0d1160597ab224a79d20dc08b1b294271d73c34f40446c5073a37540994cd51bd21d4f39533fbc719a5d29b70c9f2a56a69a35ec3e3cd483e321d91d669263128cb694bc63abbe686dfe92e9bfaf7ecb96d83235e4ed84afd767f889662e64191914055a642aa131d44234a1d66aba6f1432ca6ec17daaa40884e82ed04d8b83de0156442eda5a2b9b2791aafe95719373f91798af59467edd6befb8fe433ccd43ed3494c3dd50d8ea3ef9535909cb0453bb11764f75ab80a75852390d21996aa4e86a5b183b3db0212c9e8649987aca40a81cfe048193f2a70546f65869df21f1aec41cde2cd72ea9ada1b3adbd2f4ae31e62ec1aa73d7dd03ccc10d46c6e9a82c2afe3c1e129502b05259c550e632ceddf4cb93aac73c276507e8d4cf8530c5f6b6c015847faf5e43dccc4e356cc81291080d33cd50cebb273528ed12ec2778f5f78b25c0cd70d57510bdd1618a96295418d902a9fd8d3f12c51abf75e930c3a99ddc39d7456c72c60bf2285582d546d8cba8adc43588e8f18a8e1fad3a77246352b489154afb93dc5626708241b7e34f721272a24c0970b1732d216281aa66470b99b69ff5a912481cc190e59a173ed20631bc760d79e99a5b3a350d4fa7b6e1034c5a332488a535fffda8976e56d6b29fc4a60c18f72d99149b393cbbd9fb837ede77fd3381d7007f5438f521e1c8404ea362097696f4c98fba6e3ccd510cdeae52969732c6d5276622f66abfd481484d5f32b00a9a4c2abd2ac7af686766a90277ddbfba621d0b3b39ef9f2d8eb10c64a2ae135915c149b7eaf94f42d1cb92d0c3282ae9645fb1062a02b036e64169f8f2096ae836d3569f0b2f93b96c36a2f7646b3e43c8dbbc627bd9da85026260e7ffa1257b45a292273360be877ac12e2709548cad8c67661356429065e57459ee6f05f694e8634cddac26c17a912ed698b7c174da83c44d226aa1653b9f726979eb3ab789d618309b4208faa7b6dbbe7cc6b2dff076aad4c069a47dcc3d3702f3fd5b0bf70465b2843c5a2549c7f24498dcf231712b2ae89c1458d78b2e091e833f39dd48881fd4b55da0caf6fbdd50902a0b31e8054ecf94d7feb51dd7c2ed8c582ee3e367e92725c5f2f143130c314e94b6540378d4e11167bd329d79cfa2aedf49f2c60906b4c93aef80b4cbbfb99f5a25792bc2936e8064749b604a8e76588fe95afba0f43f7736726ec5df04989d6d5eca098ed969b9c750567380559b1fa22a6dcc12a7650fa9b68a9864cb470e5ee4a237af3b56060e8fd542bf75c05b95cb314c6692a20144540e8e3605c599068e6ee0478f51c60c921ec208135ef9344929a4cb210753dad3e328e22010dfbc3274ade80e5d4e9fa97a237634427fabfa376e30ecbb4fa638ce252fb2869ecd6262b9c21a275a647eaca5ef1a00673e3502f366c02f22b32910c25de62c06dec416909cd69a1a36a83976d7b4146c01871d673b5bafb3f6f0a848fc1054d4fab25dc99574dfbd5d6d88d52b22d34dcb30bb7ecb7569297d76a8861cbb97e85eb7bb07a8e8367ecb6c30fa653fb7d9f819feed94ff23ba14725a8310d7e541f5996bdb114bc971019c4ef8f3f3e567b8dcf0238e092cc5cc9fd11aa9931071734c50f2f3b79a37f1e185d56a6051ef64377c1dc36d245850f1d621cc4260158f74fabfa01a35d34f71f452979e3e22519190922ca735fc43c074187028f79c8d35516ab6a4342d6706358149bae44f14bddd93c24feab1a5419ae53a5f2f2ad6c6094cd21e1e0c0dcacd4ec049a28f8eedc7997cb17de694e3d108b6ff22bab4d6f2c026c5ce2df73310328cb77f0fb42a6d452075ce613ba2cfcf6a58b87e50c4eed351f5d842d3f7e117459ba7f815069f743d4c67572620ec9e49ed244d8c239dcb8553d4de503c5c001a3f89a80f2a6edd3c249245c8d8066d27d7e83943e6f89dfce1758f695875840cc25e4565bcbc25e0202cf9b232e327d7c7d544577f66664fe7af6fc7b1590b9a65d2d96d07ad9e647f7c9762d558cc2d2f743ea4834b833889c6e3e4b0b89a057e65e6d26f856777cd24862578fdd66757e55c41594a73bb19396f1c62aa1ff89f9738f5282c4605a902e860d19ac0423730e617ed0ebe3329f116818eb2e2182ec4b45830627228e05ab347b249568cef6ffd12e1dbf634f62a86c1cb0980dc3fe6c05bfda949ccdcb9453af53f00cf590c87233e2f1836363a61b5e4c0ef1d146a921c1547e5a53025c42ef78676d17c31d67cc761bf64182724bcd731962eedd80809a623e4c86bf93d0348b3eb8b9c21f00db04c0b7f6fa2d394e1b37c73fa820960a0a1be4676da3865813b32b81178746ec5f428bd0dd20a1be44d36c41c907c486799b61092fab6eea5948ffb70da78f821df099660834ad74f39253212a55d5cc55ae5a3b26576afa2abfc919915edac165c0d506ee2507980c4b2ef1cee2ad0911f6119a3e79b8cb95eecd64c58d2af2f263b0a128ce7ccef2fda3cdadb5aefa320e1575e2536c50ae04b00f9b46d733b9079e21911fc1b64823c57336d56e9f4e6736938365e9577612f3cd689aea72782999f114ffbcd19fe164ecdf51513239af5e4fe3248a54a232352d2e954bebd91b14c36ac53c41eb742f458bcaa27b5d98e4786c26d11ad7078f9e541a47b9acdf53592aafd5da253f038ec30bb5f098b957568887ced541430b0bbfb001d7a48a0df938e96df9e25360b0fe9efadad85c9ee705bc83a39a22dfda31dec023479f60fdf3c4852eac62e41ccfce1bfab673f83e32f666e125557f24ed07b85fd7c84a8fc1db034793fdb56bf59251e97cb5ebfa153de1bcac974887b34b4b2bf00cfb0f06dab3c3546c3e104890746b731ef0ae3245eb458dd8dfddbf027db62bd999b4baad6f76d140b18b8a89007b2996d3dbff82bf7793f56b35761f2075c5a766cb09aa924cff733a7e05124a36e70b1ca1194a8e7605965f2b00d8c73a1a6072c06e5387f433baa1fe08a63d9891fd27a25334f48260ec0480d8e388cfe743c1e40e44506ecd4a29b99ce311c554d2dee3f11e6ca7f8ca4d7d48eaac0c7a3c497cf3041b95063e61d00f261e85aeeade0d94516bb342b3ccc69949a4a5195f0156125f894ceda57d78b1d04798ee9c8a237f581ffc763d32b91a9c33d731d86a6b351a64103162173d01da3e426c67b6b3228ecbc1fdc5f7d6225d5759477e60d3bb4ba3ad1c6f300087e0717882bf8cd933b9e286e83e66630bf44120125574c5f9c4e980ee3b94f3f056812e17358fe9a510a0b665cc19915627e41e2a647e23267294ab9667665f000a6839f1b972dfc7455b16294fdf3ad2baa20c57508b30ae465627447ccccf1565341419e13d2e21b27ce9d7113a3f1e7497bb74ac6690d546e8a4d676d97533fac604c67a0d6f90591aee77eafdd3cb2921554384524113c7bf1a1ed66e82f94885392e0a660ffcde4e41517c3ebc52af5a15c94ac9f4176a0a5362efced3445cabe66db8f7102a81e3cab0b6b729f30636cd64518494cb10fc1b647a0882f91cda0b14c44441ed8d4972783d251c7cdbf129eaa5074dfea6d867f2325eb6522f96d590f615375c2d62c2d700a35e3ebba6c5d05bb846f8a932f9b120f17cd2d18ef60bdb7b5b25ad44204ba1c13c3b0ceee8fb78a70e68bd9cde0b6cb4662f6b2d6d1907ac92adf34fa298f18b1db93855db5a57bebf087ed690b6b1141d9695cb541870b79bedf52088c84ea327e74af17494c1a4c344f2ed57b8a8f1893b72be8b20f7d0a4b6035c408287920946db93a4a98a5ae2289969619a081653c24292e8b9766ec4044ee17d02695217e15fae8d516861d3236b0290b51172a0a411a2e6f73e812c085645bb0ab144692dd3a883d3f0f72cce7f902d40b57cca602a8837392301a87eb1edcc718d935c3bd7c86ceacb0b735a48bcc3278676230107030fc4daa742ade31efd9b379849c71cb5dc41319c1f148cb52288f0c4d7af66e2c7f4f8190f0b82c5c8e38c1727050a3eb1856322f88f1a1b83e68811cba861cd1fe51bf53bac0b89f796acc002b156f9e4ce579976b58e7f0776d20b8e6b9586f1c7ac1d49ad013423c5123be1a0abd84b802d907ab0e75a5598de561ac9177b2fb89e3048adef57e04ccb2934c936f584999d78e7360448e349d828470ae12c727b32195ee3b7ff9d75361624f301db914355d1737cd8a47b6201920e2d767bc87b92fea2fb96eb2329a5d8a605ddb305744727b3edb298a6881e03773e2fa21eb1d8e711028e4afb99a0e11f06dbd5affe9c5fb2443664f524058e29b4d451526ff59bcced28ce161b9b14e2ecda37e9a7b3a325b09a906d60a6d8deaf5078b701cf90420d5d8e0a5183c19c045c2a13ed2e376dff224179d3eaf5127edb946531ed0ebdda93baaab714d3a18744c11ef11c12b26e53f909c087e208897b026b8e86a2f6845c727f042d763816a5c3066bf749ed485d2be213e1be94fe207724fa11c2413d2af0ec30ca5254e654684ff10241e3f66f5aba415dde0e20931271928f36d3e3ac7c4b81939275ca676d6b55a54b82b6744adc01bad9e58f8667cd2b048d283827cb221e8d413c7834ce0827626218210b3e78b51896cb1cd1adb54f0cfe82d6054f8ae282e83c7fe9fad7cd4725ed49f67b4fcc697939d3055ad4a3f4ecfd81e9af2d794f8657ba37c01cd72fef5effe9019c2fbc560efff36b8214d5c8e2d4fae91a8c35baf41e5230268aa8d2f76082ad3e9b5305491df9343176d3eaa6a75a78e45e193577666b0997aeea2d63fc92bbdc39e44ef49562de16e5e0a1640e183de52588cd0f72d73d2758174e769b7878e7dbd204a36c54aac972b211511fe2781a50a7b337d5f9cf52d2bd4941bc45d153d9ee162e59ab11538d516c74e144a0fa30d0275a984a19076c0a1d4debec46574a57456a06b51648e4b8131d0cfeb7a8dcf7d90efcfaa4cb2eacdb55dc583d151751e3bfc18ee420592d78a9fe24e350d1a1815c235d8180b3f9082dd38a225bc5e70471382b6f2775cf310c96bd67cafb99d8521df5c6c90f868e255f7d1815a65686e0b8262cb5c121f26b08e952e015b9976a1a41fbe9c1801ac6a362db171b0a74b01e01512286f05581aef00759c0db9a1e9f1d768c8b827edf00c5937969f720fc5f0ac141353209aeb09d1812e0ac5ce66199f6167dd2cc682f1ef8740b8bf56323ab6a15080f5494e81d0928a88c362c38c4f7057c5b651dcf0d29893cb8f2f63d3a0fc745e67210ed98f7935804087da8f538a87ec0c7cb20f7f5553e76df258c37867db0a59518f6a048b40bc8af32604d6f2ad416aaefc9fa694c45919875c012bf29515932987c7e51b9eb082a4e3c14a0789e5553af04aa2ef19033f4de0c3f5919ee59dae37bcb72380c65df6a0555fb82b69616936d593dff1682ac1b9415ab52d7561344184290e5c8afb82267abebb8cf7f85e1acb95248be051b3a55d84d4c21197fa67de36a7055ce19e1b0e14257158ec8c773cd852288bc48c2fa8e8d01be5d10a34babca481355d3abf5a3befefc79748e3f5d16bdd9d6002716cfcfcf86f2fcbcc3d928d09abe5f1805922a912cfadbdbd94657280922e8822c5146b8185d3c7f0ea6e5e0fccfb5c182bf40ee0c497e462602f119abfde73a8ead74ca68503fe730bf2dcd70983572b2b590f75f25ec5e06bab01f6f97752f0eb987ad0bdeb7351a1bb8100a0dae321d6c6a05a4b0089220a97e0b00fa051254c9b3cb90d3030381b909218ced13729586116fe1d0eebd56d8ffaff2cbbb719577d8e7734819939b3532b449bb3ce46bb5aefa178bb0ee2a34fff6a6d4535121a0a1d1c2205bc54f16b6e2c2dd57122e77c95e0e143cdc6e3969df4479d587fb84d58d4fabe5a2df7489349c124bda893cb30f0c32bc3d131ba7f665d5a4d7e0207d6c2d5fa333cdf3bc1612cb896eb1da96b3ba0e768ee18267ace61138484e62f575b2b2101c7140f6c4b3f2792ab9ba6910c5caa534ee206676a33ff9aca1606b709e613a2de6ed8b07d8ce0b906baaffb95989d36ec6356cbb652739032c479989b2e753a66e5c05fa36f3b25e53803d05414cd5f051cb4f8ec65a692c441d61773c7489eaf1a4bd203690211bd629b2ad2b6d98130cb1b431a396de1939b945206635c91918ab45e1053f1d37c8e4dd79115d84f5c632a56d00bb5136d0ff80b40c3986393b47a51d46dbc7545e785cc2ab3edc6c4cb5c9094bae1a8a04617b4540140a2adbca90ee838d11b1053e7400ff29c9cc3801c045bbc2f97123ce49e4cf65cf3f2cbbc938b13a550a74de864cc41c476f109c58fad764f8b808bcc9767c20b992704667c2177abb671735d094ff36ba3cf7fd35a3ff3695b71ea93b114249c3d2f74f22fdb33849fcb2e0f874688f09b9a7af5651e87f954f98d1b34140b2082b0daa72eba554998686df57886e1e2736127ae0cce570762cc895b382dd330cb9794eb673d167d90749124aea93771caa00051947f0b301a47d1489a874d533ed407774fb86d8def55a07cf313440898adaa9eba2e30059f31bb65aabea347f17fe28d76630fad4ce9640d5af7fe3097163e4e12ebbf299d6e167c923636d8af782f5f20b7e4db1dccdd35a5eea094701af6c69fa940e45c0e647e4f4ff5dfa66e1268f449aed393ee961fd9666e35d6f6684f8287664588fe4d89d20c2b9955d8e7b75f63ebd9cbbaf1b634cc29dccd1a087aa077102afc50ef803440beee153998092e138243ece435b957da48e6ebc45ece33584c192f3fcb4960ab854a48cb4f348305f95c9bac66d3331c853859a26f4b9179172f5865f066aa9ab2e48578cdc1f3d4f7a400fe76a9956a7b817604267e400830d97daebfc03aa89604970162635b528f4d667ed8f37d208c9326d7d313d546eb962703d8d1a19d7ac2a643b8e553e816ee4a9e98206acca31ff7ee6b5ee5e9a7348e376373014678957b8e74db1ec4ad0028577deb06ad637030e277ff192f520c315036437cb3563c3d4de189efd9390ff0ec55733f712752b8bdf645da9ece614674d7fc982b4f76570fd467dfd19bfe80d2df6ff85b34350054e20d3be1f421c97b8864faa393e7d62b32003be8fddbc677646f0685d35988c4dd1d39b09c18dc299fa14428fce60434f1fdbcf7067d25abe0c933637b7031e82d823bd71d3872ac64c481e40fe282d4ec35eea23361530bd8a26c10dc1fb3d9470c2cdeb90c6679991bee72dc2bbeaaa9fdf96ea456017d26c9b46a9f1f127b517869a9116b33e9203889dcd83d044cd6bc4b48f3540dad4c3dc2b134c798825350d42fc3190ddf8d8e5bc509e53d3ab2c565c785700eea141a84a34f2756aacb13cd3a567fd45d7fc5304c1f85e30c66b074b7b37b46f1c72008cb07012f9addfae8ba90ffec6942ac70f4ea1960b2e2f0ce6a4b6bd123dcf23a96ef97b60af0e48664c29d4bac1d11e9a3dfc9662de341d5c16e1f961ed8fc78009847c15d86cfc28113bf6ce78695d0961c0073ae4946c4207bf27d642e9bb2e0419cfefacbf74769c3654b5f75cdd63020bcbe4ae4f2f6e32a3063ccae39468ad9e8d3e03987b0a7c615bc71274df42ab48c6514ebc4bd87642b17cece33cdd4495934af4628fe09fea9ba78e96fb321eb26fc5cf176ea4aff564fa35bca15bce17ac401e7d1bbc86456777fb7488786ae25204d8408c4b39b4a9243121b4c6fa228eff178de80d09d55baa77a903a07cd838543bf76bbbf3c0428576a3af2245c860aeef3400462e80af532ee19ff9ff1c58d0e51e73a15591005f9b85dda564679d2626f0ce9d6bac1bbe89532eec050be86c9230efc93f557f705a0f730074da782f5872e2a583c37b31625ac7c822f0b3df2d14d4cc252b36edb96cd02cff5cb57cc260df943726ad799a73e28ac762b45ec21d96cd8db8d738e0735535170c7f7119bdfc6498459379ac4460fe540799557ce4d169df9a7bc124c2ced64c6c5c707ab8f84c78831a6d589f3569a0ad4cd511b696923262346e20c6dfa531e9444a6fda6ccc2b11bc043fa427dcea78c65287a125ff4da9f5f21dfb016ea7165fdc2c45626bee373631300d010a
"10450603"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e611b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff
"mixer1"= c_450573.nls

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\barusaya.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft-Indexerstellung.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk
backup=c:\windows\pss\Microsoft-Indexerstellung.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Start.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk
backup=c:\windows\pss\Office-Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Pierre^Startmenü^Programme^Autostart^DW_Start.lnk]
path=c:\dokumente und einstellungen\Pierre\Startmenü\Programme\Autostart\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 17:54 57344 c:\programme\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
--a------ 2007-06-26 19:27 312320 c:\programme\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\programme\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\OpenVPN\\bin\\openvpn-gui.exe"=
"c:\\Programme\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Programme\\Oracle\\ODrive\\ODFWAgent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R1 TDFSD;TDFSD;c:\windows\SYSTEM32\DRIVERS\tdfsd.sys [2007-02-09 939072]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\SYSTEM32\DRIVERS\ikbf5.sys [2008-08-26 11688]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [2006-10-01 26624]
R4 AntiVirMailService;Avira AntiVir Professional MailGuard;c:\programme\Avira\AntiVir Workstation\avmailc.exe [2009-01-08 164097]
R4 antivirwebservice;Avira AntiVir Professional WebGuard;c:\programme\Avira\AntiVir Workstation\avwebgrd.exe [2009-01-08 258305]
R4 AVEService;Avira AntiVir Professional MailGuard Hilfsdienst;c:\programme\Avira\AntiVir Workstation\avesvc.exe [2009-01-08 41217]
R4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R4 OdService;ODrive Service;c:\programme\Oracle\ODrive\XfsSvcCon.exe svcmanager --> c:\programme\Oracle\ODrive\XfsSvcCon.exe svcmanager [?]
R4 U3sHlpDr;U3sHlpDr;c:\windows\SYSTEM32\DRIVERS\U3sHlpDr.sys [2007-10-02 8959]
S1 I8042PRTT;I8042PRTT; [x]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer;"c:\programme\GE Fanuc\Proficy CIMPLICITY\exe\ptopc.exe" --> c:\programme\GE Fanuc\Proficy CIMPLICITY\exe\ptopc.exe [?]
S3 OracleCSService;OracleCSService;c:\oracle\product\10.1.0\Db_2\bin\ocssd.exe service --> c:\oracle\product\10.1.0\Db_2\bin\ocssd.exe service [?]
S3 OracleOraDb10g_home1SNMPPeerEncapsulator;OracleOraDb10g_home1SNMPPeerEncapsulator;c:\oracle\product\10.1.0\Db_2\BIN\ENCSVC.EXE --> c:\oracle\product\10.1.0\Db_2\BIN\ENCSVC.EXE [?]
S3 OracleOraDb10g_home1SNMPPeerMasterAgent;OracleOraDb10g_home1SNMPPeerMasterAgent;c:\oracle\product\10.1.0\Db_2\BIN\AGNTSVC.EXE --> c:\oracle\product\10.1.0\Db_2\BIN\AGNTSVC.EXE [?]
S4 OracleJobSchedulerabc;OracleJobSchedulerabc;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe abc --> c:\oracle\product\10.2.0\db_1\Bin\extjob.exe abc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
c:\windows\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
Inhalt des "geplante Tasks" Ordners

2005-02-23 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 15:00]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{1fcfafe1-72bc-417e-870f-1a3a17f16ad5} - c:\windows\system32\nukiyofi.dll
BHO-{31BAA2C9-DBA3-40DE-B29A-99AE4994B506} - c:\windows\system32\wvUnOgfe.dll
BHO-{5C60D886-9F08-824D-6B59-7FE119ECEC02} - c:\windows\system32\twueafexlkhq.dll
HKLM-Run-CPM47eca151 - c:\windows\system32\besigaza.dll
HKLM-Run-fubepohuhu - c:\windows\system32\bivayuye.dll
Notify-tuvULDut - tuvULDut.dll
MSConfigStartUp-44df92cd - c:\windows\system32\xadhaaus.dll
MSConfigStartUp-CimSync - c:\programme\GE Fanuc\Proficy CIMPLICITY\exe\cimsync.exe
MSConfigStartUp-NI - c:\dokume~1\Pierre\LOKALE~1\Temp\winvsnet.tmp
MSConfigStartUp-UpdateManager - c:\programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-wcupyfzcewhxnmyu - c:\windows\system32\twueafexlkhq.dll
MSConfigStartUp-webHancer Agent - c:\programme\webHancer\Programs\whagent.exe
MSConfigStartUp-{F9-92-26-62-DW} - c:\windows\system32\rrwnw64m.exe


.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: avsda.dll

c:\windows\Downloaded Program Files\ipeditor.ocx - O16 -: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C}
hxxp://pcc-apps1.promatis.de/content/static/ecm/activex/Enable_Edit_In_Place.cab
c:\windows\Downloaded Program Files\ipeditor.inf

O16 -: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\dokumente und einstellungen\Pierre\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 15:37:50
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\system32\c_450573.nls 125952 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\XDNP.dll

- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\avsda.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\programme\Avira\AntiVir Workstation\sched.exe
c:\programme\Avira\AntiVir Workstation\avguard.exe
c:\programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
c:\windows\SYSTEM32\hasplms.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Oracle\ODrive\XfsSvcCon.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
c:\programme\TortoiseSVN\bin\TSVNCache.exe
c:\programme\Oracle\ODrive\ODFWAgent.exe
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-01-12 15:46:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-01-12 14:46:38

Vor Suchlauf: 19 Verzeichnis(se), 85.685.903.360 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 86,004,809,728 Bytes frei

276 --- E O F --- 2008-11-12 15:26:40

Bonjour jlpjlp,

J'ai fait le scan avec MalwareByte's Anti-Malware et j'ai aussi mis en quarantaine les objets trouvés.
Par contre je n'ai recu qu'un seul rapport. Et je n'ai pas de dossier C:\rsit

Merci de ton aide !

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1646
Windows 5.1.2600 Service Pack 2

13.01.2009 08:42:17
mbam-log-2009-01-13 (08-42-17).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 213227
Temps écoulé: 16 hour(s), 25 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP416\A0352064.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP416\A0352298.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0366716.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0367689.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0368814.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0369150.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0369606.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP417\A0369742.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP418\A0370244.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP418\A0371599.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379345.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379349.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379350.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379351.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379353.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379355.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379356.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP426\A0379437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP427\A0380520.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\reweuluyhpgdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

J'ai tout de même fait un log hijackthis.

Merci !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:30, on 13.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Workstation\sched.exe
C:\Programme\Avira\AntiVir Workstation\avguard.exe
C:\Programme\Avira\AntiVir Workstation\avesvc.exe
C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Oracle\ODrive\XfsSvcCon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Programme\Avira\AntiVir Workstation\avmailc.exe
C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\OpenVPN\bin\openvpn-gui.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Workstation\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Oracle\ODrive\odrive.exe
C:\Programme\PrintKey2000\Printkey2000.exe
C:\Programme\Oracle\ODrive\ODFWAgent.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: NBHO1 Class - {53F53E00-4C2B-43E5-8AF0-D3C863E8FC65} - C:\Programme\NetOp School\STUDENT\NBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Oracle Drive.lnk = C:\Programme\Oracle\ODrive\odrive.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://pcc-apps1.promatis.de/content/static/ecm/activex/Enable_Edit_In_Place.cab
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\fefiyiri.dll C:\WINDOWS\system32\tabisape.dll c:\windows\system32\pefedamu.dll c:\windows\system32\ C:\WINDOWS\system32\barusaya.dll c:\windows\system32\ c:\windows\system32\besigaza.dll
O23 - Service: Avira AntiVir Professional MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avmailc.exe
O23 - Service: Avira AntiVir Professional Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\sched.exe
O23 - Service: Avira AntiVir Professional Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avguard.exe
O23 - Service: Avira AntiVir Professional WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Professional MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avesvc.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Intelligent Platforms - C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
O23 - Service: CIMPLICITY Advanced Viewer - Unknown owner - C:\Programme\GE Fanuc\Proficy CIMPLICITY\exe\ptopc.exe (file missing)
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: ODrive Service (OdService) - Oracle - C:\Programme\Oracle\ODrive\XfsSvcCon.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\Db_2\bin\ocssd.exe (file missing)
O23 - Service: OracleOraDb10g_home1SNMPPeerEncapsulator - Unknown owner - C:\oracle\product\10.1.0\Db_2\BIN\ENCSVC.EXE (file missing)
O23 - Service: OracleOraDb10g_home1SNMPPeerMasterAgent - Unknown owner - C:\oracle\product\10.1.0\Db_2\BIN\AGNTSVC.EXE (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Voila j'ai tout fait ce que tu m'as dit. Je suis en train d'installer IE7.
J'ai collé le rapport demandé.

Encore merci!

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\fefiyiri.dll not found.
File/Folder C:\WINDOWS\system32\tabisape.dll not found.
File/Folder c:\windows\system32\pefedamu.dll not found.
File/Folder C:\WINDOWS\system32\barusaya.dll not found.
File/Folder c:\windows\system32\besigaza.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOKUME~1\Pierre\LOKALE~1\Temp\vmware-Pierre\vmware-vix-Pierre-2064.log scheduled to be deleted on reboot.
File delete failed. C:\DOKUME~1\Pierre\LOKALE~1\Temp\etilqs_BIdPonIzjogOVSVAaABw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_71c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0450a.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0450d.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_104544

Files moved on Reboot...
C:\DOKUME~1\Pierre\LOKALE~1\Temp\vmware-Pierre\vmware-vix-Pierre-2064.log moved successfully.
File C:\DOKUME~1\Pierre\LOKALE~1\Temp\etilqs_BIdPonIzjogOVSVAaABw not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_71c.dat not found!
File move failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT0450a.TMP not found!
File C:\WINDOWS\temp\ZLT0450d.TMP not found!
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_001_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_002_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_003_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_MAP_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\urlclassifier3.sqlite moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\XUL.mfl moved successfully.

Merci pour tout !
Tout fonctionne correctement maintenant !

++

Bonjour jlpjlp,

J'avais déjà manuellement effacer quelques programmes de désinfections mais j'ai tout de même utilisé ToolsCleaner.
Mon ordi fonctionne correctement, par contre au démarrage, antivir me trouve toujours le même trojan. Je le mets parfois sous quarantaine parfois je l'efface. J'ai fait une analyse complète du disque avec Antivir et Malwarebytes mais rien n'a été trouvé. Et Antivir reconnait toujours ce virus au démarrage de l'ordi. Il s'agit toujours du même fichier:
C:\WINDOWS\SYSTEM32\c_450573.nls et il est infecté par Yaludle.A.

Merci pour tout !

Rapport TCleaner:
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\_OtMoveIt: trouvé !
C:\Programme\HijackThis: trouvé !
C:\Programme\Hijackthis\HijackThis.exe: trouvé !
C:\Programme\Hijackthis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Programme\Hijackthis\HijackThis.exe: supprimé !
C:\Programme\Hijackthis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Programme\HijackThis: supprimé !

Voici le rapport OTMovedIt. (Il y a toujours le message de Antivir au démarrage sur le même fichier):

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\SYSTEM32\c_450573.nls not found.
========== COMMANDS ==========
File delete failed. C:\DOKUME~1\Pierre\LOKALE~1\Temp\vmware-Pierre\vmware-vix-Pierre-2628.log scheduled to be deleted on reboot.
File delete failed. C:\DOKUME~1\Pierre\LOKALE~1\Temp\etilqs_riw48Nh9EZIVbULdEUhW scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_67c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0323b.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0323e.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_140305

Files moved on Reboot...
C:\DOKUME~1\Pierre\LOKALE~1\Temp\vmware-Pierre\vmware-vix-Pierre-2628.log moved successfully.
File C:\DOKUME~1\Pierre\LOKALE~1\Temp\etilqs_riw48Nh9EZIVbULdEUhW not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_67c.dat not found!
File move failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT0323b.TMP not found!
File C:\WINDOWS\temp\ZLT0323e.TMP not found!
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_001_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_002_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_003_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\Cache\_CACHE_MAP_ moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\urlclassifier3.sqlite moved successfully.
C:\Dokumente und Einstellungen\Pierre\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\98ppq5km.default\XUL.mfl moved successfully.

Et enfin le rapport info.txt:

info.txt logfile of random's system information tool 1.05 2009-01-20 14:10:03

======Uninstall list======

--> UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
AFPL Ghostscript 8.54-->C:\Programme\ghostscript\uninstgs.exe "C:\Programme\ghostscript\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Programme\ghostscript\uninstgs.exe "C:\Programme\ghostscript\fonts\uninstal.txt"
Ahead Nero - Burning Rom-->C:\WINDOWS\UNNERO.exe /UNINSTALL
Altova XMLSpy® 2008 rel. 2 sp2 Enterprise Edition-->MsiExec.exe /I{C51C9169-0D09-4D7F-A8E8-0E6D21D80721}
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Professional-->C:\Programme\Avira\AntiVir Workstation\SETUP.EXE /REMOVE
Broadcom Management Programs-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1031
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Income Suite 4.8-->"C:\Programme\IncomeSuite\unins000.exe"
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java 2 SDK, SE v1.4.2_04-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142040}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
M4 Common Licensing-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3E6AE45D-B78E-4B52-9688-C99C193EBDFC}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Programme\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0407-0000-0000000FF1CE} /uninstall {1210247F-E6C1-4F95-8BCF-99D6D7920911}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio MUI (German) 2007-->MsiExec.exe /X{90120000-0054-0407-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visio Viewer 2003 (Deutsch)-->MsiExec.exe /I{90520407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Notepad++-->C:\Programme\Notepad++\uninstall.exe
OPC Core Components Redistributable-->MsiExec.exe /I{75F9DAD1-792C-44E9-B48B-2E22C76E0CBF}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
OpenVPN 2.0.9-gui-1.0.3-->C:\Programme\OpenVPN\Uninstall.exe
Oracle Calendar-->MsiExec.exe /X{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle Drive 10.2.0.0.5-->MsiExec.exe /X{36526921-1CF8-4F95-92BA-85C77CB2D444}
Oracle JInitiator 1.3.1.28-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
Oracle Messenger-->"C:\Programme\Oracle\Messenger\setup.exe" -u
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
Proficy Change Management Client API-->MsiExec.exe /I{B51C3054-111A-4ADA-B8B5-49EA6FC85860}
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Visio 2007 (KB947590)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update für Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VMware Server Console-->MsiExec.exe /I{0FD23E02-2BFB-4BEC-8823-FE984F83F161}
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP-Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: AntiVir Windows Workstation

System event log

Computer Name: CLASS1
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 14803
Source Name: Service Control Manager
Time Written: 20081204093906.000000+060
Event Type: Informationen
User:

Computer Name: CLASS1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.

Record Number: 14802
Source Name: Service Control Manager
Time Written: 20081204093905.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: CLASS1
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 14801
Source Name: Service Control Manager
Time Written: 20081204093905.000000+060
Event Type: Informationen
User:

Computer Name: CLASS1
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 14800
Source Name: Service Control Manager
Time Written: 20081204093904.000000+060
Event Type: Informationen
User:

Computer Name: CLASS1
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 14799
Source Name: Service Control Manager
Time Written: 20081204093849.000000+060
Event Type: Informationen
User:

Application event log

Computer Name: CLASS1
Event Code: 1001
Message: Erkennung von Produkt "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" und Funktion "V2V" fehlgeschlagen beim Anfordern von Komponente "{374AD465-19A0-459C-B05E-3528CC0D817E}".

Record Number: 10614
Source Name: MsiInstaller
Time Written: 20081209162700.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: CLASS1
Event Code: 1004
Message: Erkennung von Produkt "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}", Funktion "V2V" und Komponente "{FC3E0B6E-F62B-11D1-B144-00C04F990B2B}" fehlgeschlagen. Die Ressource "C:\WINDOWS\system32\comdlg32.ocx" ist nicht vorhanden.

Record Number: 10613
Source Name: MsiInstaller
Time Written: 20081209162700.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: CLASS1
Event Code: 11729
Message: Product: VMware Workstation -- Configuration failed.

Record Number: 10612
Source Name: MsiInstaller
Time Written: 20081209162700.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: CLASS1
Event Code: 11706
Message: Product: VMware Workstation -- Error 1706. No valid source could be found for product VMware Workstation. The Windows Installer cannot continue.

Record Number: 10611
Source Name: MsiInstaller
Time Written: 20081209162659.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: CLASS1
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 10610
Source Name: SecurityCenter
Time Written: 20081209162407.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"JAVA_HOME"=C:\Programme\Java\jre1.6.0\bin\
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%JAVA_HOME%;C:\Java10g\j2sdk1.4.2_04\bin;C:\oracle\product\10.1.0\Db_2\bin;C:\oracle\product\10.1.0\Db_2\jre\1.4.2\bin\client;C:\oracle\product\10.1.0\Db_2\jre\1.4.2\bin;C:\Programme\ATI Technologies\ATI Control Panel;c:\programme\putty;c:\Programme\Microsoft SQL Server\90\Tools\binn;%CIMPATH%;C:\Programme\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0304
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"tvdumpflags"=8

-----------------EOF-----------------

Voici le rapport RSIt-HijackThis: (Désolé du doublon, je n'avais pas vu que j'avais répondu à moi-même)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Pierre at 2009-01-20 14:09:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 81 GB (54%) free of 150 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:58, on 20.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Workstation\sched.exe
C:\Programme\Avira\AntiVir Workstation\avguard.exe
C:\Programme\Avira\AntiVir Workstation\avesvc.exe
C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Oracle\ODrive\XfsSvcCon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Programme\Avira\AntiVir Workstation\avmailc.exe
C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE
C:\WINDOWS\notepad.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\Avira\AntiVir Workstation\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Oracle\ODrive\odrive.exe
C:\Programme\PrintKey2000\Printkey2000.exe
C:\Programme\Oracle\ODrive\ODFWAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Pierre\Desktop\RSIT.exe
C:\Programme\trend micro\Pierre.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Oracle Drive.lnk = C:\Programme\Oracle\ODrive\odrive.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://pcc-apps1.promatis.de/content/static/ecm/activex/Enable_Edit_In_Place.cab
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O23 - Service: Avira AntiVir Professional MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avmailc.exe
O23 - Service: Avira AntiVir Professional Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\sched.exe
O23 - Service: Avira AntiVir Professional Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avguard.exe
O23 - Service: Avira AntiVir Professional WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Professional MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\Avira\AntiVir Workstation\avesvc.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Intelligent Platforms - C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
O23 - Service: CIMPLICITY Advanced Viewer - Unknown owner - C:\Programme\GE Fanuc\Proficy CIMPLICITY\exe\ptopc.exe (file missing)
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: ODrive Service (OdService) - Oracle - C:\Programme\Oracle\ODrive\XfsSvcCon.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleCSService - Unknown owner - C:\oracle\product\10.1.0\Db_2\bin\ocssd.exe (file missing)
O23 - Service: OracleOraDb10g_home1SNMPPeerEncapsulator - Unknown owner - C:\oracle\product\10.1.0\Db_2\BIN\ENCSVC.EXE (file missing)
O23 - Service: OracleOraDb10g_home1SNMPPeerMasterAgent - Unknown owner - C:\oracle\product\10.1.0\Db_2\BIN\AGNTSVC.EXE (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
End of file - 6728 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"openvpn-gui"=C:\Programme\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"vmware-tray"=C:\Programme\VMware\VMware Workstation\vmware-tray.exe [2007-08-21 72240]
"VMware hqtray"=C:\Programme\VMware\VMware Workstation\hqtray.exe [2007-08-21 55856]
"avgnt"=C:\Programme\Avira\AntiVir Workstation\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft-Indexerstellung.lnk]
C:\PROGRA~1\MICROS~3\Office\FINDFAST.EXE [1997-09-03 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Start.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA.EXE [1997-09-03 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Pierre^Startmenü^Programme^Autostart^DW_Start.lnk]
C:\WINDOWS\SYSTEM32\rrwnw64m.exe DWmmm01FF []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Oracle Drive.lnk - C:\Programme\Oracle\ODrive\odrive.exe
Printkey2000.lnk - C:\Programme\PrintKey2000\Printkey2000.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\barusaya.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\OpenVPN\bin\openvpn-gui.exe"="C:\Programme\OpenVPN\bin\openvpn-gui.exe:*:Enabled:openvpn-gui"
"C:\Programme\Java\jre6\bin\jusched.exe"="C:\Programme\Java\jre6\bin\jusched.exe:*:Enabled:jusched"
"C:\Programme\Oracle\ODrive\ODFWAgent.exe"="C:\Programme\Oracle\ODrive\ODFWAgent.exe:*:Enabled:Oracle Drive Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-01-20 14:09:39 ----D---- C:\rsit
2009-01-20 14:09:39 ----D---- C:\Programme\trend micro
2009-01-20 14:03:05 ----D---- C:\_OTMoveIt
2009-01-20 11:17:20 ----A---- C:\TCleaner.txt
2009-01-14 08:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 15:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-01-13 15:47:55 ----D---- C:\WINDOWS\ie7updates
2009-01-13 13:50:04 ----D---- C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten\Avira
2009-01-13 11:01:28 ----D---- C:\WINDOWS\WBEM
2009-01-13 11:01:27 ----D---- C:\WINDOWS\system32\de-de
2009-01-13 10:59:31 ----HDC---- C:\WINDOWS\ie7
2009-01-13 10:59:12 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-13 10:58:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-13 10:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-13 10:56:43 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-13 03:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-13 03:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-13 03:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-13 03:10:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-13 03:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-13 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-13 03:07:13 ----A---- C:\WINDOWS\imsins.BAK
2009-01-13 03:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-12 16:13:00 ----D---- C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten\Malwarebytes
2009-01-12 16:12:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-01-12 16:12:35 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-01-12 15:54:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
2009-01-12 15:54:41 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2009-01-12 15:54:41 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2009-01-12 15:54:41 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2009-01-12 15:54:40 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2009-01-12 15:54:37 ----A---- C:\WINDOWS\zllsputility.exe
2009-01-12 15:54:21 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-01-12 15:54:21 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2009-01-12 15:54:20 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-01-12 15:54:20 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-01-12 15:54:17 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-01-12 15:54:16 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-12 15:54:16 ----D---- C:\Programme\Zone Labs
2009-01-12 15:54:16 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-01-12 15:54:16 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-01-12 15:54:16 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-01-12 15:54:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-01-12 15:53:34 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-01-12 15:53:33 ----D---- C:\WINDOWS\Internet Logs
2009-01-12 15:53:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-01-12 15:53:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-01-12 15:50:50 ----SHD---- C:\RECYCLER
2009-01-12 15:28:03 ----A---- C:\WINDOWS\zip.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\VFIND.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\SWSC.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\SWREG.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\sed.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\grep.exe
2009-01-12 15:28:03 ----A---- C:\WINDOWS\fdsv.exe
2009-01-12 15:27:34 ----D---- C:\WINDOWS\ERDNT
2009-01-12 13:51:17 ----D---- C:\Programme\CCleaner
2009-01-12 13:04:11 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-12 12:03:30 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-01-08 10:12:06 ----A---- C:\WINDOWS\system32\avsda.dll
2009-01-08 10:12:05 ----D---- C:\Programme\Avira
2009-01-08 10:12:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-01-08 08:39:57 ----D---- C:\Programme\Spybot - Search & Destroy
2009-01-08 08:39:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-01-20 14:09:39 ----RD---- C:\Programme
2009-01-20 14:07:46 ----SHD---- C:\WINDOWS\Installer
2009-01-20 14:07:46 ----SHD---- C:\Config.Msi
2009-01-20 14:07:46 ----D---- C:\WINDOWS\Temp
2009-01-20 14:07:09 ----D---- C:\Programme\Mozilla Firefox
2009-01-20 14:06:59 ----D---- C:\WINDOWS\SYSTEM32
2009-01-20 14:06:17 ----D---- C:\WINDOWS
2009-01-20 14:06:01 ----D---- C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten\VMware
2009-01-20 14:05:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 14:03:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 08:25:44 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-15 11:31:08 ----D---- C:\WINDOWS\Prefetch
2009-01-14 09:38:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-14 09:38:12 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-01-14 09:11:54 ----D---- C:\Programme\eclipse
2009-01-14 09:07:57 ----D---- C:\Programme\eclipse2
2009-01-14 08:46:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-01-14 08:45:28 ----HD---- C:\WINDOWS\INF
2009-01-14 08:45:23 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-01-14 08:44:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 08:35:52 ----D---- C:\Programme\Internet Explorer
2009-01-13 15:51:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-13 15:51:10 ----D---- C:\WINDOWS\WinSxS
2009-01-13 15:32:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 11:26:54 ----D---- C:\Programme\Mozilla Thunderbird
2009-01-13 11:06:38 ----D---- C:\WINDOWS\Help
2009-01-13 11:01:34 ----D---- C:\WINDOWS\system32\CONFIG
2009-01-13 11:01:20 ----D---- C:\WINDOWS\Media
2009-01-13 03:10:59 ----D---- C:\WINDOWS\Debug
2009-01-12 15:38:01 ----A---- C:\WINDOWS\system.ini
2009-01-12 15:35:32 ----SHD---- C:\WINDOWS\system32\twain32
2009-01-12 15:33:29 ----D---- C:\WINDOWS\AppPatch
2009-01-12 15:33:29 ----D---- C:\Programme\Gemeinsame Dateien
2009-01-12 15:32:57 ----SD---- C:\WINDOWS\Tasks
2009-01-12 15:32:06 ----D---- C:\temp
2009-01-12 14:01:10 ----D---- C:\WINDOWS\Minidump
2009-01-08 14:51:27 ----D---- C:\Programme\Java
2009-01-08 14:27:46 ----SD---- C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten\Microsoft
2009-01-08 10:05:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2009-01-08 09:41:25 ----D---- C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Workstation\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 TDFSD;TDFSD; C:\WINDOWS\System32\Drivers\TDFSD.sys [2007-02-09 939072]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Nbf;NetBEUI-Protokoll; C:\WINDOWS\system32\DRIVERS\nbf.sys [2004-08-04 98176]
R2 U3sHlpDr;U3sHlpDr; \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir Workstation\avgntflt.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\ikbf5.sys [2008-04-04 11688]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 I8042PRTT;I8042PRTT; C:\WINDOWS\system32\drivers\I8042PRTT.sys []
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir Professional MailGuard; C:\Programme\Avira\AntiVir Workstation\avmailc.exe [2009-01-08 164097]
R2 AntiVirScheduler;Avira AntiVir Professional Planer; C:\Programme\Avira\AntiVir Workstation\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Professional Guard; C:\Programme\Avira\AntiVir Workstation\avguard.exe [2008-10-15 151297]
R2 antivirwebservice;Avira AntiVir Professional WebGuard; C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE [2008-06-12 258305]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 AVEService;Avira AntiVir Professional MailGuard Hilfsdienst; C:\Programme\Avira\AntiVir Workstation\avesvc.exe [2008-05-09 41217]
R2 CCFLIC0;Proficy Licensing; C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe [2008-03-26 58664]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 OdService;ODrive Service; C:\Programme\Oracle\ODrive\XfsSvcCon.exe [2007-02-09 33792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SQLWriter;SQL Server VSS Writer; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer; C:\Programme\GE Fanuc\Proficy CIMPLICITY\exe\ptopc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NMSAccess;NMSAccess; C:\Programme\CDBurnerXP Pro 3\Tools\NMSAccess.exe [2003-05-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OpenVPNService;OpenVPN Service; C:\Programme\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 OracleCSService;OracleCSService; C:\oracle\product\10.1.0\Db_2\bin\ocssd.exe service []
S3 OracleOraDb10g_home1SNMPPeerEncapsulator;OracleOraDb10g_home1SNMPPeerEncapsulator; C:\oracle\product\10.1.0\Db_2\BIN\ENCSVC.EXE []
S3 OracleOraDb10g_home1SNMPPeerMasterAgent;OracleOraDb10g_home1SNMPPeerMasterAgent; C:\oracle\product\10.1.0\Db_2\BIN\AGNTSVC.EXE []
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ufad-ws60;VMware Agent Service; C:\Programme\VMware\VMware Workstation\vmware-ufad.exe [2007-08-07 186928]
S4 OracleJobSchedulerabc;OracleJobSchedulerabc; c:\oracle\product\10.2.0\db_1\Bin\extjob.exe abc []

-----------------EOF-----------------

Bonjour jlpjlp,

Le lien pour télécharger usbFix est erroné, as tu un autre lien?
Le fichier barusaya.dll est introuvable sur mon ordi.
Voici le lien pour le rapport du fichier klif.sys:
http://www.virustotal.com/fr/analisis/f6426cf581d038a8b6a78b727b7ba2aa

Merci de ton aide !

Pour plus de précision, lors du démarrage de mon PC, Antivir détecte le fichier 3 fois de suite et à chaque fois je le mets en quarantaine. Ensuite je n'ai plus rien.

Merci !

Bonjour jlpjlp,

J'ai fait le scan avec RavAntivirus et rien n'a été trouvé. Et j'ai bien mis ma clé USB.
Que dois je faire avec le fichier klif.sys que j'ai analysé dernièrement?
Sinon l'URL pour UsbFix est toujours en dérangement.

Merci !

Voici le rapport de FindyKill.
Merci.



###################### [ FindyKill V4.714 ]

# User : Pierre - CLASS1
# Emplacement : C:\Programme\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 13:10:16 le 21.01.2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.714 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Workstation\sched.exe
C:\Programme\Avira\AntiVir Workstation\avguard.exe
C:\Programme\Avira\AntiVir Workstation\avesvc.exe
C:\Programme\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Oracle\ODrive\XfsSvcCon.exe
C:\WINDOWS\System32\svchost.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Avira\AntiVir Workstation\avmailc.exe
C:\Programme\Avira\AntiVir Workstation\AVWEBGRD.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\OpenVPN\bin\openvpn-gui.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\Avira\AntiVir Workstation\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Oracle\ODrive\odrive.exe
C:\Programme\PrintKey2000\Printkey2000.exe
C:\Programme\Oracle\ODrive\ODFWAgent.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Dokumente und Einstellungen\Pierre\Anwendungsdaten ]


################## [ C:\DOKUME~1\Pierre\LOKALE~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMAXPnP=C:\Programme\Analog Devices\Core\smax4pnp.exe
ATIPTA=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
openvpn-gui=C:\Programme\OpenVPN\bin\openvpn-gui.exe
vmware-tray=C:\Programme\VMware\VMware Workstation\vmware-tray.exe
VMware hqtray="C:\Programme\VMware\VMware Workstation\hqtray.exe"
avgnt="C:\Programme\Avira\AntiVir Workstation\avgnt.exe" /min
ZoneAlarm Client="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////




\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - # Type de démarrage = 3

Ip6Fw - # Type de démarrage = 3

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Eingebautes Laufwerk


# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.714 ! ]

Le fichier c:\windows\system32\barusaya.dll n'est pas présent sur mon PC. J'ai fait une recherche sur le C:.
Sinon mon PC se comporte normalement, je n'ai rien à dire.

Merci de ton aide.