Pub, antivirus, chargement de pages inconnu

Résolu/Fermé
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009 - 10 févr. 2009 à 16:25
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009 - 10 févr. 2009 à 22:15
Bonjour,

Depuis quelque jour mon PC commence à déconner de tout les cotés. Voici une liste de tout mes problèmes:
-Certaine pages sont longues à charger
-Ouverture de Pub dans une nouvelle fenêtre nommés: "Advertissement"
-Lors de certain click je me retrouve soit sur une page non demandé soit sur la page d'acceuille Google.
-Tout mes antivirus/spy ne veulent se mettre à jour.

J'ai fait un scan Ad aware+ Antivir en mod sans echec et cela n'a pas changé.

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:34 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ThomsonUSBAudioSystemRemote] "C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [RealtekAC] C:\WINDOWS\system32\RealtekAC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFDF581-2960-4547-9B01-F4E63A66A892}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DE324A-5AFD-4074-84AC-D2ACDF80CD4D}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{80842673-D1B4-45C1-BE39-312B15CCD48F}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DED9FC-D174-4FEE-BFB4-EBFD337DA283}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A30A3130-A03D-4CB1-B31C-E8708D55A4FF}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB9B419-0B5F-4BB0-A40E-076EFE9F0403}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C55349B4-EDEE-45E3-B14B-CE5B3B2FD93A}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEE7C38-914F-44CF-945D-1F63C1A77506}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FAA2C8-D95F-4B34-96D5-DC36FF266917}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF66980A-813E-41A5-BA83-E7FCD6690289}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF9AF06A-A9BD-4CDF-A1A7-E6F19E13B918}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FanSpeedNT Service - Unknown owner - J:\Fichiers\Overclock\Fanspeed\fanspeedNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
A voir également:

28 réponses

Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 16:35
Salut,

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 16:56
Voila le log, par contre impossible de faire une MAJ de MBAM^^

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 3

2/10/2009 4:49:17 PM
mbam-log-2009-02-10 (16-49-17).txt

Type de recherche: Examen rapide
Eléments examinés: 69541
Temps écoulé: 7 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 37
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RealtekAC (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d34ae66-f94c-4e65-a160-72944bb146ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ffdf581-2960-4547-9b01-f4e63a66a892}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68de324a-5afd-4074-84ac-d2acdf80cd4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80842673-d1b4-45c1-be39-312b15ccd48f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88ded9fc-d174-4fee-bfb4-ebfd337da283}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a30a3130-a03d-4cb1-b31c-e8708d55a4ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bbb9b419-0b5f-4bb0-a40e-076efe9f0403}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c55349b4-edee-45e3-b14b-ce5b3b2fd93a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ccee7c38-914f-44cf-945d-1f63c1a77506}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d9faa2c8-d95f-4b34-96d5-dc36ff266917}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef66980a-813e-41a5-ba83-e7fcd6690289}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff9af06a-a9bd-4cdf-a1a7-e6f19e13b918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0d34ae66-f94c-4e65-a160-72944bb146ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ffdf581-2960-4547-9b01-f4e63a66a892}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68de324a-5afd-4074-84ac-d2acdf80cd4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80842673-d1b4-45c1-be39-312b15ccd48f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{88ded9fc-d174-4fee-bfb4-ebfd337da283}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a30a3130-a03d-4cb1-b31c-e8708d55a4ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bbb9b419-0b5f-4bb0-a40e-076efe9f0403}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c55349b4-edee-45e3-b14b-ce5b3b2fd93a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ccee7c38-914f-44cf-945d-1f63c1a77506}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d9faa2c8-d95f-4b34-96d5-dc36ff266917}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ef66980a-813e-41a5-ba83-e7fcd6690289}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff9af06a-a9bd-4cdf-a1a7-e6f19e13b918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0d34ae66-f94c-4e65-a160-72944bb146ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ffdf581-2960-4547-9b01-f4e63a66a892}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{68de324a-5afd-4074-84ac-d2acdf80cd4d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{80842673-d1b4-45c1-be39-312b15ccd48f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{88ded9fc-d174-4fee-bfb4-ebfd337da283}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a30a3130-a03d-4cb1-b31c-e8708d55a4ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bbb9b419-0b5f-4bb0-a40e-076efe9f0403}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c55349b4-edee-45e3-b14b-ce5b3b2fd93a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ccee7c38-914f-44cf-945d-1f63c1a77506}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d9faa2c8-d95f-4b34-96d5-dc36ff266917}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ef66980a-813e-41a5-ba83-e7fcd6690289}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ff9af06a-a9bd-4cdf-a1a7-e6f19e13b918}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.51,85.255.112.8 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\XP_AntiSpyware\comp.dat (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-69.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-567.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-8B3.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-E85.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-FD3.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 16:58
Et maintenant que tu as supprimé des infections, tu peux faire la mise à jour de MBAM ?
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 17:07
Toujours pas... et à mon avis ce n'est pas un problème de routeur.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 17:08
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 17:22
INFO.TXT

info.txt logfile of random's system information tool 1.05 2009-02-10 17:21:08

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark05-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\setup.exe" -l0x9 -removeonly
3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AGEIA PhysX Unreal Tournament 3 Mods-->MsiExec.exe /X{F3D27930-B9DE-44A5-AA0B-006471E0EA23}
AirMAPS-->J:\Jeux PC\EA GAMES\Battlefield 2\Uninstal_airmapsv6.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0-->"C:\Program Files\DAEMON Tools\unins000.exe"
ASUS DH Remote-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Setup.exe" -l0x40c
ASUS GameFace Library-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS GameLiveShow-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS SmartDoctor-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036
ASUS Utilities-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1036
ASUS VideoSecurity Online-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AsusUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audiosurf Demo-->"J:\Jeux PC\Steam\steam.exe" steam://uninstall/12910
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Badaboom 1.1.0.132-->C:\Program Files\Badaboom\uninst.exe
Batch Compiler 3.1.2-->"C:\Program Files\Batch Compiler\unins000.exe"
Battlefield 2 : Forces Spéciales-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x40c -removeonly
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
Beyond the Red Line-->C:/Program Files/BtRL/Demo/uninstall.exe
BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
BlazeDVD 4.0 Professional-->"C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\unins000.exe"
BSG-Galactica Client mod-->C:\Program Files\Microsoft Games\Freelancer\Freelancer Mod Manager\mods\BSGMOD1.68\Uninstal.exe
BT Softphone 2-->MsiExec.exe /X{1a716211-cdb0-4c53-a602-51f18bacafb8}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x40c /remove
CryEngine(R)2 Sandbox(TM)2-->MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dark Messiah -->C:\Program Files\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x040c -removeonly
Day of Defeat: Source-->MsiExec.exe /I{7E18C9F0-1262-4AF6-AC3D-9CB1EBF54772}
Démo de Battlefield 2142-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x40c -removeonly
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Experimental v0.5-->"C:\Program Files\Electronic Arts\Crytek\Crysis\Game\Levels\DreamExperimental\unins000.exe"
EA Download Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe"
EasyRecovery Professional Essai-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93} /l1036
Eternal Silence Beta 2.0-->j:\jeux pc\steam\SteamApps\SourceMods\esmod\uninst.exe
EVEREST Ultimate Edition v3.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
EZ-Backup Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DA0047C-2F99-4FE6-ADCB-B08208101E22}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
FarCry AMD64 ECU for x32 Edition-->J:\Jeux PC\Ubisoft\Crytek\Far Cry\Uninstall x64ECU.exe
FFaCry 3-->J:\Jeux PC\Ubisoft\Crytek\Far Cry\Mods\FFaCry-Mod\Uninstal.exe
ffdshow [rev 2322] [2008-11-14]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FLSMClient-->MsiExec.exe /I{A9B287B0-F939-4538-9C14-CC5F3EA93D83}
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Folding@Home-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\Uninstall33D1.DAT
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Freelancer-->"C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Frets on Fire MFH Mod v3.017-->"C:\Program Files\Frets on Fire\unins000.exe"
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameFace Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
GCFScape 1.6.4-->"C:\Program Files\GCFScape\unins000.exe"
GConvert-->MsiExec.exe /I{C26F02EE-CDD1-47A6-A0EF-ECE8D162EDF2}
GetDataBack for FAT-->"C:\Program Files\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack\install.log" -u
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x040c -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
GTR 2 1.0.0.0-->"J:\Jeux PC\GTR2\Support\unins000.exe"
GUILD WARS-->"J:\Jeux PC\GUILD WARS\Gw.exe" -uninstall
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld 2 Battlestar Galactica Fleet Commander-->C:\Program Files\Sierra\Homeworld2\hw2bsg-v.0.4.3-win-uninstall.exe
Homeworld2-->C:\Program Files\Sierra\Homeworld2\uninstall.exe
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
IONCROSS Freelancer Character Editor-->"C:\Program Files\IONCROSS Freelancer Character Editor\uninstall.exe"
IONCROSS Freelancer Server Operator-->"C:\Program Files\IONCROSS Freelancer Server Operator mk.V.1\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iWizz-->C:\Program Files\iWizz\uninstall.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x40c UNINSTALL
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
LOST PLANET TRIAL DX9-->MsiExec.exe /X{729F9233-40C5-41C6-A271-E09A9337D0C9}
LucasArts' X-Wing Alliance-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\XWingAlliance\DeIsL1.isu"
m0d_s0beit_3.4-->"C:\Documents and Settings\JEREMY\Bureau\Nouveau dossier\GTA San Andreas\Uninstall s0beit 3.4 mod"
Ma-Config.com plugin-->MsiExec.exe /I{6F06A42D-525C-49ED-8622-E16790956CD8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mental Motions Pencil Box Deluxe-->"C:\WINDOWS\psuninst2.exe" "C:\Program Files\Microsoft ActiveSync\Pencil Box Deluxe\uninst.dat"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Metro-->C:\Program Files\Microsoft ActiveSync\Metro\Uninstall.exe Metro
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.0)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Combo Set-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}
Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
Need for Speed™ Carbon-->J:\Jeux PC\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nokia PC Connectivity SDK 3.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D2BAD7A0-610B-4691-A054-D8A9F15FF708} /l1036
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX Particle Fluid Demo-->MsiExec.exe /I{8CA53298-AB86-49C7-8040-D5E7BA2F703A}
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
O&O Defrag Agent-->MsiExec.exe /I{0749CB55-8676-4071-A3D6-6DDE7E94764F}
O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Oblivion - TweakOblivion 2.85-->"C:\Program Files\TweakOblivion\unins000.exe"
Oblivion mod manager 0.9.8-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OrphansRemover version 1.8.9.36-->"C:\Program Files\OrphansRemover\unins000.exe"
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Package de pilotes Windows - Sony PSP Type B (11/20/2005 20051120)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\psp_87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF\psp.inf
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c
PC Suite pour Nokia 6600-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{624499AB-179E-4659-9760-C1EB38BC212E}\Setup.exe" -l0x40c anything
Perfect Dark: Source Beta 1.1730-->"j:\jeux pc\steam\SteamApps\SourceMods\pdark\unins000.exe"
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhysX Screen Saver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{300A470B-681B-449F-82AE-6D19114702CE}\Setup.exe" -l0x9
Pirates, Vikings and Knights II Beta 1.0-->j:\jeux pc\steam\SteamApps\SourceMods\pvkii\uninst.exe
Power Video Downloader-->"C:\WINDOWS\Power Video Downloader\uninstall.exe" "/U:C:\Program Files\Power Video Downloader\Uninstall\uninstall.xml"
PS3 Video 9 2.15-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PS3.ProxyServer-->MsiExec.exe /I{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}
PSP Brew 0.90-->"C:\Program Files\PSP Brew\unins000.exe"
PSP Video 9 1.74-->C:\Program Files\pspvideo9\uninst.exe
PSPGen Personal Media Manager 2.93-->C:\Program Files\Personal Media Manager\Uninstal.exe
PSPGen Personal Media Manager 2.94-->C:\Program Files\Personal Media Manager\Uninstal.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RapidDowner-->MsiExec.exe /I{0E6FA04E-F796-459B-A3B2-686953A8F934}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Retrospect 7.5-->MsiExec.exe /I{92596597-71B3-4608-8628-AD48F2664EB9}
Revenge Of The Sith: Battle Over Coruscant-->C:\Program Files\LucasArts\XWingAlliance\Uninstall ROTSBOC.exe
Rise of Kobol Alpha .6-->C:\Program Files\EA GAMES\Battlefield 2\mods\RoK\RoK Uninstal.exe
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
San Andreas Mod Installer-->"C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:J:\Jeux PC\San Andreas Mod Installer\Uninstall\uninstall.xml"
save2pc Pro 3.31-->"C:\Program Files\FDRLab\save2pc\unins000.exe"
Sgc 3D Simulator 1.5-->"C:\Program Files\sgc_3d_sim\unins000.exe"
SGCSim v5.1.0-->MsiExec.exe /I{BF926BD5-83E9-417F-BC56-1AC181A13168}
Simple DNS Plus-->MsiExec.exe /X{6BA25419-75B0-4091-93DB-E6ECEE517CB1}
SixaxisDriver 0.91-->"C:\Program Files\SixaxisDriver\unins000.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Skype™ for Windows Mobile 2.5-->"C:\Program Files\Microsoft ActiveSync\Skype for Windows Mobile\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Smoke demo by NVIDIA (remove only)-->"C:\Program Files\NVIDIA Corporation\NVidia Demos\Smoke\uninstall.exe"
SOFTIMAGE®|XSI® 4.2 ModTool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Softimage\XSI_4.2_ModTool\Setup\setup.exe"
Source SDK Base - Orange Box-->"J:\Jeux PC\Steam\steam.exe" steam://uninstall/218
SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Star Wars Battlefront II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x40c -removeonly
StargateTC-->j:\jeux pc\steam\steamapps\jejebond_60@hotmail.com\half-life\stargatetc\Uninstall.exe
StargateTC2-->"j:\jeux pc\steam\SteamApps\SourceMods\stargatetc2\desinstall-sgtc2b1.exe"
StartMenuLSTRemover-->C:\Program Files\StartMenuLSTRemover\Uninstall.exe
Steam-->J:\JEUXPC~1\Steam\UNWISE.EXE J:\JEUXPC~1\Steam\INSTALL.LOG
Studio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x40c UNINSTALL
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"J:\Jeux PC\Teamspeak2_RC2\unins000.exe"
Texture Maker 3.03-->"C:\Program Files\Texture Maker\unins000.exe"
Thomson USB Audio System Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Thomson multimedia\USB Audio System\DeIsL1.isu"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TIPocketEmulator-->C:\Program Files\Microsoft ActiveSync\TIPocketEmulator\Uninstall.exe TIPocketEmulator
Todae - Live Media-->C:\Program Files\Windows Media Player\Plugins\Todae\RMP\uninstall_fr.exe
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly
TortoiseSVN 1.4.8.12137 (32 bit)-->MsiExec.exe /X{1E010E57-0453-4A84-A899-47EEA104661C}
Transfert Windows-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
TubeHunter Ultra-->MsiExec.exe /I{4572F220-0A56-402E-90F1-4D36DD22F108}
uberOptions 3.30.5.4-->C:\Program Files\Logitech\SetPoint\uberOptions\uninst.exe
Unreal Tournament 2004-->J:\Jeux PC\UT2004\System\Setup.exe uninstall "UT2004"
Unreal Tournament 3-->"J:\Jeux PC\Steam\steam.exe" steam://uninstall/13210
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Virtual Pool Mobile-->C:\Program Files\Microsoft ActiveSync\Virtual Pool Mobile\Uninstall.exe Virtual Pool Mobile
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.6-->C:\Program Files\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
VTFEdit 1.2.3-->"C:\Program Files\VTFEdit\unins000.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}
WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\wdcsam_8A1D0449E9CBCC93DCB0CF47934D695423632CA7\wdcsam.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor-->MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
Windows XP Creativity Fun Packs - Windows Media Player 9 Series-->MsiExec.exe /X{AE98861E-5D55-4787-9E18-6A054783D124}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
www.dizzler.com-->"C:\Program Files\dizzler\unins000.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
X-Wing Install System 2.71-->C:\Program Files\X-Wing Install System\Uninstall.exe
ZEN Media Explorer-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c
Zombie Panic! Source-->"J:\Jeux PC\Steam\steam.exe" steam://uninstall/17500

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)

System event log

Computer Name: JEREMY
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom1 au cours d'une opération de pagination.

Record Number: 8769
Source Name: Cdrom
Time Written: 20090109173715.000000+060
Event Type: warning
User:

Computer Name: JEREMY
Event Code: 10021
Message: Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.

Record Number: 8768
Source Name: DCOM
Time Written: 20090109173707.000000+060
Event Type: error
User:

Computer Name: JEREMY
Event Code: 10021
Message: Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.

Record Number: 8767
Source Name: DCOM
Time Written: 20090109173707.000000+060
Event Type: error
User:

Computer Name: JEREMY
Event Code: 10021
Message: Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.

Record Number: 8766
Source Name: DCOM
Time Written: 20090109173707.000000+060
Event Type: error
User:

Computer Name: JEREMY
Event Code: 10021
Message: Le descripteur de sécurité d'exécution et d'activation défini pour l'application serveur COM avec le CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
n'est pas valide. Il contient des entrées de contrôle d'accès (ACE) avec des autorisations qui ne sont pas valides. Par conséquent, l'action demandée n'a pas été effectuée. Cette autorisation de sécurité peut être corrigée à l'aide de l'outil d'administration Services de composants.

Record Number: 8765
Source Name: DCOM
Time Written: 20090109173707.000000+060
Event Type: error
User:

Application event log

Computer Name: JEREMY
Event Code: 103
Message: msnmsgr (6832) \\.\C:\Documents and Settings\JEREMY\Local Settings\Application Data\Microsoft\Messenger\jejebond_60@hotmail.com\SharingMetadata\Working\database_BC44_7AFA_447A_B72C\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 21541
Source Name: ESENT
Time Written: 20081206220207.000000+060
Event Type: information
User:

Computer Name: JEREMY
Event Code: 102
Message: msnmsgr (6832) \\.\C:\Documents and Settings\JEREMY\Local Settings\Application Data\Microsoft\Messenger\jejebond_60@hotmail.com\SharingMetadata\Working\database_BC44_7AFA_447A_B72C\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 21540
Source Name: ESENT
Time Written: 20081206213308.000000+060
Event Type: information
User:

Computer Name: JEREMY
Event Code: 100
Message: msnmsgr (6832) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 21539
Source Name: ESENT
Time Written: 20081206213308.000000+060
Event Type: information
User:

Computer Name: JEREMY
Event Code: 101
Message: msnmsgr (6832) Le moteur de base de données est arrêté.

Record Number: 21538
Source Name: ESENT
Time Written: 20081206212121.000000+060
Event Type: information
User:

Computer Name: JEREMY
Event Code: 103
Message: msnmsgr (6832) \\.\C:\Documents and Settings\JEREMY\Local Settings\Application Data\Microsoft\Messenger\jejebond_60@hotmail.com\SharingMetadata\Working\database_BC44_7AFA_447A_B72C\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 21537
Source Name: ESENT
Time Written: 20081206212121.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"sourcesdk"=j:\jeux pc\steam\steamapps\jejebond_60@hotmail.com\sourcesdk
"VProject"=j:\jeux pc\steam\steamapps\jejebond_60@hotmail.com\half-life 2 deathmatch\hl2mp
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------










LOG.TXT

Logfile of random's system information tool 1.05 (written by random/random)
Run by JEREMY at 2009-02-10 17:21:03
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (10%) free of 100 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:06 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JEREMY\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\JEREMY.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ThomsonUSBAudioSystemRemote] "C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FanSpeedNT Service - Unknown owner - J:\Fichiers\Overclock\Fanspeed\fanspeedNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\sy
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 17:28
Le rapport log n'est pas complet.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 17:28
SUITE LOG.TXT

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 17:34
Que dit exactement MBAM pour les mises à jour ?
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 17:40
Il me dit de vérifier mon pare feu ou de vérifier ma connexion internet... J'ai un Netgear comme routeur, quels ports dois-je ouvrir ? Comment le faire ?
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 17:41
---> Télécharge GMER :
http://www2.gmer.net/gmer.zip

---> Extrais le contenu du ZIP puis renomme gmer.exe en CCM.exe (Le .exe n'est pas forcément visible).

---> Double-clique sur CCM.exe.

---> Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.

---> En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "301108.txt".

---> Double-clique sur "301108.txt", le rapport apparaît, poste-le.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 17:53
GMER me détecte plusieurs rootkit apparemment.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-10 17:53:14
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF769787E] <-- ROOTKIT !!!
SSDT BA2773E4 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xF7473D1C] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateValueKey [0xF74740BC] <-- ROOTKIT !!!
SSDT sptd.sys ZwOpenKey [0xF746F090] <-- ROOTKIT !!!
SSDT BA2773D0 ZwOpenProcess
SSDT BA2773D5 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF7474194] <-- ROOTKIT !!!
SSDT sptd.sys ZwQueryValueKey [0xF7474014] <-- ROOTKIT !!!
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7697C10] <-- ROOTKIT !!!
SSDT BA2773DF ZwTerminateProcess
SSDT BA2773DA ZwWriteVirtualMemory

Code 8A728458 ZwFlushInstructionCache
Code B66F2C80 pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A72845C
? rcrmt.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTDDRV1.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B8EF98AC 5 Bytes JMP 8AA9D1B8
? System32\Drivers\amisirte.SYS Le chemin d'accès spécifié est introuvable. !
? C:\DOCUME~1\JEREMY\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ctfmon.exe[260] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[260] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[260] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[316] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[316] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[316] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[316] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1080] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1080] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1080] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1200] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1200] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1200] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[1388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[1388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[1388] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE[1388] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\JEREMY\Bureau\CCM.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\JEREMY\Bureau\CCM.exe[1664] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Documents and Settings\JEREMY\Bureau\CCM.exe[1664] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\JEREMY\Bureau\CCM.exe[1664] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] ADVAPI32.dll!CryptDeriveKey 77DB9FDD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] ADVAPI32.dll!CryptDecrypt 77DBA109 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28005AC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 280060C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003820 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005980 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 280062B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28005CB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004970 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2800A5A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!send 719F4C27 2 Bytes JMP 2800A180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!send + 3 719F4C2A 2 Bytes [ 61, B6 ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 28009F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!recv 719F676F 5 Bytes JMP 28009DC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2800A360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] SHELL32.dll!Shell_NotifyIconW 7CA3A52F 5 Bytes JMP 28002FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WININET.dll!InternetCloseHandle 4408DA59 5 Bytes JMP 28008F20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WININET.dll!HttpOpenRequestA 44094341 5 Bytes JMP 28008BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WININET.dll!InternetReadFile 4409ABB4 5 Bytes JMP 28008D70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1732] WININET.dll!HttpSendRequestA 4409CD40 5 Bytes JMP 28008E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1804] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1804] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1804] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2228] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\Explorer.EXE[2304] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2304] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2304] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2592] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2592] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2592] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2592] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[2708] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2708] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[2784] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2796] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2796] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2796] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2900] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2900] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2900] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[3004] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3004] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[3132] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[3132] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[3184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[3184] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3184] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe[3228] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe[3228] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe[3228] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3244] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3244] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3244] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3488] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3488] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3488] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3512] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3512] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[3520] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[3520] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[3520] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[3552] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3552] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3620] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3620] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3620] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\SuperCopier2\SuperCopier2.exe[3628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\SuperCopier2\SuperCopier2.exe[3628] shell32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SuperCopier2\SuperCopier2.exe[3628] shell32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3972] SHELL32.dll!SHFileOperationW 7CA8083C 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3972] SHELL32.dll!SHFileOperation 7CA80B24 6 Bytes JMP 5F040F5A
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 18:03
SUITE


---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F747F6C4] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7495394] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F747F718] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F746FAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F746FBEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F746FB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F747071C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74705F2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74954E8] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74954E8] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AB091D8
Device \FileSystem\Fastfat \FatCdrom 8A59C990
Device \FileSystem\Udfs \UdfsCdRom 8A5E91D8
Device \FileSystem\Udfs \UdfsDisk 8A5E91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{68DE324A-5AFD-4074-84AC-D2ACDF80CD4D} 8A7841D8
Device \Driver\usbuhci \Device\USBPDO-0 8A86B7D0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AB0B1D8
Device \Driver\dmio \Device\DmControl\DmConfig 8AB0B1D8
Device \Driver\dmio \Device\DmControl\DmPnP 8AB0B1D8
Device \Driver\dmio \Device\DmControl\DmInfo 8AB0B1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A86B7D0
Device \Driver\usbuhci \Device\USBPDO-2 8A86B7D0
Device \Driver\usbuhci \Device\USBPDO-3 8A86B7D0
Device \Driver\usbehci \Device\USBPDO-4 8A869610

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AAA01D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AAA01D8
Device \Driver\Cdrom \Device\CdRom0 8A81B1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AAA01D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 8A81B1D8
Device \Driver\Cdrom \Device\CdRom2 8A81B1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7841D8
Device \Driver\NetBT \Device\NetbiosSmb 8A7841D8
Device \Driver\00000038 \Device\0000005d sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A86B7D0
Device \Driver\usbuhci \Device\USBFDO-1 8A86B7D0
Device \Driver\usbuhci \Device\USBFDO-2 8A86B7D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7A0990
Device \Driver\usbuhci \Device\USBFDO-3 8A86B7D0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A7A0990
Device \Driver\Ftdisk \Device\FtControl 8AAA01D8
Device \Driver\usbehci \Device\USBFDO-4 8A869610
Device \Driver\amisirte \Device\Scsi\amisirte1 8A7FD450
Device \Driver\amisirte \Device\Scsi\amisirte1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\amisirte \Device\Scsi\amisirte1Port5Path0Target1Lun0 8A7FD450
Device \Driver\amisirte \Device\Scsi\amisirte1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8AB0A1D8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\amisirte \Device\Scsi\amisirte1Port5Path0Target0Lun0 8A7FD450
Device \Driver\amisirte \Device\Scsi\amisirte1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 8AB0A1D8
Device \Driver\JRAID \Device\Scsi\JRAID1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 8A59C990

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A7896D8

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\gaopdxobrqltim.sys (*** hidden *** ) B66F1000-B6719000 (163840 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\gaopdxobrqltim.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5559ec
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5559ec@000e6d247161 0xA2 0x69 0x39 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxobrqltim.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxobrqltim.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxoyqmoqxy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 427359995
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 412748860
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xBA 0x06 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0x54 0x60 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFC 0xDE 0x66 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2C 0x1A 0x47 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xBA 0x06 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0x54 0x60 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0x93 0x86 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x85 0xA5 0x3F 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5559ec
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5559ec@000e6d247161 0xA2 0x69 0x39 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxobrqltim.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxobrqltim.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxoyqmoqxy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xBA 0x06 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0x54 0x60 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFC 0xDE 0x66 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2C 0x1A 0x47 0x45 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E6F5FA0F848F71B32AF964E657AE51586A998D5C935B721048F9F909725B3B77F35CE438A94BA4BF00B19066642D7EEF7FB46FD79218F047F61A16B7F7E666A11ECE7FC91B042AF6F04624B27CBBEF608CD9DBC19DA69838E435915CD91E54BFC0584A690F428B5E0D23FB5897901DE779F42AB0928E6A786FD861B6F8F9B361CDC9781E8990C49FF879A64901EAEFE73FB7E79E22DEDE4585D6AFEB8BF8A93A48B3EF54677FC68670BCE8D9D80A46676C96D569CFA95FFAA8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667FEBC9E127BECC74CBA7FD869164D67941BE6069DC555B69B71D00BB2CFABEA358FB72C0DD308C28EE743E7C5C4598CE4EBB7407B4F763D8627934D9D819F4DC16D8A5F060063282A9E46ADDB4CC420256B7C22521CBC7B4BBF54A12CC1041199A89873981CB06F71D43C35D826A19AEAA4325939863ECF71C80D3ED9B9FAEC37ECF7C9C7C341CAF47B7925E37E1144FBE706F71DEA05BD1291E8BCF8959CBAA92C7225E814568BD844838AF7049F8C314ADD713E298F69DDB1481C2D89F278151F052C25B02BABD3289655626BD503F723D0A1AE25501C940041BF6F4AFE4B2F3C62EAFBBFE8C635619F5AC7EB2BDC518EA8C256492DC50F1B1BEB8B90B17945C4EED0BD6CB19
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 37262371F698E25ED7827466978F5F8A2C3DCE27B1E10361B3962FEDF541678F77C2967CDD9B3F8608F0592AE9D2AEF48230FB4BF6483018B3A1A2E31FB409D6B8F38F2FADCC552A42BBB3EE9FBC18E1580A4916B8F36727B964853824B61F62C18254D1A50BA860E760AADA6271D054479BE0AA29EB309EB8A6A22C5FD4A0F0FDC9F0656C0B4132FD712A4B3EE890C10D4D2EE1DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667F631EE2F0093524F7871D871C49D5956F67715D785F6703F75A048CE1777930A847A96087BC0F4E9B856DFCE80D7A1506EF4D2DDB35B74926BB741CBA0BC5C9F3E6AD284648E70BC7D1AFC540667D259CB78558232CBE5F53355A7F7B22F51914D2363834402D9ADB70E5E99354FFD626325593353ECF07FA88B633CB238DCBDAFC4FE05396377062B8525567EDA67BC5E9F8E06002A772AF77251229E011BEB39794C2E73BF4573EE5AE669E8168820381295AFB1310F57A3A4425B86F9E042116CEBC6B865F188EE69AED50ED18C2544A8080CF8F282C8813F77BA0FD5B34E314C6BBD62E9E1B86C9179BF9E24D4CAA496EE987828CDA63AE62DB96E0C4F7FE7CD52A2DDA5AD5F7938BA71D9E4F5F453124BF96748A3FB4D408
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKLM\SOFTWARE\Classes\gaopdxvx
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxrun 71
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxpff 8160
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxaff 3165
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxsrv -1056770279
Reg HKLM\SOFTWARE\Classes\gaopdxvx@gaopdxpos "xsxzy}zo"deic`daly?kflniTXTC
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D459D1DF-8E7D-9734-3ECF-C454223F516F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D459D1DF-8E7D-9734-3ECF-C454223F516F}@ianfphgadepnadkmge 0x69 0x61 0x6B 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D459D1DF-8E7D-9734-3ECF-C454223F516F}@hadghlfflbdnboop 0x69 0x61 0x6C 0x69 ...

---- EOF - GMER 1.0.14 ----
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 18:05
---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 19:04
[b]SDFix: Version 1.240 [/b]
Run by JEREMY on Tue 02/10/2009 at 06:28 PM

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\114889~1 - Deleted
C:\DOCUME~1\JEREMY\COOKIES\BEGOWU~1.BAN - Deleted
C:\DOCUME~1\JEREMY\COOKIES\LAPASYZ.BAN - Deleted
C:\DOCUME~1\JEREMY\COOKIES\PIDUHU.DLL - Deleted
C:\DOCUME~1\JEREMY\COOKIES\VYVUQU.REG - Deleted
C:\Documents and Settings\JEREMY\Local Settings\Temp\aaxAE9.tmp.exe - Deleted
C:\Documents and Settings\JEREMY\Local Settings\Temp\utt5A1.tmp.exe - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\Binaries1.cab2 - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\Binaries1.cab3 - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\Binaries3.cab6 - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp31.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp3A.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp3B.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp3F.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp41.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp4D.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp5D.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp5E.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp64.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp65.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp66.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp6A.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp73.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp75.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp76.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp77.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp7A.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp7C.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp7D.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp7E.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp7F.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp80.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp81.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp8C.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp90.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmp97.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpA8.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpA9.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAA.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAB.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAC.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAD.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAE.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpAF.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB0.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB1.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB2.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB3.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB4.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB5.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB6.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB7.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpB8.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpBB.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpBC.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpBD.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpBE.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC0.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC1.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC2.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC3.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC4.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC5.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpC6.tmp - Deleted
C:\DOCUME~1\JEREMY\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\WINDOWS\yfir._sy - Deleted
C:\WINDOWS\system32\winmnpld.lhp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:58:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\JEREMY\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\GameFace Messenger\\GameFace.exe"="C:\\Program Files\\GameFace Messenger\\GameFace.exe:*:Enabled:IM"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\day of defeat source\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2 deathmatch\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life\\hl.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\counter-strike source\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"J:\\Jeux PC\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="J:\\Jeux PC\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed"
"J:\\Jeux PC\\Electronic Arts\\D‚mo de Battlefield 2142\\BF2142.exe"="J:\\Jeux PC\\Electronic Arts\\D‚mo de Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"J:\\Jeux PC\\Microsoft Games\\Age of Empires III\\age3.exe"="J:\\Jeux PC\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"J:\\Jeux PC\\id Software\\Quake 4\\Quake4Ded.exe"="J:\\Jeux PC\\id Software\\Quake 4\\Quake4Ded.exe:*:Disabled:Quake 4"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2\\hl2.exe:*:Enabled:hl2"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"J:\\Jeux PC\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"="J:\\Jeux PC\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"C:\\Program Files\\EasyPHP1-8\\apache\\Apache.exe"="C:\\Program Files\\EasyPHP1-8\\apache\\Apache.exe:*:Enabled:Apache"
"J:\\Jeux PC\\America's Army\\System\\ArmyOps.exe"="J:\\Jeux PC\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"J:\\Jeux iso PC\\flatout 2\\FlatOut2.exe"="J:\\Jeux iso PC\\flatout 2\\FlatOut2.exe:*:Enabled:FlatOut2"
"J:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboGame.exe"="J:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboGame.exe:*:Enabled:RoboBlitz"
"J:\\Jeux PC\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"="J:\\Jeux PC\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"J:\\Jeux PC\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="J:\\Jeux PC\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Enabled:battlefrontII"
"C:\\Program Files\\Simple DNS Plus\\sdnsmain.exe"="C:\\Program Files\\Simple DNS Plus\\sdnsmain.exe:*:Enabled:Simple DNS Plus - Main server engine"
"J:\\Jeux PC\\UT2004\\System\\UT2004.exe"="J:\\Jeux PC\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\CF3B5\\PS3.ProxyServer\\PS3.ProxyServer.GUI.exe"="C:\\Program Files\\CF3B5\\PS3.ProxyServer\\PS3.ProxyServer.GUI.exe:*:Enabled: "
"C:\\Program Files\\PS3PROXY\\ps3proxy.exe"="C:\\Program Files\\PS3PROXY\\ps3proxy.exe:*:Enabled:PS3 Proxy"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\PS3Portal\\hfs.exe"="C:\\Program Files\\PS3Portal\\hfs.exe:*:Enabled:hfs"
"C:\\Program Files\\Personal Media Manager\\PMMedia.exe"="C:\\Program Files\\Personal Media Manager\\PMMedia.exe:*:Enabled:PMMedia"
"E:\\EXE\\Freelancer.exe"="E:\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"J:\\Jeux PC\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"="J:\\Jeux PC\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"J:\\Jeux PC\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe"="J:\\Jeux PC\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source dedicated server\\srcds.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source dedicated server\\srcds.exe:*:Enabled:srcds"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Softimage\\XSI_4.2_ModTool\\Application\\bin\\nt-x86-p3\\XSI.exe"="C:\\Softimage\\XSI_4.2_ModTool\\Application\\bin\\nt-x86-p3\\XSI.exe:*:Enabled:XSI"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"J:\\Jeux PC\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="J:\\Jeux PC\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"J:\\Jeux PC\\Unreal Tournament 3\\Binaries\\UT3.exe"="J:\\Jeux PC\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\garrysmod\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe"="C:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe:*:Enabled:BTSoftphone2"
"C:\\Documents and Settings\\JEREMY\\Bureau\\PCmonitor\\PCMonitor.exe"="C:\\Documents and Settings\\JEREMY\\Bureau\\PCmonitor\\PCMonitor.exe:*:Enabled:PCMonitor Server"
"C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"="C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe:*:Enabled:Freelancer"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="J:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editor"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\zombie panic! source\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\zombie panic! source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre6\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"="C:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe:*:Enabled:AADeployClient"
"J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base 2007\\hl2.exe"="J:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base 2007\\hl2.exe:*:Enabled:hl2"
"J:\\Jeux PC\\Codemasters\\GRID\\GRID.exe"="J:\\Jeux PC\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"J:\\Jeux PC\\EA GAMES\\Battlefield 2\\BF2.exe"="J:\\Jeux PC\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"J:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboLaunch.exe"="J:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboLaunch.exe:*:Enabled:RoboBlitz Demo"
"J:\\Jeux PC\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"="J:\\Jeux PC\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 16 Mar 2008 216,064 A.SHR --- "C:\WINDOWS\system32\nbDX.dll"
Sat 23 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 22 Aug 2008 2,451,968 A.SH. --- "C:\Documents and Settings\JEREMY\Bureau\Aon800_cfdg.exe"
Fri 22 Aug 2008 2,451,968 A.SH. --- "C:\Documents and Settings\JEREMY\Bureau\Xit8Cw_cfdg.exe"
Fri 22 Aug 2008 2,451,968 A.SH. --- "C:\Documents and Settings\JEREMY\Bureau\Ypb31v_cfdg.exe"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 14 Sep 2008 72,704 A.SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 10 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 A.SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Wed 4 Feb 2009 4,188 ...HR --- "C:\Documents and Settings\JEREMY\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\JEREMY\Application Data\U3\temp\Launchpad Removal.exe"

[b]Finished![/b]
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 19:07
Toujours ce problème où aucun Logiciel Anti virus/troj... ne veux se mettre à jour.
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 19:22
--> Télécharge WinsockXPFix sur ton Bureau.

--> Double-clique sur WinsockXPFix.exe.
--> Tout d'abord, clique sur le boutton ReG-Backup. Cela sauvegardera ton registre par précaution.
--> Clique sur OK, et encore une fois. Tu verras une fenêtre de sauvegarde de ton registre, tu cliqueras une nouvelle fois sur OK.

--> Retourne à la fenêtre principale.
--> Clique sur Fix.
--> Clique sur Yes.
--> Il se lancera pendant une minute ou deux et un bip se fera entendre et tu verras cette fenêtre.
--> Finalement, clique sur OK et laisse ton PC redémarrer.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 19:42
Je ne peux faire aucune sauvegarde ! Il me dit:

"Error saving file:
C:\ERDNT\SECURITY !

Continue ?"

Je répond Oui mais il me fait ca à chaque fichier.

Je Fix sans faire de backup ou... ??? :s
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 févr. 2009 à 19:44
Si ça plante, tu ne pourras pas restaurer sans backup.
0
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 19:47
Combien de chance je peux avoir pour que cela ne plante pas ?

Une alternative ?
0