Sujet Précédent Sujet Suivant

WIN32 KAMSO ²

Sam Faishier -  
 Sam Faishier -
Bonjour tous!

Alors v'la ça fait deux jours qu'Avast me dit qu'il y a dans mes DD ... X:\nkbd1v.exe dont le nom est Win32:Kamso [Trj].

Instinctivement j'ai fait supprimer comme ça réapparaissait tout le temps mais maintenant je suis obligé de faire Clicdroit+explorer pour aller dans mes durs :(

Anyway, en suivant les manip expliquées sur l'autre topic, voici ce que j'obtiens de Rsit APRES install de Hijack this.

Fichier Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Killian at 2009-07-15 20:18:59
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 116 GB (46%) free of 250 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:00, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\FileZilla Client\filezilla.exe
C:\Documents and Settings\Killian\Mes documents\Mes téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Killian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--
End of file - 9501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1235260653.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-04-24 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-14 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe [2003-09-26 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2003-09-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Films_sur_DVD_7\TrayServer.exe [2008-01-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\SteamApps\common\saints row 2\SR2_pc.exe"="C:\Program Files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2"
"C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe"="C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\WINDOWS\Temp\~os9.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Steam\SteamApps\common\flock demo\Flock.exe"="C:\Program Files\Steam\SteamApps\common\flock demo\Flock.exe:*:Enabled:FLOCK! Demo"
"C:\WINDOWS\Temp\~os325.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os325.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\RelevantKnowledge\rlvknlg.exe"="C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}]
shell\AutoRun\command - I:\nkbd1v.exe
shell\open\command - I:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}]
shell\AutoRun\command - D:\nkbd1v.exe
shell\open\command - D:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}]
shell\AutoRun\command - K:\nkbd1v.exe
shell\open\command - K:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2009-07-15 20:01:24 ----A---- C:\FindyKill.txt
2009-07-15 20:00:50 ----D---- C:\FindyKill
2009-07-15 19:33:58 ----D---- C:\rsit
2009-07-15 19:27:05 ----D---- C:\Program Files\Trend Micro
2009-07-15 02:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 02:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 02:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 18:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-14 18:55:52 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-14 18:55:52 ----D---- C:\Documents and Settings\Killian\Application Data\SUPERAntiSpyware.com
2009-07-14 18:30:27 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-14 14:02:37 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-14 14:02:34 ----D---- C:\Program Files\Lavasoft
2009-07-14 14:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-14 09:43:10 ----D---- C:\Documents and Settings\Killian\Application Data\Malwarebytes
2009-07-14 09:43:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 09:43:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 00:56:29 ----D---- C:\Program Files\iColorFolder
2009-07-14 00:14:34 ----D---- C:\Program Files\Microsoft
2009-07-14 00:14:32 ----D---- C:\Program Files\Windows Live
2009-07-14 00:07:57 ----A---- C:\WINDOWS\system32\nsr1A7.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsv1A0.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsr1A5.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsq1A2.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsb1A3.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsu19A.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsu198.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsk19E.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsf19C.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsy194.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsx190.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nss192.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsj196.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsc18E.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsw18A.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsr18C.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsq188.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsl186.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsu180.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsf184.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nse17E.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsa182.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nst17C.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nso17A.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nsn178.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\nsx176.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsx174.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsw172.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsw16E.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsm170.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsv16C.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsv168.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsk166.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\nsa16A.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsy15E.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsj164.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nse162.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsd160.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsd15C.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsx159.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsr157.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsi15A.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsv153.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsv151.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsl155.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsz14D.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsz14B.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsy149.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsy147.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nss143.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nsm141.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nsd145.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsr13D.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsq137.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsb13B.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\nsg139.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsz133.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsv135.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsj12F.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nse131.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsy12B.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsy129.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsx127.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsj12D.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsc125.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsm121.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsh123.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsb11F.tmp
2009-07-14 00:02:34 ----D---- C:\Program Files\Windows Live(2)
2009-07-13 21:16:52 ----SHD---- C:\Config.Msi
2009-06-15 13:45:42 ----D---- C:\Program Files\World Of Warcraft
2009-06-14 19:07:32 ----D---- C:\WINDOWS\system32\SP Penis Mouse dir
2009-06-14 19:05:00 ----D---- C:\WINDOWS\system32\SP 1101 Randy Running dir
2009-06-14 17:49:54 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-06-14 17:35:00 ----D---- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-06-12 00:58:52 ----A---- C:\WINDOWS\MegaManager.INI
2009-06-11 02:09:52 ----D---- C:\WINDOWS\ie8updates
2009-06-11 02:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 02:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 02:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 02:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 13:55:16 ----D---- C:\Documents and Settings\Killian\Application Data\Megaupload
2009-06-08 13:31:42 ----D---- C:\Program Files\Megaupload
2009-05-29 01:05:52 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-05-24 12:05:26 ----D---- C:\Documents and Settings\Killian\Application Data\Acreon
2009-05-23 15:48:39 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-05-23 15:43:43 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment
2009-05-18 12:39:47 ----D---- C:\WINDOWS\64F6748976BB4CDDA236F954BE774B35.TMP
2009-05-17 20:36:22 ----D---- C:\Documents and Settings\Killian\Application Data\skypePM
2009-05-17 20:35:24 ----D---- C:\Documents and Settings\Killian\Application Data\Skype
2009-05-17 20:35:13 ----D---- C:\Program Files\Fichiers communs\Skype
2009-05-17 20:35:11 ----RD---- C:\Program Files\Skype
2009-05-17 20:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 2 months======

2009-07-15 20:12:14 ----D---- C:\Documents and Settings\Killian\Application Data\FileZilla
2009-07-15 20:03:39 ----D---- C:\WINDOWS\Temp
2009-07-15 20:01:26 ----D---- C:\WINDOWS\Prefetch
2009-07-15 19:42:07 ----D---- C:\WINDOWS\system32
2009-07-15 19:42:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-15 19:38:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 19:35:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-15 19:27:05 ----RD---- C:\Program Files
2009-07-15 19:07:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 19:07:08 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 16:46:00 ----D---- C:\Documents and Settings\Killian\Application Data\Adobe
2009-07-15 10:10:00 ----D---- C:\WINDOWS
2009-07-15 02:27:26 ----HD---- C:\WINDOWS\inf
2009-07-15 02:27:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 02:27:24 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 02:27:20 ----SHD---- C:\WINDOWS\Installer
2009-07-14 18:55:37 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-14 16:17:26 ----D---- C:\Documents and Settings\Killian\Application Data\uTorrent
2009-07-14 14:05:37 ----SD---- C:\WINDOWS\Tasks
2009-07-14 14:05:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 14:02:30 ----D---- C:\WINDOWS\WinSxS
2009-07-14 12:28:53 ----A---- C:\WINDOWS\Replay Converter Setup Log.txt
2009-07-14 01:11:39 ----SH---- C:\boot.ini
2009-07-14 01:11:39 ----A---- C:\WINDOWS\win.ini
2009-07-14 01:11:39 ----A---- C:\WINDOWS\system.ini
2009-07-14 01:07:51 ----D---- C:\WINDOWS\pss
2009-07-14 00:49:32 ----D---- C:\Program Files\Steam
2009-07-14 00:27:30 ----D---- C:\Program Files\Outlook Express
2009-07-14 00:27:30 ----D---- C:\Program Files\Movie Maker
2009-07-14 00:27:29 ----D---- C:\WINDOWS\system32\usmt
2009-07-14 00:15:38 ----D---- C:\WINDOWS\system32\config
2009-07-14 00:15:21 ----D---- C:\WINDOWS\system32\wbem
2009-07-14 00:15:21 ----D---- C:\WINDOWS\Registration
2009-07-14 00:14:51 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 00:14:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-14 00:13:44 ----D---- C:\WINDOWS\system32\Restore
2009-07-14 00:02:55 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-11 15:12:33 ----D---- C:\Temp
2009-07-10 22:47:43 ----D---- C:\Program Files\SeekappSrch
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-01 10:06:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-01 10:06:24 ----D---- C:\Documents and Settings\All Users\Application Data\SeekappSrch
2009-06-19 14:58:02 ----A---- C:\WINDOWS\QSync.INI
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 13:09:11 ----D---- C:\Program Files\Rockstar Games
2009-06-15 13:03:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-15 00:37:27 ----D---- C:\Program Files\EA Games
2009-06-14 16:28:36 ----D---- C:\Program Files\Activision
2009-06-11 02:09:56 ----D---- C:\Program Files\Internet Explorer
2009-06-09 09:04:22 ----D---- C:\Program Files\Winamp
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-23 15:43:43 ----D---- C:\Program Files\Fichiers communs
2009-05-18 14:59:35 ----A---- C:\WINDOWS\ULEAD32.INI
2009-05-18 12:40:20 ----D---- C:\WINDOWS\system32\DirectX
2009-05-18 12:40:08 ----RSD---- C:\WINDOWS\assembly
2009-05-16 00:17:22 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-02-22 82380]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-04-19 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-04-19 25888]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 anltrckj;anltrckj; C:\WINDOWS\system32\drivers\anltrckj.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 emuumidi;E-MU USB-MIDI Driver; C:\WINDOWS\system32\drivers\emuumidi.sys [2007-03-14 37120]
S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTV;PCTV 4XXe USB 2.0 Driver; C:\WINDOWS\system32\DRIVERS\pctv4XXe.sys [2006-05-31 327680]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USB28xxBGA;EzCAP Video Grabber; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-07-20 290688]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-10-17 6912]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-14 1029456]
S2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe [2009-06-30 54760]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-24 183112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Configuration: Windows XP
Opera 9.63

10 réponses

Réponse 1 / 10
Sam Faishier
 
Fichier Info

info.txt logfile of random's system information tool 1.06 2009-07-15 19:34:00

======Uninstall list======

-->"C:\Program Files\Creative Professional\E-MU Xboard\Program\SETUP.EXE" /S /U /W /L:FRN
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Admiral Quality Poly-Ana 1.00-->C:\Program Files\VstPlugins\Admiral Quality\UninstallPolyAna.exe
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Filter VST DX v1.0-->C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x040c -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Camel Audio Cameleon 5000 v1.7 VSTi-->C:\PROGRA~1\VSTPLU~1\CAMELE~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\CAMELE~1\INSTALL.LOG
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DSound Stomp`n FX Vol.1 v1.5-->C:\audio\dsound\UNWISE.EXE C:\audio\dsound\INSTALL.LOG
DSound Stomp'n FX Vol.2 v1.0-->C:\audio\STOMPN~1\UNWISE.EXE C:\audio\STOMPN~1\INSTALL.LOG
DVD X Player 4.0 Professional-->"C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
East West EWQLSO Gold Edition-->C:\PROGRA~1\EASTWE~1\EWQLSO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\EWQLSO~1\INSTALL.LOG
Edirol HQ Orchestral VSTi v1.03-->C:\PROGRA~1\EDIROL\ORCHES~1.03\UNWISE.EXE C:\PROGRA~1\EDIROL\ORCHES~1.03\INSTALL.LOG
Edirol SuperQuartet v1.02-->C:\PROGRA~1\EDIROL\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\EDIROL\SUPERQ~1\INSTALL.LOG
E-MU Xboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D925601D-25E3-4E95-A456-FBD8C2995289}\setup.exe" -l0x40c /remove
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EzCAP Video Grabber-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x040c -removeonly
FileZilla Client 3.0.4.1-->C:\Program Files\FileZilla Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FLOCK! Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21650
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Free FLV Converter V 6.2.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
GForce impOSCar v1.10 VSTi RTAS-->C:\PROGRA~1\GForce\impOSCar\UNINST~1\UNWISE.EXE C:\PROGRA~1\GForce\impOSCar\UNINST~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IK Multimedia Amplitube v1.3-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Image-Line PoiZone v2.1-->C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\INSTALL.LOG
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Left 4 Dead Authoring Tools Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/513
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Lounge Lizard 1.0-->C:\PROGRA~1\Aas\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\Aas\LOUNGE~1.0\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
MAGIX Films sur DVD 7 7.0.3.0 (F)-->C:\Program Files\MAGIX\Films_sur_DVD_7\unwise.exe
MAGIX Goya burnR 1.3.1.3 (F)-->C:\Program Files\MAGIX\Goya_burnR\unwise.exe
MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvel(TM) - Ultimate Alliance-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214} /l2057
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Native Instruments FM8-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
Native Instruments Kontakt 2-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Xpress Keyboards v1.0-->C:\PROGRA~1\NATIVE~1\XPRESS~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\XPRESS~1\INSTALL.LOG
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Novation Bass-Station VSTi v1.10-->C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Octopus-->C:\Program Files\VstPlugins\UninstalOctopus.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - eMPIA Technology (USB28xxBGA) Media (07/20/2006 4.6.0720.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\embda.inf
Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\emaudio.inf
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Pianoteq v2.3.0-->"C:\Program Files\Pianoteq 2.3\uninstall.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PSP 84 v1.1-->C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
PSP Audioware EasyVerb DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\EasyVerb\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\EasyVerb\INSTALL.LOG
PSP Audioware MasterQ DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\MasterQ\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MasterQ\INSTALL.LOG
PSP Audioware MixPack DX VST v1.7-->C:\PROGRA~1\PSPAUD~1\MixPack\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MixPack\INSTALL.LOG
PSP Lexicon PSP 42 v1.2-->C:\PROGRA~1\LEXICO~1\UNWISE.EXE C:\PROGRA~1\LEXICO~1\INSTALL.LOG
PSP VintageWarmer v1.5d-->C:\PROGRA~1\PSPVIN~1\UNWISE.EXE C:\PROGRA~1\PSPVIN~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
ReValver-->C:\audio\ReValver\UNWISE.EXE C:\audio\ReValver\INSTALL.LOG
rgc:audio Triangle II-->"C:\Program Files\VstPlugins\unins001.exe"
rgcAudio Pentagon I VSTi v1.0-->"C:\Program Files\VstPlugins\Vstplugins\unins000.exe"
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Rob Papen and LinPlug Albino v1.0-->C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\INSTALL.LOG
Rob Papen Blue VSTi v1.01 -->C:\PROGRA~1\VSTPLU~1\Blue\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Blue\INSTALL.LOG
Rob Papen Predator V1.1.1-->"C:\Program Files\VstPlugins\unins000.exe"
Saints Row 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9480
SampleTank 2-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Scale Changer Pro v1.1e-->C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Seekapp 1.0 build 143-->C:\Program Files\SeekappSrch\uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}
Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC}
SP 1101 Randy Running Screen Saver-->C:\WINDOWS\system32\SP 1101 Randy Running.scr /u
SP Penis Mouse Screen Saver-->C:\WINDOWS\system32\SP Penis Mouse.scr /u
SpinAudio Roomverb M2 v1.0-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg HALion v2.0-->C:\PROGRA~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HALION~1\INSTALL.LOG
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Timeworks Millenium Pack-->C:\PROGRA~1\VSTPLU~1\TIMEWO~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\TIMEWO~1\INSTALL.LOG
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
T-RackS 24-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IK Multimedia\T-RackS 24\Uninst.isu"
Trilogy-->C:\Trilogy\unins000.exe
Ulead GIF Animator 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VTFEdit 1.2.5-->"C:\Program Files\VTFEdit\unins000.exe"
WampServer 2.0-->"C:\Program Files\wamp\unins000.exe"
Warp VST V1.0-->C:\PROGRA~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\WARPVS~1.0\INSTALL.LOG
Waves 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}\setup.exe" -l0x9
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090715-0]

======System event log======

Computer Name: K-E28DB6CA3AD64
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 14769
Source Name: Service Control Manager
Time Written: 20090706104621.000000+120
Event Type: Informations
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 14768
Source Name: Service Control Manager
Time Written: 20090706104615.000000+120
Event Type: Informations
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 14767
Source Name: Service Control Manager
Time Written: 20090706104615.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: K-E28DB6CA3AD64
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination.

Record Number: 14766
Source Name: Disk
Time Written: 20090706104327.000000+120
Event Type: Avertissement
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination.

Record Number: 14765
Source Name: Disk
Time Written: 20090706104327.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: K-E28DB6CA3AD64
Event Code: 3
Message:
Record Number: 12344
Source Name: Adobe Version Cue CS3
Time Written: 20090703022233.000000+120
Event Type: erreur
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 3
Message:
Record Number: 12343
Source Name: Adobe Version Cue CS3
Time Written: 20090703022233.000000+120
Event Type: erreur
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 3
Message:
Record Number: 12342
Source Name: Adobe Version Cue CS3
Time Written: 20090703022233.000000+120
Event Type: erreur
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 3
Message:
Record Number: 12341
Source Name: Adobe Version Cue CS3
Time Written: 20090703022233.000000+120
Event Type: erreur
User:

Computer Name: K-E28DB6CA3AD64
Event Code: 3
Message:
Record Number: 12340
Source Name: Adobe Version Cue CS3
Time Written: 20090703022233.000000+120
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"VProject"=c:\program files\steam\steamapps\common\left 4 dead\left4dead
"sourcesdk"=c:\program files\steam\steamapps\common\left 4 dead

-----------------EOF-----------------
0
Réponse 2 / 10
Sam Faishier
 
Et enfin, le rapport Findykill avec tous mes DD branchés, avast et spyware désactivés et cable internet enlevé !

Alors mes deux questions sont les suivantes :
Comment supprimer définitivement nkbd1v.exe ?
Comment éviter d'avoir à faire clicdroit+explorer pour ouvrir mes DD? :)

D'avance merci à tous !

############################## | FindyKill V6.006 |

# User : Killian (Administrateurs) # K-E28DB6CA3AD64
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:03:40 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 244,14 Go (113,06 Go free) # NTFS
# D:\ # Disque fixe local # 465,65 Go (438,73 Go free) [VERBATIM] # FAT32
# E:\ # Disque fixe local # 221,62 Go (147,01 Go free) [Disque local 2] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 465,64 Go (311,97 Mo free) [Elements] # FAT32
# I:\ # Disque fixe local # 465,64 Go (137,52 Go free) [Elements] # FAT32
# J:\ # Disque CD-ROM
# P:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
R1 - HKCU\..\Main: "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache_TIMESTAMP"=hex:6a,42,e1,10,2c,e2,c9,01
R1 - HKCU\..\Main: "Start Page Redirect Cache AcceptLangs"="fr"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Killian"
F2 - HKLM\..\logon:"AltDefaultUserName"="Killian"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\Run: SearchSettings=C:\Program Files\pdfforge Toolbar\SearchSettings.exe
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: UpdReg=C:\WINDOWS\UpdReg.EXE
04 - HKLM\..\Run: ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
04 - HKLM\..\Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: CTFMON.EXE#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: H/PC Connection Agent#"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"#
04 - HKCU\..\Run: SUPERAntiSpyware#C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe#
04 - HKCU\..\Run: cdoosoft#C:\WINDOWS\system32\olhrwef.exe#
04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater##

################## | Fichiers # Dossiers infectieux |

################## | C:\Documents and Settings\Killian\Temporary Internet Files |

Présent ! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe

################## | All Drives ... |

C:\autorun.inf # -> fichier appelé : "C:\nkbd1v.exe" ( Absent ! )
Présent ! C:\autorun.inf
D:\autorun.inf # -> fichier appelé : "D:\nkbd1v.exe" ( Présent ! )
Présent ! D:\i6g6x.cmd
Présent ! D:\autorun.inf
Présent ! "D:\resycled"
E:\autorun.inf # -> fichier appelé : "E:\nkbd1v.exe" ( Absent ! )
Présent ! E:\resycled\boot.com
Présent ! E:\autorun.inf
Présent ! "E:\resycled"
H:\autorun.inf # -> fichier appelé : "H:\nkbd1v.exe" ( Présent ! )
Présent ! H:\i6g6x.cmd
Présent ! H:\resycled\boot.com
Présent ! H:\autorun.inf
Présent ! "H:\resycled"
I:\autorun.inf # -> fichier appelé : "I:\nkbd1v.exe" ( Présent ! )
Présent ! I:\i6g6x.cmd
Présent ! I:\resycled\boot.com
Présent ! I:\autorun.inf
Présent ! "I:\resycled"

################## | Registre # Clés Run infectieuses |

Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Présent ! HKU\S-1-5-21-839522115-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Présent ! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Présent ! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Présent ! HKLM\SYSTEM\ControlSet002\Services\AVPsys

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\H
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:

HKCU\..\..\Explorer\MountPoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =I:\nkbd1v.exe
Shell\open\Command =I:\nkbd1v.exe

HKCU\..\..\Explorer\MountPoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe

HKCU\..\..\Explorer\MountPoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}
Shell\AutoRun\command =D:\nkbd1v.exe
Shell\open\Command =D:\nkbd1v.exe

HKCU\..\..\Explorer\MountPoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}
Shell\AutoRun\command =K:\nkbd1v.exe
Shell\open\Command =K:\nkbd1v.exe

HKCU\..\..\Explorer\MountPoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe

HKCU\..\..\Explorer\MountPoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.006 ! |
0
Réponse 3 / 10
Youssefpro
 
dis sam, tu pourrais me dire il fais quel effet ton virus?
0
Réponse 4 / 10
Utilisateur anonyme
 
Salut ;

plusieures infection ...

! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

• Le pc va redémarrer automatiquement ...

▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Sam Faishier
 
Bonsoir!
Alors voilà voilà

Youssefpro, difficile de te dire. A la base c'est surtout un Trojan qui "trouve" tes identifiants et mdp pour les jeux en ligne. En l'occurence j'ai Avast qui m'affichait ça depuis que je joue à Wow. (genre par crise, où toutes les deux secondes il réapparait en disant "ya un trojan" "ya un trojan"!)

Au delà de ça ... j'avais en même temps des blèmes à ouvrir mes DD. Obligé de faire clic droit explorer.
Apparemment c'était relié ... au vu de ce qui a été supprimé dans ce rapport.

Chiquitine29, Merci beaucoup pour ton explication de manip!
ça a suppr pas mal de choses ... voici le rapport final :

############################## | FindyKill V6.006 |

# User : Killian (Administrateurs) # K-E28DB6CA3AD64
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 21:24:28 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 244,14 Go (113,07 Go free) # NTFS
# D:\ # Disque fixe local # 465,65 Go (438,73 Go free) [VERBATIM] # FAT32
# E:\ # Disque fixe local # 221,62 Go (147,01 Go free) [Disque local 2] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque fixe local # 465,64 Go (311,97 Mo free) [Elements] # FAT32
# I:\ # Disque fixe local # 465,64 Go (137,52 Go free) [Elements] # FAT32
# K:\ # Disque amovible # 3,62 Go (50,29 Mo free) [K'S IPOD] # FAT32
# P:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

################## | C:\Documents and Settings\Killian\Temporary Internet Files |

Supprimé ! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe

################## | All Drives ... |

C:\autorun.inf # -> fichier appelé : "C:\nkbd1v.exe" ( Absent ! )
Supprimé ! C:\autorun.inf
D:\autorun.inf # -> fichier appelé : "D:\nkbd1v.exe" ( Présent ! )
Supprimé ! -> D:\nkbd1v.exe
Supprimé ! D:\i6g6x.cmd
Supprimé ! D:\autorun.inf
Supprimé ! D:\resycled
E:\autorun.inf # -> fichier appelé : "E:\nkbd1v.exe" ( Absent ! )
Supprimé ! E:\resycled\boot.com
Supprimé ! E:\autorun.inf
Supprimé ! E:\resycled
H:\autorun.inf # -> fichier appelé : "H:\nkbd1v.exe" ( Présent ! )
Supprimé ! -> H:\nkbd1v.exe
Supprimé ! H:\i6g6x.cmd
Supprimé ! H:\resycled\boot.com
Supprimé ! H:\autorun.inf
Supprimé ! H:\resycled
I:\autorun.inf # -> fichier appelé : "I:\nkbd1v.exe" ( Présent ! )
Supprimé ! -> I:\nkbd1v.exe
Supprimé ! I:\i6g6x.cmd
Supprimé ! I:\resycled\boot.com
Supprimé ! I:\autorun.inf
Supprimé ! I:\resycled
################## | Autres ... |

################## | Registre # Clés Run infectieuses |

Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Supprimé ! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Supprimé ! HKLM\SYSTEM\ControlSet002\Services\AVPsys

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[15/07/2009 21:16|--a------|1877] - C:\aaw7boot.log
[17/02/2009 22:00|--a------|0] - C:\AUTOEXEC.BAT
[14/07/2009 01:11|---hs----|216] - C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
[17/02/2009 22:00|--a------|0] - C:\CONFIG.SYS
[29/05/2009 03:28|--a------|3532] - C:\drmHeader.bin
[14/07/2009 16:03|--a------|0] - C:\dxva.log
[15/07/2009 21:56|--a------|4284] - C:\FindyKill.txt
[15/07/2009 19:00|--a------|528] - C:\hpfr3420.xml
[15/07/2009 19:00|--a------|90670] - C:\hpfr3425.log
[17/02/2009 22:00|-rahs----|0] - C:\IO.SYS
[28/03/2009 16:25|--a------|5060] - C:\LgDSetup.log
[28/03/2009 16:23|--a------|183] - C:\LogiSetup.log
[17/02/2009 22:00|-rahs----|0] - C:\MSDOS.SYS
[28/03/2009 16:58|--a------|102708] - C:\MSIInstall.log
[14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] - C:\ntldr
[29/02/2004 17:44|--a------|52576] - C:\orange.bmp
[?|?|?] - C:\pagefile.sys
[17/02/2009 22:35|--a------|522] - C:\RHDSetup.log
[26/03/2009 02:50|--a------|7847855] - C:\the_freezas_europe_you_rock.mp3
[26/04/2009 12:59|--a------|498446] - C:\vcredist_x86.log
[14/07/2009 16:03|--a------|9] - C:\VO.log
[02/03/2009 17:41|--a------|57649528] - D:\The Freezas Mix - 02-03-2009.mp3
[02/03/2009 20:10|--a------|131214524] - D:\The Freezas Mix - 02-03-2009 2.mp3
[11/03/2009 16:34|--ahs----|3072] - D:\Thumbs.db
[10/07/2009 14:47|--a------|321358892] - D:\0006 2-rec.wav
[12/07/2009 21:36|--a------|984] - H:\playlist.html
[12/07/2009 21:34|--a------|1024] - H:\playlist2.html
[26/05/2008 21:48|---hs----|7168] - H:\Thumbs.db
[03/04/2008 14:15|--a------|133041] - I:\cosmogrizzmine.JPG
[29/03/2009 23:46|--ahs----|5632] - I:\Thumbs.db
[03/02/2009 14:07|--a------|25256] - I:\VirtualDJ Local Database v5.xml
[05/01/2002 03:38|--a------|54784] - I:\msvci70.dll
[18/03/2000 17:58|---------|0] - K:\.metadata_never_index
[12/07/2009 14:14|--ah-----|4096] - K:\._.Trashes
[12/07/2009 14:14|--ah-----|4096] - K:\._iPod_Control
[12/07/2009 14:14|--ah-----|34201] - K:\.VolumeIcon.icns
[12/07/2009 14:14|--ah-----|4096] - K:\._.VolumeIcon.icns
[12/07/2009 14:14|--ah-----|4096] - K:\._?

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# I:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# K:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.006 ! |
0
Réponse 6 / 10
Utilisateur anonyme
 
Telecharge malwarebytes
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 7 / 10
Sam Faishier
 
Merci !

Bon ... alors que j'pensais que les choses se réglaient .... ya eu du nouveau.

Je suis perdu :(
J'ai tout fait comme il fallait et là, pendant que Malwarebytes fait son boulot, avast me ressort sans cesse qu'il le trouve ici :

C:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\rp245\A0063782.exe
Toujours Win32:Kamso [Trj]

Je suppr je suppr ...
0
Réponse 8 / 10
Sam Faishier
 
Bon ... ça a TOUT analysé ...
Supprimant deux ptits restants à deux endroits.

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 3

16/07/2009 01:24:54
mbam-log-2009-07-16 (01-24-50).txt

Type de recherche: Examen complet (C:\|D:\|E:\|H:\|I:\|K:\|)
Eléments examinés: 493478
Temps écoulé: 1 hour(s), 33 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
d:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\RP215\A0059474.exe (Trojan.Downloader) -> No action taken.
i:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\RP249\A0068454.cmd (Spyware.OnlineGames) -> No action taken.

Ce devrait le faire nan?
En tout cas un énoOoOrme merci!

J'vous tiens au courant si la manip a marché ou pas, soit l'absence d'alerte avast demain :)
0
Réponse 9 / 10
Utilisateur anonyme
 
• Télécharge Lop S&D.exe sur ton Bureau .

• Double-clique dessus pour lancer l'installation

• Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

• Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

• Patiente jusqu'à la fin du scan

• Poste le rapport généré (C:\lopR.txt)
0
Réponse 10 / 10
Sam Faishier
 
Salut!
Bon apparemment pas d'alerte avast aujourd'hui, donc c'est cool, CA MARCHE! :)

Anyway voici le rapport Lop S&D
Marrant, il me signale une chanson d'eminem en .wma comme crack ou keygen

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : BIOS Date: 06/12/08 00:26:51 Ver: 08.00.14
USER : Killian ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090716-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:244 Go (Free:119 Go)
E:\ (Local Disk) - NTFS - Total:221 Go (Free:147 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total:465 Go (Free:3 Go)
I:\ (Local Disk) - FAT32 - Total:465 Go (Free:132 Go)
K:\ (USB) - FAT32 - Total:3704 Mo (Free:0 Go)
P:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 16/07/2009|11:00 )

--------------------\\ Listing des dossiers dans APPLIC~1

[27/02/2009|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[14/07/2009|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[18/03/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/02/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
[27/02/2009|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[26/04/2009|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/04/2009|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[20/03/2009|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BCR
[23/05/2009|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[19/04/2009|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
[18/02/2009|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[14/06/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
[22/02/2009|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[26/04/2009|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[14/07/2009|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[18/02/2009|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[30/04/2009|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[25/02/2009|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[28/02/2009|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[14/07/2009|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/07/2009|00:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[18/02/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[28/02/2009|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[05/03/2009|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[01/07/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekappSrch
[17/05/2009|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[22/03/2009|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[18/04/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[26/02/2009|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[17/02/2009|22:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[24/02/2009|15:46] C:\DOCUME~1\Eliane\APPLIC~1\Adobe
[24/02/2009|15:43] C:\DOCUME~1\Eliane\APPLIC~1\Identities
[29/05/2009|19:34] C:\DOCUME~1\Eliane\APPLIC~1\Microsoft
[24/02/2009|15:45] C:\DOCUME~1\Eliane\APPLIC~1\Opera

[24/05/2009|12:05] C:\DOCUME~1\Killian\APPLIC~1\Acreon
[02/05/2009|15:02] C:\DOCUME~1\Killian\APPLIC~1\Activision
[16/07/2009|02:15] C:\DOCUME~1\Killian\APPLIC~1\Adobe
[28/02/2009|12:54] C:\DOCUME~1\Killian\APPLIC~1\Apple Computer
[18/02/2009|14:26] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools
[20/02/2009|02:55] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools Lite
[18/02/2009|14:26] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools Pro
[19/02/2009|03:07] C:\DOCUME~1\Killian\APPLIC~1\DivX
[28/04/2009|11:15] C:\DOCUME~1\Killian\APPLIC~1\dvdcss
[15/07/2009|20:20] C:\DOCUME~1\Killian\APPLIC~1\FileZilla
[01/03/2009|01:25] C:\DOCUME~1\Killian\APPLIC~1\GetRightToGo
[22/02/2009|01:58] C:\DOCUME~1\Killian\APPLIC~1\Hewlett-Packard
[17/02/2009|22:04] C:\DOCUME~1\Killian\APPLIC~1\Identities
[28/02/2009|19:19] C:\DOCUME~1\Killian\APPLIC~1\InstallShield
[26/04/2009|13:43] C:\DOCUME~1\Killian\APPLIC~1\InterVideo
[24/02/2009|02:01] C:\DOCUME~1\Killian\APPLIC~1\Leadertech
[25/02/2009|03:42] C:\DOCUME~1\Killian\APPLIC~1\Macromedia
[14/07/2009|09:43] C:\DOCUME~1\Killian\APPLIC~1\Malwarebytes
[08/06/2009|13:55] C:\DOCUME~1\Killian\APPLIC~1\Megaupload
[14/04/2009|00:56] C:\DOCUME~1\Killian\APPLIC~1\Microsoft
[26/02/2009|01:27] C:\DOCUME~1\Killian\APPLIC~1\Mozilla
[18/02/2009|18:09] C:\DOCUME~1\Killian\APPLIC~1\Nero
[07/04/2009|14:03] C:\DOCUME~1\Killian\APPLIC~1\Notepad++
[18/02/2009|02:43] C:\DOCUME~1\Killian\APPLIC~1\Opera
[08/03/2009|02:49] C:\DOCUME~1\Killian\APPLIC~1\pdfforge
[05/03/2009|13:07] C:\DOCUME~1\Killian\APPLIC~1\Propellerhead Software
[24/02/2009|11:56] C:\DOCUME~1\Killian\APPLIC~1\Publish Providers
[08/03/2009|02:49] C:\DOCUME~1\Killian\APPLIC~1\Search Settings
[18/02/2009|12:13] C:\DOCUME~1\Killian\APPLIC~1\SecuROM
[14/07/2009|00:42] C:\DOCUME~1\Killian\APPLIC~1\Skype
[14/07/2009|00:09] C:\DOCUME~1\Killian\APPLIC~1\skypePM
[26/02/2009|00:38] C:\DOCUME~1\Killian\APPLIC~1\Sony
[24/03/2009|13:26] C:\DOCUME~1\Killian\APPLIC~1\Steinberg
[14/07/2009|18:55] C:\DOCUME~1\Killian\APPLIC~1\SUPERAntiSpyware.com
[19/02/2009|11:48] C:\DOCUME~1\Killian\APPLIC~1\Syntrillium
[10/05/2009|19:39] C:\DOCUME~1\Killian\APPLIC~1\TeamViewer
[14/07/2009|16:17] C:\DOCUME~1\Killian\APPLIC~1\uTorrent
[26/04/2009|14:06] C:\DOCUME~1\Killian\APPLIC~1\vlc
[20/02/2009|12:35] C:\DOCUME~1\Killian\APPLIC~1\Waves Audio
[01/04/2009|00:38] C:\DOCUME~1\Killian\APPLIC~1\Winamp
[18/02/2009|03:23] C:\DOCUME~1\Killian\APPLIC~1\WinRAR

[17/02/2009|22:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[17/02/2009|22:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[14/07/2009 14:05][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[25/05/2009 01:41][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1235260653.job
[16/07/2009 09:28][--ah-----] C:\WINDOWS\tasks\SA.DAT
[14/04/2008 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[18/03/2009|17:30] C:\Program Files\505games
[05/03/2009|12:48] C:\Program Files\Aas
[14/06/2009|16:28] C:\Program Files\Activision
[18/03/2009|17:40] C:\Program Files\Adobe
[20/02/2009|10:36] C:\Program Files\AGEIA Technologies
[03/04/2009|00:00] C:\Program Files\Alcohol Soft
[20/02/2009|10:51] C:\Program Files\Alwil Software
[21/03/2009|10:05] C:\Program Files\Ant Renamer
[20/02/2009|12:50] C:\Program Files\Antares
[24/03/2009|00:16] C:\Program Files\Antares Audio Technologies
[27/02/2009|14:05] C:\Program Files\Apple Software Update
[20/02/2009|11:23] C:\Program Files\ASUS
[28/04/2009|11:35] C:\Program Files\AviSynth 2.5
[26/04/2009|11:55] C:\Program Files\AVS4YOU
[07/04/2009|13:53] C:\Program Files\Bonjour
[22/03/2009|19:31] C:\Program Files\CamStudio
[20/03/2009|18:28] C:\Program Files\Capcom
[17/02/2009|21:58] C:\Program Files\ComPlus Applications
[05/03/2009|16:21] C:\Program Files\coolpro2
[15/03/2009|12:32] C:\Program Files\Creative
[15/03/2009|12:32] C:\Program Files\Creative Professional
[18/02/2009|14:25] C:\Program Files\DAEMON Tools Lite
[28/02/2009|19:20] C:\Program Files\DIFX
[28/03/2009|16:25] C:\Program Files\directx
[22/02/2009|21:26] C:\Program Files\DivX
[26/04/2009|14:33] C:\Program Files\DVD X Studios
[15/06/2009|00:37] C:\Program Files\EA Games
[20/02/2009|12:31] C:\Program Files\East West
[05/03/2009|12:47] C:\Program Files\EDIROL
[28/04/2009|11:35] C:\Program Files\eRightSoft
[15/03/2009|14:53] C:\Program Files\F.E.A.R. 2
[23/05/2009|15:43] C:\Program Files\Fichiers communs
[18/02/2009|14:01] C:\Program Files\FileZilla Client
[01/03/2009|23:59] C:\Program Files\Free FLV Converter
[17/02/2009|22:49] C:\Program Files\Free.fr
[20/02/2009|12:34] C:\Program Files\GForce
[22/02/2009|01:57] C:\Program Files\Hewlett-Packard
[14/07/2009|00:56] C:\Program Files\iColorFolder
[08/03/2009|01:00] C:\Program Files\IK Multimedia
[19/02/2009|12:42] C:\Program Files\Image-Line
[15/06/2009|13:03] C:\Program Files\InstallShield Installation Information
[17/02/2009|22:12] C:\Program Files\Intel
[11/06/2009|02:09] C:\Program Files\Internet Explorer
[27/02/2009|14:06] C:\Program Files\iPod
[27/02/2009|14:06] C:\Program Files\iTunes
[14/07/2009|14:02] C:\Program Files\Lavasoft
[05/03/2009|13:16] C:\Program Files\Lexicon PSP42
[28/03/2009|17:08] C:\Program Files\Logitech
[30/04/2009|15:45] C:\Program Files\ma-config.com
[25/02/2009|01:48] C:\Program Files\Macromedia
[28/02/2009|19:09] C:\Program Files\MAGIX
[14/07/2009|09:43] C:\Program Files\Malwarebytes' Anti-Malware
[17/02/2009|22:39] C:\Program Files\Marvell
[08/06/2009|13:31] C:\Program Files\Megaupload
[18/02/2009|01:56] C:\Program Files\Messenger
[14/07/2009|00:14] C:\Program Files\Microsoft
[14/04/2009|00:43] C:\Program Files\Microsoft ActiveSync
[23/02/2009|04:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/02/2009|22:00] C:\Program Files\microsoft frontpage
[18/02/2009|12:23] C:\Program Files\Microsoft Games for Windows - LIVE
[17/04/2009|12:09] C:\Program Files\Microsoft Office
[22/04/2009|18:29] C:\Program Files\Microsoft Silverlight
[24/02/2009|11:54] C:\Program Files\Microsoft SQL Server
[19/02/2009|14:49] C:\Program Files\Microsoft.NET
[02/03/2009|11:39] C:\Program Files\MixMeister BPM Analyzer
[14/07/2009|00:27] C:\Program Files\Movie Maker
[01/07/2009|10:06] C:\Program Files\Mozilla Firefox
[18/02/2009|10:53] C:\Program Files\MSBuild
[17/02/2009|21:57] C:\Program Files\MSN
[17/02/2009|21:58] C:\Program Files\MSN Gaming Zone
[19/02/2009|04:00] C:\Program Files\MSXML 4.0
[15/03/2009|13:12] C:\Program Files\Native Instruments
[18/02/2009|17:52] C:\Program Files\Nero
[17/02/2009|21:59] C:\Program Files\NetMeeting
[07/04/2009|14:02] C:\Program Files\Notepad++
[17/02/2009|21:58] C:\Program Files\Online Services
[20/03/2009|18:28] C:\Program Files\OpenAL
[18/02/2009|02:42] C:\Program Files\Opera
[14/07/2009|00:27] C:\Program Files\Outlook Express
[19/02/2009|12:42] C:\Program Files\Outsim
[03/03/2009|18:08] C:\Program Files\PDFCreator
[03/03/2009|18:03] C:\Program Files\pdfforge Toolbar
[20/02/2009|02:11] C:\Program Files\Pianoteq 2.3
[28/02/2009|19:01] C:\Program Files\Pinnacle
[05/03/2009|13:07] C:\Program Files\Propellerhead
[05/03/2009|13:14] C:\Program Files\PSP 84
[05/03/2009|13:15] C:\Program Files\PSP Audioware
[05/03/2009|13:17] C:\Program Files\PSP VintageWarmer
[27/02/2009|14:06] C:\Program Files\QuickTime
[17/02/2009|22:35] C:\Program Files\Realtek
[18/02/2009|10:51] C:\Program Files\Reference Assemblies
[14/04/2009|00:43] C:\Program Files\Ressources Windows Mobile
[15/06/2009|13:09] C:\Program Files\Rockstar Games
[22/02/2009|21:29] C:\Program Files\RomStation
[20/02/2009|03:53] C:\Program Files\Saints Row 2
[05/03/2009|12:28] C:\Program Files\SampleTank 2
[10/07/2009|22:47] C:\Program Files\SeekappSrch
[17/02/2009|22:00] C:\Program Files\Services en ligne
[17/05/2009|20:35] C:\Program Files\Skype
[22/03/2009|13:36] C:\Program Files\Sony
[24/02/2009|11:52] C:\Program Files\Sony Setup
[05/03/2009|14:03] C:\Program Files\Spectrasonics
[05/03/2009|13:17] C:\Program Files\Spin Audio
[14/07/2009|00:49] C:\Program Files\Steam
[02/04/2009|13:12] C:\Program Files\Steinberg
[14/07/2009|18:55] C:\Program Files\SUPERAntiSpyware
[10/05/2009|19:01] C:\Program Files\TeamViewer
[15/07/2009|19:27] C:\Program Files\Trend Micro
[05/03/2009|03:22] C:\Program Files\u-he
[08/03/2009|15:14] C:\Program Files\Ulead Systems
[17/02/2009|22:04] C:\Program Files\Uninstall Information
[28/02/2009|19:20] C:\Program Files\USB TV
[13/03/2009|18:52] C:\Program Files\VideoLAN
[27/02/2009|12:36] C:\Program Files\VLCPortable
[26/03/2009|01:19] C:\Program Files\VOB
[02/04/2009|15:03] C:\Program Files\VstPlugins
[15/04/2009|01:18] C:\Program Files\VTFEdit
[02/05/2009|13:43] C:\Program Files\wamp
[05/03/2009|13:21] C:\Program Files\Waves
[09/06/2009|09:04] C:\Program Files\Winamp
[14/07/2009|00:14] C:\Program Files\Windows Live
[18/02/2009|03:04] C:\Program Files\Windows Live SkyDrive
[14/07/2009|00:14] C:\Program Files\Windows Live(2)
[28/03/2009|16:38] C:\Program Files\Windows Media Components
[26/02/2009|02:16] C:\Program Files\Windows Media Connect 2
[26/02/2009|02:37] C:\Program Files\Windows Media Player
[17/02/2009|21:57] C:\Program Files\Windows NT
[18/02/2009|17:52] C:\Program Files\Windows Sidebar
[17/02/2009|22:00] C:\Program Files\WindowsUpdate
[18/02/2009|02:19] C:\Program Files\WinRAR
[15/06/2009|14:12] C:\Program Files\World Of Warcraft
[17/02/2009|22:00] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[03/03/2009|22:56] C:\Program Files\Fichiers communs\Adobe
[18/03/2009|17:40] C:\Program Files\Fichiers communs\Adobe AIR
[27/02/2009|14:06] C:\Program Files\Fichiers communs\Apple
[26/04/2009|11:55] C:\Program Files\Fichiers communs\AVSMedia
[15/06/2009|22:13] C:\Program Files\Fichiers communs\Blizzard Entertainment
[19/02/2009|14:49] C:\Program Files\Fichiers communs\DESIGNER
[20/02/2009|02:10] C:\Program Files\Fichiers communs\digidesign
[22/02/2009|01:53] C:\Program Files\Fichiers communs\Hewlett-Packard
[26/04/2009|13:36] C:\Program Files\Fichiers communs\InstallShield
[22/02/2009|01:47] C:\Program Files\Fichiers communs\Logitech
[25/02/2009|01:49] C:\Program Files\Fichiers communs\Macromedia
[22/02/2009|21:47] C:\Program Files\Fichiers communs\Macrovision Shared
[28/02/2009|19:08] C:\Program Files\Fichiers communs\MAGIX Shared
[14/07/2009|00:02] C:\Program Files\Fichiers communs\Microsoft Shared
[17/02/2009|21:59] C:\Program Files\Fichiers communs\MSSoap
[20/02/2009|02:26] C:\Program Files\Fichiers communs\Native Instruments
[18/02/2009|18:01] C:\Program Files\Fichiers communs\Nero
[17/02/2009|22:30] C:\Program Files\Fichiers communs\ODBC
[28/03/2009|17:05] C:\Program Files\Fichiers communs\Real
[17/02/2009|21:59] C:\Program Files\Fichiers communs\Services
[17/05/2009|20:35] C:\Program Files\Fichiers communs\Skype
[17/02/2009|22:30] C:\Program Files\Fichiers communs\SpeechEngines
[17/04/2009|12:09] C:\Program Files\Fichiers communs\System
[26/04/2009|13:41] C:\Program Files\Fichiers communs\Ulead
[18/02/2009|02:58] C:\Program Files\Fichiers communs\Windows Live
[14/07/2009|18:55] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 47 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Killian\LOCALS~1\Temp\nsm31.tmp
C:\DOCUME~1\Killian\LOCALS~1\Temp\nss5.tmp
C:\DOCUME~1\Killian\Cookies\killian@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 11:01:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Killian\Mes documents\Ma musique\Eminem\Relapse\18 Crack a Bottle.wma

[F:43][D:204]-> C:\DOCUME~1\Killian\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\Killian\Cookies
[F:175][D:17]-> C:\DOCUME~1\Killian\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/07/2009|10:15 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/07/2009|10:46 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - 16/07/2009|11:03 - Option : [1]

--------------------\\ Fin du rapport a 11:03:15
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
PUA:Win32/InstallCore detecté par windows sécurité
thetib -
bazfile -

11 réponses