WIN32 KAMSO ²

Sam Faishier -  
 Sam Faishier -
Bonjour tous!

Alors v'la ça fait deux jours qu'Avast me dit qu'il y a dans mes DD ... X:\nkbd1v.exe dont le nom est Win32:Kamso [Trj].

Instinctivement j'ai fait supprimer comme ça réapparaissait tout le temps mais maintenant je suis obligé de faire Clicdroit+explorer pour aller dans mes durs :(

Anyway, en suivant les manip expliquées sur l'autre topic, voici ce que j'obtiens de Rsit APRES install de Hijack this.

Fichier Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Killian at 2009-07-15 20:18:59
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 116 GB (46%) free of 250 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:00, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\FileZilla Client\filezilla.exe
C:\Documents and Settings\Killian\Mes documents\Mes téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Killian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--
End of file - 9501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1235260653.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-04-24 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-14 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe [2003-09-26 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2003-09-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Films_sur_DVD_7\TrayServer.exe [2008-01-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\SteamApps\common\saints row 2\SR2_pc.exe"="C:\Program Files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2"
"C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe"="C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\WINDOWS\Temp\~os9.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Steam\SteamApps\common\flock demo\Flock.exe"="C:\Program Files\Steam\SteamApps\common\flock demo\Flock.exe:*:Enabled:FLOCK! Demo"
"C:\WINDOWS\Temp\~os325.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os325.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\RelevantKnowledge\rlvknlg.exe"="C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}]
shell\AutoRun\command - I:\nkbd1v.exe
shell\open\command - I:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}]
shell\AutoRun\command - D:\nkbd1v.exe
shell\open\command - D:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}]
shell\AutoRun\command - K:\nkbd1v.exe
shell\open\command - K:\nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}]
shell\AutoRun\command - nkbd1v.exe
shell\open\command - nkbd1v.exe

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2009-07-15 20:01:24 ----A---- C:\FindyKill.txt
2009-07-15 20:00:50 ----D---- C:\FindyKill
2009-07-15 19:33:58 ----D---- C:\rsit
2009-07-15 19:27:05 ----D---- C:\Program Files\Trend Micro
2009-07-15 02:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 02:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 02:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 18:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-14 18:55:52 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-14 18:55:52 ----D---- C:\Documents and Settings\Killian\Application Data\SUPERAntiSpyware.com
2009-07-14 18:30:27 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-14 14:02:37 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-14 14:02:34 ----D---- C:\Program Files\Lavasoft
2009-07-14 14:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-14 09:43:10 ----D---- C:\Documents and Settings\Killian\Application Data\Malwarebytes
2009-07-14 09:43:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 09:43:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 00:56:29 ----D---- C:\Program Files\iColorFolder
2009-07-14 00:14:34 ----D---- C:\Program Files\Microsoft
2009-07-14 00:14:32 ----D---- C:\Program Files\Windows Live
2009-07-14 00:07:57 ----A---- C:\WINDOWS\system32\nsr1A7.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsv1A0.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsr1A5.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsq1A2.tmp
2009-07-14 00:07:56 ----A---- C:\WINDOWS\system32\nsb1A3.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsu19A.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsu198.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsk19E.tmp
2009-07-14 00:07:55 ----A---- C:\WINDOWS\system32\nsf19C.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsy194.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsx190.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nss192.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsj196.tmp
2009-07-14 00:07:54 ----A---- C:\WINDOWS\system32\nsc18E.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsw18A.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsr18C.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsq188.tmp
2009-07-14 00:07:53 ----A---- C:\WINDOWS\system32\nsl186.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsu180.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsf184.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nse17E.tmp
2009-07-14 00:07:52 ----A---- C:\WINDOWS\system32\nsa182.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nst17C.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nso17A.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\system32\nsn178.tmp
2009-07-14 00:07:51 ----A---- C:\WINDOWS\nsx176.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsx174.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsw172.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsw16E.tmp
2009-07-14 00:07:50 ----A---- C:\WINDOWS\system32\nsm170.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsv16C.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsv168.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\system32\nsk166.tmp
2009-07-14 00:07:49 ----A---- C:\WINDOWS\nsa16A.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsy15E.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsj164.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nse162.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsd160.tmp
2009-07-14 00:07:48 ----A---- C:\WINDOWS\system32\nsd15C.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsx159.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsr157.tmp
2009-07-14 00:07:47 ----A---- C:\WINDOWS\system32\nsi15A.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsv153.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsv151.tmp
2009-07-14 00:07:46 ----A---- C:\WINDOWS\system32\nsl155.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsz14D.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsz14B.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsy149.tmp
2009-07-14 00:07:45 ----A---- C:\WINDOWS\system32\nsy147.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nss143.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nsm141.tmp
2009-07-14 00:07:44 ----A---- C:\WINDOWS\system32\nsd145.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsr13D.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsq137.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\system32\nsb13B.tmp
2009-07-14 00:07:43 ----A---- C:\WINDOWS\nsg139.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsz133.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsv135.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nsj12F.tmp
2009-07-14 00:07:42 ----A---- C:\WINDOWS\system32\nse131.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsy12B.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsy129.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsx127.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsj12D.tmp
2009-07-14 00:07:41 ----A---- C:\WINDOWS\system32\nsc125.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsm121.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsh123.tmp
2009-07-14 00:07:40 ----A---- C:\WINDOWS\system32\nsb11F.tmp
2009-07-14 00:02:34 ----D---- C:\Program Files\Windows Live(2)
2009-07-13 21:16:52 ----SHD---- C:\Config.Msi
2009-06-15 13:45:42 ----D---- C:\Program Files\World Of Warcraft
2009-06-14 19:07:32 ----D---- C:\WINDOWS\system32\SP Penis Mouse dir
2009-06-14 19:05:00 ----D---- C:\WINDOWS\system32\SP 1101 Randy Running dir
2009-06-14 17:49:54 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-06-14 17:35:00 ----D---- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-06-12 00:58:52 ----A---- C:\WINDOWS\MegaManager.INI
2009-06-11 02:09:52 ----D---- C:\WINDOWS\ie8updates
2009-06-11 02:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 02:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 02:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 02:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 13:55:16 ----D---- C:\Documents and Settings\Killian\Application Data\Megaupload
2009-06-08 13:31:42 ----D---- C:\Program Files\Megaupload
2009-05-29 01:05:52 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-05-24 12:05:26 ----D---- C:\Documents and Settings\Killian\Application Data\Acreon
2009-05-23 15:48:39 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-05-23 15:43:43 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment
2009-05-18 12:39:47 ----D---- C:\WINDOWS\64F6748976BB4CDDA236F954BE774B35.TMP
2009-05-17 20:36:22 ----D---- C:\Documents and Settings\Killian\Application Data\skypePM
2009-05-17 20:35:24 ----D---- C:\Documents and Settings\Killian\Application Data\Skype
2009-05-17 20:35:13 ----D---- C:\Program Files\Fichiers communs\Skype
2009-05-17 20:35:11 ----RD---- C:\Program Files\Skype
2009-05-17 20:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 2 months======

2009-07-15 20:12:14 ----D---- C:\Documents and Settings\Killian\Application Data\FileZilla
2009-07-15 20:03:39 ----D---- C:\WINDOWS\Temp
2009-07-15 20:01:26 ----D---- C:\WINDOWS\Prefetch
2009-07-15 19:42:07 ----D---- C:\WINDOWS\system32
2009-07-15 19:42:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-15 19:38:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 19:35:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-15 19:27:05 ----RD---- C:\Program Files
2009-07-15 19:07:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 19:07:08 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 16:46:00 ----D---- C:\Documents and Settings\Killian\Application Data\Adobe
2009-07-15 10:10:00 ----D---- C:\WINDOWS
2009-07-15 02:27:26 ----HD---- C:\WINDOWS\inf
2009-07-15 02:27:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 02:27:24 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 02:27:20 ----SHD---- C:\WINDOWS\Installer
2009-07-14 18:55:37 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-14 16:17:26 ----D---- C:\Documents and Settings\Killian\Application Data\uTorrent
2009-07-14 14:05:37 ----SD---- C:\WINDOWS\Tasks
2009-07-14 14:05:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 14:02:30 ----D---- C:\WINDOWS\WinSxS
2009-07-14 12:28:53 ----A---- C:\WINDOWS\Replay Converter Setup Log.txt
2009-07-14 01:11:39 ----SH---- C:\boot.ini
2009-07-14 01:11:39 ----A---- C:\WINDOWS\win.ini
2009-07-14 01:11:39 ----A---- C:\WINDOWS\system.ini
2009-07-14 01:07:51 ----D---- C:\WINDOWS\pss
2009-07-14 00:49:32 ----D---- C:\Program Files\Steam
2009-07-14 00:27:30 ----D---- C:\Program Files\Outlook Express
2009-07-14 00:27:30 ----D---- C:\Program Files\Movie Maker
2009-07-14 00:27:29 ----D---- C:\WINDOWS\system32\usmt
2009-07-14 00:15:38 ----D---- C:\WINDOWS\system32\config
2009-07-14 00:15:21 ----D---- C:\WINDOWS\system32\wbem
2009-07-14 00:15:21 ----D---- C:\WINDOWS\Registration
2009-07-14 00:14:51 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 00:14:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-14 00:13:44 ----D---- C:\WINDOWS\system32\Restore
2009-07-14 00:02:55 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-11 15:12:33 ----D---- C:\Temp
2009-07-10 22:47:43 ----D---- C:\Program Files\SeekappSrch
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-01 10:06:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-01 10:06:24 ----D---- C:\Documents and Settings\All Users\Application Data\SeekappSrch
2009-06-19 14:58:02 ----A---- C:\WINDOWS\QSync.INI
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 13:09:11 ----D---- C:\Program Files\Rockstar Games
2009-06-15 13:03:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-15 00:37:27 ----D---- C:\Program Files\EA Games
2009-06-14 16:28:36 ----D---- C:\Program Files\Activision
2009-06-11 02:09:56 ----D---- C:\Program Files\Internet Explorer
2009-06-09 09:04:22 ----D---- C:\Program Files\Winamp
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-23 15:43:43 ----D---- C:\Program Files\Fichiers communs
2009-05-18 14:59:35 ----A---- C:\WINDOWS\ULEAD32.INI
2009-05-18 12:40:20 ----D---- C:\WINDOWS\system32\DirectX
2009-05-18 12:40:08 ----RSD---- C:\WINDOWS\assembly
2009-05-16 00:17:22 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-02-22 82380]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-04-19 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-04-19 25888]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 anltrckj;anltrckj; C:\WINDOWS\system32\drivers\anltrckj.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 emuumidi;E-MU USB-MIDI Driver; C:\WINDOWS\system32\drivers\emuumidi.sys [2007-03-14 37120]
S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTV;PCTV 4XXe USB 2.0 Driver; C:\WINDOWS\system32\DRIVERS\pctv4XXe.sys [2006-05-31 327680]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USB28xxBGA;EzCAP Video Grabber; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-07-20 290688]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-10-17 6912]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-14 1029456]
S2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp143.exe [2009-06-30 54760]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-24 183112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Configuration: Windows XP
Opera 9.63

10 réponses

  1. Sam Faishier
     
    Fichier Info

    info.txt logfile of random's system information tool 1.06 2009-07-15 19:34:00

    ======Uninstall list======

    -->"C:\Program Files\Creative Professional\E-MU Xboard\Program\SETUP.EXE" /S /U /W /L:FRN
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c /remove
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
    Admiral Quality Poly-Ana 1.00-->C:\Program Files\VstPlugins\Admiral Quality\UninstallPolyAna.exe
    Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
    Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
    Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
    Antares Filter VST DX v1.0-->C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Application Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x040c -removeonly
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Camel Audio Cameleon 5000 v1.7 VSTi-->C:\PROGRA~1\VSTPLU~1\CAMELE~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\CAMELE~1\INSTALL.LOG
    CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DSound Stomp`n FX Vol.1 v1.5-->C:\audio\dsound\UNWISE.EXE C:\audio\dsound\INSTALL.LOG
    DSound Stomp'n FX Vol.2 v1.0-->C:\audio\STOMPN~1\UNWISE.EXE C:\audio\STOMPN~1\INSTALL.LOG
    DVD X Player 4.0 Professional-->"C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
    East West EWQLSO Gold Edition-->C:\PROGRA~1\EASTWE~1\EWQLSO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\EWQLSO~1\INSTALL.LOG
    Edirol HQ Orchestral VSTi v1.03-->C:\PROGRA~1\EDIROL\ORCHES~1.03\UNWISE.EXE C:\PROGRA~1\EDIROL\ORCHES~1.03\INSTALL.LOG
    Edirol SuperQuartet v1.02-->C:\PROGRA~1\EDIROL\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\EDIROL\SUPERQ~1\INSTALL.LOG
    E-MU Xboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D925601D-25E3-4E95-A456-FBD8C2995289}\setup.exe" -l0x40c /remove
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EzCAP Video Grabber-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x040c -removeonly
    FileZilla Client 3.0.4.1-->C:\Program Files\FileZilla Client\uninstall.exe
    Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
    FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    FLOCK! Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21650
    Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
    Free FLV Converter V 6.2.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
    GForce impOSCar v1.10 VSTi RTAS-->C:\PROGRA~1\GForce\impOSCar\UNINST~1\UNWISE.EXE C:\PROGRA~1\GForce\impOSCar\UNINST~1\INSTALL.LOG
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
    IK Multimedia Amplitube v1.3-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    Image-Line PoiZone v2.1-->C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\INSTALL.LOG
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Left 4 Dead Authoring Tools Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/513
    Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
    Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
    Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
    Lounge Lizard 1.0-->C:\PROGRA~1\Aas\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\Aas\LOUNGE~1.0\INSTALL.LOG
    Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
    Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
    Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    MAGIX Films sur DVD 7 7.0.3.0 (F)-->C:\Program Files\MAGIX\Films_sur_DVD_7\unwise.exe
    MAGIX Goya burnR 1.3.1.3 (F)-->C:\Program Files\MAGIX\Goya_burnR\unwise.exe
    MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Marvel(TM) - Ultimate Alliance-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214} /l2057
    marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
    Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    Native Instruments FM8-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
    Native Instruments Kontakt 2-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
    Native Instruments Xpress Keyboards v1.0-->C:\PROGRA~1\NATIVE~1\XPRESS~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\XPRESS~1\INSTALL.LOG
    Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
    Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    Novation Bass-Station VSTi v1.10-->C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\INSTALL.LOG
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
    Octopus-->C:\Program Files\VstPlugins\UninstalOctopus.exe
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - eMPIA Technology (USB28xxBGA) Media (07/20/2006 4.6.0720.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\embda.inf
    Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\emaudio.inf
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
    Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
    Pianoteq v2.3.0-->"C:\Program Files\Pianoteq 2.3\uninstall.exe"
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    PSP 84 v1.1-->C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
    PSP Audioware EasyVerb DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\EasyVerb\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\EasyVerb\INSTALL.LOG
    PSP Audioware MasterQ DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\MasterQ\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MasterQ\INSTALL.LOG
    PSP Audioware MixPack DX VST v1.7-->C:\PROGRA~1\PSPAUD~1\MixPack\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MixPack\INSTALL.LOG
    PSP Lexicon PSP 42 v1.2-->C:\PROGRA~1\LEXICO~1\UNWISE.EXE C:\PROGRA~1\LEXICO~1\INSTALL.LOG
    PSP VintageWarmer v1.5d-->C:\PROGRA~1\PSPVIN~1\UNWISE.EXE C:\PROGRA~1\PSPVIN~1\INSTALL.LOG
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
    ReValver-->C:\audio\ReValver\UNWISE.EXE C:\audio\ReValver\INSTALL.LOG
    rgc:audio Triangle II-->"C:\Program Files\VstPlugins\unins001.exe"
    rgcAudio Pentagon I VSTi v1.0-->"C:\Program Files\VstPlugins\Vstplugins\unins000.exe"
    Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
    Rob Papen and LinPlug Albino v1.0-->C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\INSTALL.LOG
    Rob Papen Blue VSTi v1.01 -->C:\PROGRA~1\VSTPLU~1\Blue\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Blue\INSTALL.LOG
    Rob Papen Predator V1.1.1-->"C:\Program Files\VstPlugins\unins000.exe"
    Saints Row 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9480
    SampleTank 2-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
    Scale Changer Pro v1.1e-->C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\INSTALL.LOG
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Seekapp 1.0 build 143-->C:\Program Files\SeekappSrch\uninstall.exe
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}
    Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC}
    SP 1101 Randy Running Screen Saver-->C:\WINDOWS\system32\SP 1101 Randy Running.scr /u
    SP Penis Mouse Screen Saver-->C:\WINDOWS\system32\SP Penis Mouse.scr /u
    SpinAudio Roomverb M2 v1.0-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Steinberg HALion v2.0-->C:\PROGRA~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HALION~1\INSTALL.LOG
    Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
    SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
    Timeworks Millenium Pack-->C:\PROGRA~1\VSTPLU~1\TIMEWO~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\TIMEWO~1\INSTALL.LOG
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    T-RackS 24-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IK Multimedia\T-RackS 24\Uninst.isu"
    Trilogy-->C:\Trilogy\unins000.exe
    Ulead GIF Animator 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VTFEdit 1.2.5-->"C:\Program Files\VTFEdit\unins000.exe"
    WampServer 2.0-->"C:\Program Files\wamp\unins000.exe"
    Warp VST V1.0-->C:\PROGRA~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\WARPVS~1.0\INSTALL.LOG
    Waves 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C4D25EB-6513-4702-8355-F4194DE2E1D9}\setup.exe" -l0x9
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090715-0]

    ======System event log======

    Computer Name: K-E28DB6CA3AD64
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

    Record Number: 14769
    Source Name: Service Control Manager
    Time Written: 20090706104621.000000+120
    Event Type: Informations
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 14768
    Source Name: Service Control Manager
    Time Written: 20090706104615.000000+120
    Event Type: Informations
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 14767
    Source Name: Service Control Manager
    Time Written: 20090706104615.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: K-E28DB6CA3AD64
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination.

    Record Number: 14766
    Source Name: Disk
    Time Written: 20090706104327.000000+120
    Event Type: Avertissement
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination.

    Record Number: 14765
    Source Name: Disk
    Time Written: 20090706104327.000000+120
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: K-E28DB6CA3AD64
    Event Code: 3
    Message:
    Record Number: 12344
    Source Name: Adobe Version Cue CS3
    Time Written: 20090703022233.000000+120
    Event Type: erreur
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 3
    Message:
    Record Number: 12343
    Source Name: Adobe Version Cue CS3
    Time Written: 20090703022233.000000+120
    Event Type: erreur
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 3
    Message:
    Record Number: 12342
    Source Name: Adobe Version Cue CS3
    Time Written: 20090703022233.000000+120
    Event Type: erreur
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 3
    Message:
    Record Number: 12341
    Source Name: Adobe Version Cue CS3
    Time Written: 20090703022233.000000+120
    Event Type: erreur
    User:

    Computer Name: K-E28DB6CA3AD64
    Event Code: 3
    Message:
    Record Number: 12340
    Source Name: Adobe Version Cue CS3
    Time Written: 20090703022233.000000+120
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "VProject"=c:\program files\steam\steamapps\common\left 4 dead\left4dead
    "sourcesdk"=c:\program files\steam\steamapps\common\left 4 dead

    -----------------EOF-----------------
    0
  2. Sam Faishier
     
    Et enfin, le rapport Findykill avec tous mes DD branchés, avast et spyware désactivés et cable internet enlevé !

    Alors mes deux questions sont les suivantes :
    Comment supprimer définitivement nkbd1v.exe ?
    Comment éviter d'avoir à faire clicdroit+explorer pour ouvrir mes DD? :)

    D'avance merci à tous !

    ############################## | FindyKill V6.006 |

    # User : Killian (Administrateurs) # K-E28DB6CA3AD64
    # Update on 14/07/09 by Chiquitine29 & C_XX
    # Start at: 20:03:40 | 15/07/2009
    # Website : http://pagesperso-orange.fr/NosTools/index.html

    # Processeur Intel Pentium III Xeon
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ (!) Disabled | Updated ]

    # C:\ # Disque fixe local # 244,14 Go (113,06 Go free) # NTFS
    # D:\ # Disque fixe local # 465,65 Go (438,73 Go free) [VERBATIM] # FAT32
    # E:\ # Disque fixe local # 221,62 Go (147,01 Go free) [Disque local 2] # NTFS
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque fixe local # 465,64 Go (311,97 Mo free) [Elements] # FAT32
    # I:\ # Disque fixe local # 465,64 Go (137,52 Go free) [Elements] # FAT32
    # J:\ # Disque CD-ROM
    # P:\ # Disque CD-ROM

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Registre Startup |

    R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    R1 - HKCU\..\Main: "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    R1 - HKCU\..\Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
    R1 - HKCU\..\Main: "Start Page Redirect Cache_TIMESTAMP"=hex:6a,42,e1,10,2c,e2,c9,01
    R1 - HKCU\..\Main: "Start Page Redirect Cache AcceptLangs"="fr"
    F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    F2 - HKLM\..\logon:"DefaultUserName"="Killian"
    F2 - HKLM\..\logon:"AltDefaultUserName"="Killian"
    F2 - HKLM\..\logon:"LegalNoticeCaption"=""
    F2 - HKLM\..\logon:"LegalNoticeText"=""
    04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    04 - HKLM\..\Run: nwiz=nwiz.exe /install
    04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
    04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
    04 - HKLM\..\Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
    04 - HKLM\..\Run: SearchSettings=C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    04 - HKLM\..\Run: UpdReg=C:\WINDOWS\UpdReg.EXE
    04 - HKLM\..\Run: ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    04 - HKLM\..\Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    04 - HKCU\..\Run: CTFMON.EXE#C:\WINDOWS\system32\ctfmon.exe#
    04 - HKCU\..\Run: H/PC Connection Agent#"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"#
    04 - HKCU\..\Run: SUPERAntiSpyware#C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe#
    04 - HKCU\..\Run: cdoosoft#C:\WINDOWS\system32\olhrwef.exe#
    04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater##

    ################## | Fichiers # Dossiers infectieux |

    ################## | C:\Documents and Settings\Killian\Temporary Internet Files |

    Présent ! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe

    ################## | All Drives ... |

    C:\autorun.inf # -> fichier appelé : "C:\nkbd1v.exe" ( Absent ! )
    Présent ! C:\autorun.inf
    D:\autorun.inf # -> fichier appelé : "D:\nkbd1v.exe" ( Présent ! )
    Présent ! D:\i6g6x.cmd
    Présent ! D:\autorun.inf
    Présent ! "D:\resycled"
    E:\autorun.inf # -> fichier appelé : "E:\nkbd1v.exe" ( Absent ! )
    Présent ! E:\resycled\boot.com
    Présent ! E:\autorun.inf
    Présent ! "E:\resycled"
    H:\autorun.inf # -> fichier appelé : "H:\nkbd1v.exe" ( Présent ! )
    Présent ! H:\i6g6x.cmd
    Présent ! H:\resycled\boot.com
    Présent ! H:\autorun.inf
    Présent ! "H:\resycled"
    I:\autorun.inf # -> fichier appelé : "I:\nkbd1v.exe" ( Présent ! )
    Présent ! I:\i6g6x.cmd
    Présent ! I:\resycled\boot.com
    Présent ! I:\autorun.inf
    Présent ! "I:\resycled"

    ################## | Registre # Clés Run infectieuses |

    Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
    Présent ! HKU\S-1-5-21-839522115-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
    Présent ! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
    Présent ! HKLM\SYSTEM\ControlSet001\Services\AVPsys
    Présent ! HKLM\SYSTEM\ControlSet002\Services\AVPsys

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\H
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:

    HKCU\..\..\Explorer\MountPoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}
    Shell\AutoRun\command =I:\nkbd1v.exe
    Shell\open\Command =I:\nkbd1v.exe

    HKCU\..\..\Explorer\MountPoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}
    Shell\AutoRun\command =nkbd1v.exe
    Shell\open\Command =nkbd1v.exe

    HKCU\..\..\Explorer\MountPoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}
    Shell\AutoRun\command =D:\nkbd1v.exe
    Shell\open\Command =D:\nkbd1v.exe

    HKCU\..\..\Explorer\MountPoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}
    Shell\AutoRun\command =K:\nkbd1v.exe
    Shell\open\Command =K:\nkbd1v.exe

    HKCU\..\..\Explorer\MountPoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}
    Shell\AutoRun\command =nkbd1v.exe
    Shell\open\Command =nkbd1v.exe

    HKCU\..\..\Explorer\MountPoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}
    Shell\AutoRun\command =nkbd1v.exe
    Shell\open\Command =nkbd1v.exe

    ################## | Etat / Services / Informations |

    # Affichage des fichiers cachés : OK
    # Mode sans echec : OK
    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
    # Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

    ################## | Cracks / Keygens / Serials |

    ################## | ! Fin du rapport # FindyKill V6.006 ! |
    0
  3. Youssefpro
     
    dis sam, tu pourrais me dire il fais quel effet ton virus?
    0
  4. Utilisateur anonyme
     
    Salut ;

    plusieures infection ...

    ! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

    • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

    • Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

    • Le pc va redémarrer automatiquement ...

    ▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

    --> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

    /!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Sam Faishier
     
    Bonsoir!
    Alors voilà voilà

    Youssefpro
    , difficile de te dire. A la base c'est surtout un Trojan qui "trouve" tes identifiants et mdp pour les jeux en ligne. En l'occurence j'ai Avast qui m'affichait ça depuis que je joue à Wow. (genre par crise, où toutes les deux secondes il réapparait en disant "ya un trojan" "ya un trojan"!)

    Au delà de ça ... j'avais en même temps des blèmes à ouvrir mes DD. Obligé de faire clic droit explorer.
    Apparemment c'était relié ... au vu de ce qui a été supprimé dans ce rapport.

    Chiquitine29, Merci beaucoup pour ton explication de manip!
    ça a suppr pas mal de choses ... voici le rapport final :

    ############################## | FindyKill V6.006 |

    # User : Killian (Administrateurs) # K-E28DB6CA3AD64
    # Update on 14/07/09 by Chiquitine29 & C_XX
    # Start at: 21:24:28 | 15/07/2009
    # Website : http://pagesperso-orange.fr/NosTools/index.html

    # Processeur Intel Pentium III Xeon
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ Enabled | Updated ]

    # C:\ # Disque fixe local # 244,14 Go (113,07 Go free) # NTFS
    # D:\ # Disque fixe local # 465,65 Go (438,73 Go free) [VERBATIM] # FAT32
    # E:\ # Disque fixe local # 221,62 Go (147,01 Go free) [Disque local 2] # NTFS
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque fixe local # 465,64 Go (311,97 Mo free) [Elements] # FAT32
    # I:\ # Disque fixe local # 465,64 Go (137,52 Go free) [Elements] # FAT32
    # K:\ # Disque amovible # 3,62 Go (50,29 Mo free) [K'S IPOD] # FAT32
    # P:\ # Disque CD-ROM

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    ################## | C:\Documents and Settings\Killian\Temporary Internet Files |

    Supprimé ! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe

    ################## | All Drives ... |

    C:\autorun.inf # -> fichier appelé : "C:\nkbd1v.exe" ( Absent ! )
    Supprimé ! C:\autorun.inf
    D:\autorun.inf # -> fichier appelé : "D:\nkbd1v.exe" ( Présent ! )
    Supprimé ! -> D:\nkbd1v.exe
    Supprimé ! D:\i6g6x.cmd
    Supprimé ! D:\autorun.inf
    Supprimé ! D:\resycled
    E:\autorun.inf # -> fichier appelé : "E:\nkbd1v.exe" ( Absent ! )
    Supprimé ! E:\resycled\boot.com
    Supprimé ! E:\autorun.inf
    Supprimé ! E:\resycled
    H:\autorun.inf # -> fichier appelé : "H:\nkbd1v.exe" ( Présent ! )
    Supprimé ! -> H:\nkbd1v.exe
    Supprimé ! H:\i6g6x.cmd
    Supprimé ! H:\resycled\boot.com
    Supprimé ! H:\autorun.inf
    Supprimé ! H:\resycled
    I:\autorun.inf # -> fichier appelé : "I:\nkbd1v.exe" ( Présent ! )
    Supprimé ! -> I:\nkbd1v.exe
    Supprimé ! I:\i6g6x.cmd
    Supprimé ! I:\resycled\boot.com
    Supprimé ! I:\autorun.inf
    Supprimé ! I:\resycled
    ################## | Autres ... |

    ################## | Registre # Clés Run infectieuses |

    Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
    Supprimé ! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
    Supprimé ! HKLM\SYSTEM\ControlSet002\Services\AVPsys

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [15/07/2009 21:16|--a------|1877] - C:\aaw7boot.log
    [17/02/2009 22:00|--a------|0] - C:\AUTOEXEC.BAT
    [14/07/2009 01:11|---hs----|216] - C:\boot.ini
    [14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
    [17/02/2009 22:00|--a------|0] - C:\CONFIG.SYS
    [29/05/2009 03:28|--a------|3532] - C:\drmHeader.bin
    [14/07/2009 16:03|--a------|0] - C:\dxva.log
    [15/07/2009 21:56|--a------|4284] - C:\FindyKill.txt
    [15/07/2009 19:00|--a------|528] - C:\hpfr3420.xml
    [15/07/2009 19:00|--a------|90670] - C:\hpfr3425.log
    [17/02/2009 22:00|-rahs----|0] - C:\IO.SYS
    [28/03/2009 16:25|--a------|5060] - C:\LgDSetup.log
    [28/03/2009 16:23|--a------|183] - C:\LogiSetup.log
    [17/02/2009 22:00|-rahs----|0] - C:\MSDOS.SYS
    [28/03/2009 16:58|--a------|102708] - C:\MSIInstall.log
    [14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
    [14/04/2008 14:00|-rahs----|252240] - C:\ntldr
    [29/02/2004 17:44|--a------|52576] - C:\orange.bmp
    [?|?|?] - C:\pagefile.sys
    [17/02/2009 22:35|--a------|522] - C:\RHDSetup.log
    [26/03/2009 02:50|--a------|7847855] - C:\the_freezas_europe_you_rock.mp3
    [26/04/2009 12:59|--a------|498446] - C:\vcredist_x86.log
    [14/07/2009 16:03|--a------|9] - C:\VO.log
    [02/03/2009 17:41|--a------|57649528] - D:\The Freezas Mix - 02-03-2009.mp3
    [02/03/2009 20:10|--a------|131214524] - D:\The Freezas Mix - 02-03-2009 2.mp3
    [11/03/2009 16:34|--ahs----|3072] - D:\Thumbs.db
    [10/07/2009 14:47|--a------|321358892] - D:\0006 2-rec.wav
    [12/07/2009 21:36|--a------|984] - H:\playlist.html
    [12/07/2009 21:34|--a------|1024] - H:\playlist2.html
    [26/05/2008 21:48|---hs----|7168] - H:\Thumbs.db
    [03/04/2008 14:15|--a------|133041] - I:\cosmogrizzmine.JPG
    [29/03/2009 23:46|--ahs----|5632] - I:\Thumbs.db
    [03/02/2009 14:07|--a------|25256] - I:\VirtualDJ Local Database v5.xml
    [05/01/2002 03:38|--a------|54784] - I:\msvci70.dll
    [18/03/2000 17:58|---------|0] - K:\.metadata_never_index
    [12/07/2009 14:14|--ah-----|4096] - K:\._.Trashes
    [12/07/2009 14:14|--ah-----|4096] - K:\._iPod_Control
    [12/07/2009 14:14|--ah-----|34201] - K:\.VolumeIcon.icns
    [12/07/2009 14:14|--ah-----|4096] - K:\._.VolumeIcon.icns
    [12/07/2009 14:14|--ah-----|4096] - K:\._?

    ################## | Vaccination |

    # C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # I:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # K:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

    ################## | Etat / Services / Informations |

    # Mode sans echec : OK

    # Affichage des fichiers cachés : OK

    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
    # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

    ################## | PEH ... |

    ################## | Cracks / Keygens / Serials |

    ################## | ! Fin du rapport # FindyKill V6.006 ! |
    0
  7. Utilisateur anonyme
     
    Telecharge malwarebytes
    https://www.malwarebytes.com/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  8. Sam Faishier
     
    Merci !

    Bon ... alors que j'pensais que les choses se réglaient .... ya eu du nouveau.

    Je suis perdu :(
    J'ai tout fait comme il fallait et là, pendant que Malwarebytes fait son boulot, avast me ressort sans cesse qu'il le trouve ici :

    C:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\rp245\A0063782.exe
    Toujours Win32:Kamso [Trj]

    Je suppr je suppr ...
    0
  9. Sam Faishier
     
    Bon ... ça a TOUT analysé ...
    Supprimant deux ptits restants à deux endroits.

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2421
    Windows 5.1.2600 Service Pack 3

    16/07/2009 01:24:54
    mbam-log-2009-07-16 (01-24-50).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|H:\|I:\|K:\|)
    Eléments examinés: 493478
    Temps écoulé: 1 hour(s), 33 minute(s), 47 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    d:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\RP215\A0059474.exe (Trojan.Downloader) -> No action taken.
    i:\system volume information\_restore{0d9ea6a0-570f-4066-af0f-0cf0dc7e5dfa}\RP249\A0068454.cmd (Spyware.OnlineGames) -> No action taken.

    Ce devrait le faire nan?
    En tout cas un énoOoOrme merci!

    J'vous tiens au courant si la manip a marché ou pas, soit l'absence d'alerte avast demain :)
    0
  10. Utilisateur anonyme
     
    • Télécharge Lop S&D.exe sur ton Bureau .

    • Double-clique dessus pour lancer l'installation

    • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

    • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

    • Patiente jusqu'à la fin du scan

    • Poste le rapport généré (C:\lopR.txt)
    0
  11. Sam Faishier
     
    Salut!
    Bon apparemment pas d'alerte avast aujourd'hui, donc c'est cool, CA MARCHE! :)

    Anyway voici le rapport Lop S&D
    Marrant, il me signale une chanson d'eminem en .wma comme crack ou keygen

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
    BIOS : BIOS Date: 06/12/08 00:26:51 Ver: 08.00.14
    USER : Killian ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1335 [VPS 090716-0] 4.8.1335 (Activated)
    C:\ (Local Disk) - NTFS - Total:244 Go (Free:119 Go)
    E:\ (Local Disk) - NTFS - Total:221 Go (Free:147 Go)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (Local Disk) - FAT32 - Total:465 Go (Free:3 Go)
    I:\ (Local Disk) - FAT32 - Total:465 Go (Free:132 Go)
    K:\ (USB) - FAT32 - Total:3704 Mo (Free:0 Go)
    P:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 16/07/2009|11:00 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [27/02/2009|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [14/07/2009|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
    [18/03/2009|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [22/02/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
    [27/02/2009|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [26/04/2009|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [26/04/2009|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [20/03/2009|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BCR
    [23/05/2009|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
    [19/04/2009|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
    [18/02/2009|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
    [14/06/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
    [22/02/2009|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    [26/04/2009|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [14/07/2009|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [18/02/2009|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
    [30/04/2009|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
    [25/02/2009|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
    [28/02/2009|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
    [14/07/2009|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [14/07/2009|00:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [18/02/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [28/02/2009|18:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    [05/03/2009|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
    [01/07/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekappSrch
    [17/05/2009|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [22/03/2009|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
    [14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [18/04/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
    [26/02/2009|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

    [17/02/2009|22:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [24/02/2009|15:46] C:\DOCUME~1\Eliane\APPLIC~1\Adobe
    [24/02/2009|15:43] C:\DOCUME~1\Eliane\APPLIC~1\Identities
    [29/05/2009|19:34] C:\DOCUME~1\Eliane\APPLIC~1\Microsoft
    [24/02/2009|15:45] C:\DOCUME~1\Eliane\APPLIC~1\Opera

    [24/05/2009|12:05] C:\DOCUME~1\Killian\APPLIC~1\Acreon
    [02/05/2009|15:02] C:\DOCUME~1\Killian\APPLIC~1\Activision
    [16/07/2009|02:15] C:\DOCUME~1\Killian\APPLIC~1\Adobe
    [28/02/2009|12:54] C:\DOCUME~1\Killian\APPLIC~1\Apple Computer
    [18/02/2009|14:26] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools
    [20/02/2009|02:55] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools Lite
    [18/02/2009|14:26] C:\DOCUME~1\Killian\APPLIC~1\DAEMON Tools Pro
    [19/02/2009|03:07] C:\DOCUME~1\Killian\APPLIC~1\DivX
    [28/04/2009|11:15] C:\DOCUME~1\Killian\APPLIC~1\dvdcss
    [15/07/2009|20:20] C:\DOCUME~1\Killian\APPLIC~1\FileZilla
    [01/03/2009|01:25] C:\DOCUME~1\Killian\APPLIC~1\GetRightToGo
    [22/02/2009|01:58] C:\DOCUME~1\Killian\APPLIC~1\Hewlett-Packard
    [17/02/2009|22:04] C:\DOCUME~1\Killian\APPLIC~1\Identities
    [28/02/2009|19:19] C:\DOCUME~1\Killian\APPLIC~1\InstallShield
    [26/04/2009|13:43] C:\DOCUME~1\Killian\APPLIC~1\InterVideo
    [24/02/2009|02:01] C:\DOCUME~1\Killian\APPLIC~1\Leadertech
    [25/02/2009|03:42] C:\DOCUME~1\Killian\APPLIC~1\Macromedia
    [14/07/2009|09:43] C:\DOCUME~1\Killian\APPLIC~1\Malwarebytes
    [08/06/2009|13:55] C:\DOCUME~1\Killian\APPLIC~1\Megaupload
    [14/04/2009|00:56] C:\DOCUME~1\Killian\APPLIC~1\Microsoft
    [26/02/2009|01:27] C:\DOCUME~1\Killian\APPLIC~1\Mozilla
    [18/02/2009|18:09] C:\DOCUME~1\Killian\APPLIC~1\Nero
    [07/04/2009|14:03] C:\DOCUME~1\Killian\APPLIC~1\Notepad++
    [18/02/2009|02:43] C:\DOCUME~1\Killian\APPLIC~1\Opera
    [08/03/2009|02:49] C:\DOCUME~1\Killian\APPLIC~1\pdfforge
    [05/03/2009|13:07] C:\DOCUME~1\Killian\APPLIC~1\Propellerhead Software
    [24/02/2009|11:56] C:\DOCUME~1\Killian\APPLIC~1\Publish Providers
    [08/03/2009|02:49] C:\DOCUME~1\Killian\APPLIC~1\Search Settings
    [18/02/2009|12:13] C:\DOCUME~1\Killian\APPLIC~1\SecuROM
    [14/07/2009|00:42] C:\DOCUME~1\Killian\APPLIC~1\Skype
    [14/07/2009|00:09] C:\DOCUME~1\Killian\APPLIC~1\skypePM
    [26/02/2009|00:38] C:\DOCUME~1\Killian\APPLIC~1\Sony
    [24/03/2009|13:26] C:\DOCUME~1\Killian\APPLIC~1\Steinberg
    [14/07/2009|18:55] C:\DOCUME~1\Killian\APPLIC~1\SUPERAntiSpyware.com
    [19/02/2009|11:48] C:\DOCUME~1\Killian\APPLIC~1\Syntrillium
    [10/05/2009|19:39] C:\DOCUME~1\Killian\APPLIC~1\TeamViewer
    [14/07/2009|16:17] C:\DOCUME~1\Killian\APPLIC~1\uTorrent
    [26/04/2009|14:06] C:\DOCUME~1\Killian\APPLIC~1\vlc
    [20/02/2009|12:35] C:\DOCUME~1\Killian\APPLIC~1\Waves Audio
    [01/04/2009|00:38] C:\DOCUME~1\Killian\APPLIC~1\Winamp
    [18/02/2009|03:23] C:\DOCUME~1\Killian\APPLIC~1\WinRAR

    [17/02/2009|22:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [17/02/2009|22:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [14/07/2009 14:05][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [25/05/2009 01:41][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1235260653.job
    [16/07/2009 09:28][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [14/04/2008 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [18/03/2009|17:30] C:\Program Files\505games
    [05/03/2009|12:48] C:\Program Files\Aas
    [14/06/2009|16:28] C:\Program Files\Activision
    [18/03/2009|17:40] C:\Program Files\Adobe
    [20/02/2009|10:36] C:\Program Files\AGEIA Technologies
    [03/04/2009|00:00] C:\Program Files\Alcohol Soft
    [20/02/2009|10:51] C:\Program Files\Alwil Software
    [21/03/2009|10:05] C:\Program Files\Ant Renamer
    [20/02/2009|12:50] C:\Program Files\Antares
    [24/03/2009|00:16] C:\Program Files\Antares Audio Technologies
    [27/02/2009|14:05] C:\Program Files\Apple Software Update
    [20/02/2009|11:23] C:\Program Files\ASUS
    [28/04/2009|11:35] C:\Program Files\AviSynth 2.5
    [26/04/2009|11:55] C:\Program Files\AVS4YOU
    [07/04/2009|13:53] C:\Program Files\Bonjour
    [22/03/2009|19:31] C:\Program Files\CamStudio
    [20/03/2009|18:28] C:\Program Files\Capcom
    [17/02/2009|21:58] C:\Program Files\ComPlus Applications
    [05/03/2009|16:21] C:\Program Files\coolpro2
    [15/03/2009|12:32] C:\Program Files\Creative
    [15/03/2009|12:32] C:\Program Files\Creative Professional
    [18/02/2009|14:25] C:\Program Files\DAEMON Tools Lite
    [28/02/2009|19:20] C:\Program Files\DIFX
    [28/03/2009|16:25] C:\Program Files\directx
    [22/02/2009|21:26] C:\Program Files\DivX
    [26/04/2009|14:33] C:\Program Files\DVD X Studios
    [15/06/2009|00:37] C:\Program Files\EA Games
    [20/02/2009|12:31] C:\Program Files\East West
    [05/03/2009|12:47] C:\Program Files\EDIROL
    [28/04/2009|11:35] C:\Program Files\eRightSoft
    [15/03/2009|14:53] C:\Program Files\F.E.A.R. 2
    [23/05/2009|15:43] C:\Program Files\Fichiers communs
    [18/02/2009|14:01] C:\Program Files\FileZilla Client
    [01/03/2009|23:59] C:\Program Files\Free FLV Converter
    [17/02/2009|22:49] C:\Program Files\Free.fr
    [20/02/2009|12:34] C:\Program Files\GForce
    [22/02/2009|01:57] C:\Program Files\Hewlett-Packard
    [14/07/2009|00:56] C:\Program Files\iColorFolder
    [08/03/2009|01:00] C:\Program Files\IK Multimedia
    [19/02/2009|12:42] C:\Program Files\Image-Line
    [15/06/2009|13:03] C:\Program Files\InstallShield Installation Information
    [17/02/2009|22:12] C:\Program Files\Intel
    [11/06/2009|02:09] C:\Program Files\Internet Explorer
    [27/02/2009|14:06] C:\Program Files\iPod
    [27/02/2009|14:06] C:\Program Files\iTunes
    [14/07/2009|14:02] C:\Program Files\Lavasoft
    [05/03/2009|13:16] C:\Program Files\Lexicon PSP42
    [28/03/2009|17:08] C:\Program Files\Logitech
    [30/04/2009|15:45] C:\Program Files\ma-config.com
    [25/02/2009|01:48] C:\Program Files\Macromedia
    [28/02/2009|19:09] C:\Program Files\MAGIX
    [14/07/2009|09:43] C:\Program Files\Malwarebytes' Anti-Malware
    [17/02/2009|22:39] C:\Program Files\Marvell
    [08/06/2009|13:31] C:\Program Files\Megaupload
    [18/02/2009|01:56] C:\Program Files\Messenger
    [14/07/2009|00:14] C:\Program Files\Microsoft
    [14/04/2009|00:43] C:\Program Files\Microsoft ActiveSync
    [23/02/2009|04:00] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [17/02/2009|22:00] C:\Program Files\microsoft frontpage
    [18/02/2009|12:23] C:\Program Files\Microsoft Games for Windows - LIVE
    [17/04/2009|12:09] C:\Program Files\Microsoft Office
    [22/04/2009|18:29] C:\Program Files\Microsoft Silverlight
    [24/02/2009|11:54] C:\Program Files\Microsoft SQL Server
    [19/02/2009|14:49] C:\Program Files\Microsoft.NET
    [02/03/2009|11:39] C:\Program Files\MixMeister BPM Analyzer
    [14/07/2009|00:27] C:\Program Files\Movie Maker
    [01/07/2009|10:06] C:\Program Files\Mozilla Firefox
    [18/02/2009|10:53] C:\Program Files\MSBuild
    [17/02/2009|21:57] C:\Program Files\MSN
    [17/02/2009|21:58] C:\Program Files\MSN Gaming Zone
    [19/02/2009|04:00] C:\Program Files\MSXML 4.0
    [15/03/2009|13:12] C:\Program Files\Native Instruments
    [18/02/2009|17:52] C:\Program Files\Nero
    [17/02/2009|21:59] C:\Program Files\NetMeeting
    [07/04/2009|14:02] C:\Program Files\Notepad++
    [17/02/2009|21:58] C:\Program Files\Online Services
    [20/03/2009|18:28] C:\Program Files\OpenAL
    [18/02/2009|02:42] C:\Program Files\Opera
    [14/07/2009|00:27] C:\Program Files\Outlook Express
    [19/02/2009|12:42] C:\Program Files\Outsim
    [03/03/2009|18:08] C:\Program Files\PDFCreator
    [03/03/2009|18:03] C:\Program Files\pdfforge Toolbar
    [20/02/2009|02:11] C:\Program Files\Pianoteq 2.3
    [28/02/2009|19:01] C:\Program Files\Pinnacle
    [05/03/2009|13:07] C:\Program Files\Propellerhead
    [05/03/2009|13:14] C:\Program Files\PSP 84
    [05/03/2009|13:15] C:\Program Files\PSP Audioware
    [05/03/2009|13:17] C:\Program Files\PSP VintageWarmer
    [27/02/2009|14:06] C:\Program Files\QuickTime
    [17/02/2009|22:35] C:\Program Files\Realtek
    [18/02/2009|10:51] C:\Program Files\Reference Assemblies
    [14/04/2009|00:43] C:\Program Files\Ressources Windows Mobile
    [15/06/2009|13:09] C:\Program Files\Rockstar Games
    [22/02/2009|21:29] C:\Program Files\RomStation
    [20/02/2009|03:53] C:\Program Files\Saints Row 2
    [05/03/2009|12:28] C:\Program Files\SampleTank 2
    [10/07/2009|22:47] C:\Program Files\SeekappSrch
    [17/02/2009|22:00] C:\Program Files\Services en ligne
    [17/05/2009|20:35] C:\Program Files\Skype
    [22/03/2009|13:36] C:\Program Files\Sony
    [24/02/2009|11:52] C:\Program Files\Sony Setup
    [05/03/2009|14:03] C:\Program Files\Spectrasonics
    [05/03/2009|13:17] C:\Program Files\Spin Audio
    [14/07/2009|00:49] C:\Program Files\Steam
    [02/04/2009|13:12] C:\Program Files\Steinberg
    [14/07/2009|18:55] C:\Program Files\SUPERAntiSpyware
    [10/05/2009|19:01] C:\Program Files\TeamViewer
    [15/07/2009|19:27] C:\Program Files\Trend Micro
    [05/03/2009|03:22] C:\Program Files\u-he
    [08/03/2009|15:14] C:\Program Files\Ulead Systems
    [17/02/2009|22:04] C:\Program Files\Uninstall Information
    [28/02/2009|19:20] C:\Program Files\USB TV
    [13/03/2009|18:52] C:\Program Files\VideoLAN
    [27/02/2009|12:36] C:\Program Files\VLCPortable
    [26/03/2009|01:19] C:\Program Files\VOB
    [02/04/2009|15:03] C:\Program Files\VstPlugins
    [15/04/2009|01:18] C:\Program Files\VTFEdit
    [02/05/2009|13:43] C:\Program Files\wamp
    [05/03/2009|13:21] C:\Program Files\Waves
    [09/06/2009|09:04] C:\Program Files\Winamp
    [14/07/2009|00:14] C:\Program Files\Windows Live
    [18/02/2009|03:04] C:\Program Files\Windows Live SkyDrive
    [14/07/2009|00:14] C:\Program Files\Windows Live(2)
    [28/03/2009|16:38] C:\Program Files\Windows Media Components
    [26/02/2009|02:16] C:\Program Files\Windows Media Connect 2
    [26/02/2009|02:37] C:\Program Files\Windows Media Player
    [17/02/2009|21:57] C:\Program Files\Windows NT
    [18/02/2009|17:52] C:\Program Files\Windows Sidebar
    [17/02/2009|22:00] C:\Program Files\WindowsUpdate
    [18/02/2009|02:19] C:\Program Files\WinRAR
    [15/06/2009|14:12] C:\Program Files\World Of Warcraft
    [17/02/2009|22:00] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [03/03/2009|22:56] C:\Program Files\Fichiers communs\Adobe
    [18/03/2009|17:40] C:\Program Files\Fichiers communs\Adobe AIR
    [27/02/2009|14:06] C:\Program Files\Fichiers communs\Apple
    [26/04/2009|11:55] C:\Program Files\Fichiers communs\AVSMedia
    [15/06/2009|22:13] C:\Program Files\Fichiers communs\Blizzard Entertainment
    [19/02/2009|14:49] C:\Program Files\Fichiers communs\DESIGNER
    [20/02/2009|02:10] C:\Program Files\Fichiers communs\digidesign
    [22/02/2009|01:53] C:\Program Files\Fichiers communs\Hewlett-Packard
    [26/04/2009|13:36] C:\Program Files\Fichiers communs\InstallShield
    [22/02/2009|01:47] C:\Program Files\Fichiers communs\Logitech
    [25/02/2009|01:49] C:\Program Files\Fichiers communs\Macromedia
    [22/02/2009|21:47] C:\Program Files\Fichiers communs\Macrovision Shared
    [28/02/2009|19:08] C:\Program Files\Fichiers communs\MAGIX Shared
    [14/07/2009|00:02] C:\Program Files\Fichiers communs\Microsoft Shared
    [17/02/2009|21:59] C:\Program Files\Fichiers communs\MSSoap
    [20/02/2009|02:26] C:\Program Files\Fichiers communs\Native Instruments
    [18/02/2009|18:01] C:\Program Files\Fichiers communs\Nero
    [17/02/2009|22:30] C:\Program Files\Fichiers communs\ODBC
    [28/03/2009|17:05] C:\Program Files\Fichiers communs\Real
    [17/02/2009|21:59] C:\Program Files\Fichiers communs\Services
    [17/05/2009|20:35] C:\Program Files\Fichiers communs\Skype
    [17/02/2009|22:30] C:\Program Files\Fichiers communs\SpeechEngines
    [17/04/2009|12:09] C:\Program Files\Fichiers communs\System
    [26/04/2009|13:41] C:\Program Files\Fichiers communs\Ulead
    [18/02/2009|02:58] C:\Program Files\Fichiers communs\Windows Live
    [14/07/2009|18:55] C:\Program Files\Fichiers communs\Wise Installation Wizard

    --------------------\\ Process

    ( 47 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\Killian\LOCALS~1\Temp\nsm31.tmp
    C:\DOCUME~1\Killian\LOCALS~1\Temp\nss5.tmp
    C:\DOCUME~1\Killian\Cookies\killian@advertising[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-16 11:01:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Killian\Mes documents\Ma musique\Eminem\Relapse\18 Crack a Bottle.wma

    [F:43][D:204]-> C:\DOCUME~1\Killian\LOCALS~1\Temp
    [F:8][D:0]-> C:\DOCUME~1\Killian\Cookies
    [F:175][D:17]-> C:\DOCUME~1\Killian\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 16/07/2009|10:15 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 16/07/2009|10:46 - Option : [1]
    3 - "C:\Lop SD\LopR_3.txt" - 16/07/2009|11:03 - Option : [1]

    --------------------\\ Fin du rapport a 11:03:15
    0