Sujet Précédent Sujet Suivant

Avira ne se lance plus

timay83 -  
 timay83 -
Bonjour,
Voila quelques jours que j'observe différents problèmes sur mon ordi :
Mon antivirus Avira ne se lance plus au démarrage, et meme quand je le lance manuellement, rien ne se passe.
De même Spybot S&D ne se lance plus quand je clique dessus.

J'ai essayé de désinstaller réinstaller... Ça change rien...
J'ai l'impression que ça me fait ça seulement avec les logiciels de sécurité...

Auriez vous une idée?

21 réponses

  • 1
  • 2
Réponse 1 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bonjour

• Téléchargez FindyKill sur le Bureau.

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

Mirroir :

http://findykill.changelog.fr/Setup.exe

• Double-cliquez sur FindyKill présent sur le Bureau.

• Choisissez l'option 1 (Recherche).

• Laissez travailler l'outil.

• Ensuite postez le rapport FindyKill.txt qui apparaîtra (si vous avez créé un sujet sur un forum pour vous faire aider).

• Note : Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt).

(CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/index.html

0
Réponse 2 / 21
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
je parie 100 brousoufs qu'il a le patch atapi.sys ou H8SRT* !
Allez H8SRT* !
0
Réponse 3 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ah non, j'en ai marre de celui là...je parle du H8SRT bien sûr

(sourire)
0
Réponse 4 / 21
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
Gonfle ton torse, H8SRT* c'est pour les hommes, les vrais! :D
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
timay83
 
############################## | FindyKill V5.023 |

# User : Marv (Administrateurs) # MARVIN
# Update on 31/12/2009 by El Desaparecido
# Start at: 14:22:33 | 09/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Mobile AMD Sempron(tm) Processor 3600+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]

# C:\ # Disque fixe local # 69,77 Go (38,68 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 69,51 Go (4,42 Go free) [Données] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Unknown drive type
# H:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INVISI~1\invtray.exe
C:\DOCUME~1\Marv\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Red Kawa\Video Converter App\VideoConverterApp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Red Kawa\Video Converter App\Tools\FFmpeg\ffmpeg.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

Présent ! C:\autorun.inf
Présent ! E:\autorun.inf

################## | C:\WINDOWS |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Marv\Application Data |

################## | Temporary Internet Files |

################## | Registre / Clés infectieuses |

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

"E:\Torrent\En cours\SWAT 4\Swat 4 Crack + Cle + Patch V1.1\Crack (Version 1.1)\Swat4.exe"
19/12/2009 22:24 |Size 2428928 |Crc32 0965ed07 |Md5 80dc4687231290dd3043d3689eae7f70

"E:\Torrent\En cours\SWAT 4\Swat 4 Crack + Cle + Patch V1.1\Crack Version 1.0\Swat4.exe"
19/12/2009 21:54 |Size 180224 |Crc32 33378449 |Md5 18df5d2231130cdc0954d419e9b9c056

"E:\Torrent\Termin‚s\Photomatix Pro v3.2+ SERIAL\PhotomatixPro32x32.exe"
18/10/2009 15:17 |Size 3338856 |Crc32 4ae69f2a |Md5 b28df46877dd8e437dd4059dbeb0b610

################## | ! Fin du rapport # FindyKill V5.023 ! |
0
Réponse 6 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
et oui c'est lui..

• Télécharge Random's System Information Tool (RSIT) de Random/Random.

http://images.malwareremoval.com/random/RSIT.exe

• Enregistre le sur ton Bureau.

• Double clique sur RSIT.exe pour lancer l'outil.

• Clique sur "Continue" à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

et tu devras accepter la licence.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
0
Réponse 7 / 21
timay83
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marv at 2010-01-09 19:41:13
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 40 GB (55%) free of 71 GB
Total RAM: 1791 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:03, on 09/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INVISI~1\invtray.exe
C:\DOCUME~1\Marv\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Marv\Mes documents\Downloads\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\trend micro\Marv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Invisible Secrets 4] C:\PROGRA~1\INVISI~1\invtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 8 / 21
timay83
 
info.txt logfile of random's system information tool 1.06 2010-01-09 19:42:09

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acer Crystal Eye-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x040c -removeonly
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Conseiller de mise à niveau vers Windows 7-->MsiExec.exe /I{9D10CB57-B085-44c3-B435-2D193BA153F0}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FlashGet 2.0-->C:\Program Files\FlashGet Network\FlashGet universal\uninst.exe
GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcZUnM5k.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Invisible Secrets 4-->C:\PROGRA~1\INVISI~1\UNWISE.EXE C:\PROGRA~1\INVISI~1\INSTALL.LOG
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LEd Beta 0.53-->"C:\Program Files\LEd\unins000.exe"
Livre Photo Snapfish-->"C:\Program Files\Livre Photo Snapfish\Livre Photo Snapfish\uninstall.exe"
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
LyX 1.6.4-1-->"C:\Program Files\LyX16\Uninstall-LyX.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Maple 12-->"C:\Program Files\Maple 12\Uninstall_Maple 12\Uninstall Maple 12.exe"
MATLAB Family of Products Release 14-->C:\MATLAB71\uninstall\uninstall.exe C:\MATLAB71\
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Morrowind-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x40c
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.45a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NI LabVIEW Run-Time Engine 6.1-->MsiExec.exe /I{CC8971B9-9132-4C04-A8D4-628663C9E9F0}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PandoraRecovery (Remove Only)-->"C:\Program Files\Pandora Recovery\Uninstall.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
Photomatix Pro version 3.2-->"C:\Program Files\PhotomatixPro3\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x40c -removeonly
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sniper Elite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x40c UNINSTALLFROMSYS
Unreal Tournament G.O.T.Y. Edition-->C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Videora iPod Converter 4.06-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: MARVIN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\...aTribe\gigatribe.exe

Record Number: 7721
Source Name: avgntflt
Time Written: 20091211220840.000000+060
Event Type: Avertissement
User:

Computer Name: MARVIN
Event Code: 18
Message: TIMEOUT<explorer.exe> C:\...aTribe\gigatribe.exe

Record Number: 7720
Source Name: avgntflt
Time Written: 20091211220809.000000+060
Event Type: Avertissement
User:

Computer Name: MARVIN
Event Code: 7036
Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution.

Record Number: 7719
Source Name: Service Control Manager
Time Written: 20091211215228.000000+060
Event Type: Informations
User:

Computer Name: MARVIN
Event Code: 26
Message: Application popup : Batterie faible : Vous devriez immédiatement changer votre batterie ou bien vous brancher sur une source d'alimentation électrique afin de ne pas perdre votre travail.

Record Number: 7718
Source Name: Application Popup
Time Written: 20091211204312.000000+060
Event Type: Informations
User:

Computer Name: MARVIN
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.

Record Number: 7717
Source Name: Service Control Manager
Time Written: 20091211200504.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: MARVIN
Event Code: 20
Message:
Record Number: 1047
Source Name: Google Update
Time Written: 20091023175305.000000+120
Event Type: erreur
User: MARVIN\Marv

Computer Name: MARVIN
Event Code: 0
Message:
Record Number: 1046
Source Name: iPod Service
Time Written: 20091023170511.000000+120
Event Type: Informations
User:

Computer Name: MARVIN
Event Code: 4096
Message: Le service AntiVir a bien démarré!

Record Number: 1045
Source Name: Avira AntiVir
Time Written: 20091023170506.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MARVIN
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1044
Source Name: SecurityCenter
Time Written: 20091023170501.000000+120
Event Type: Informations
User:

Computer Name: MARVIN
Event Code: 1
Message:
Record Number: 1043
Source Name: Bonjour Service
Time Written: 20091023170456.000000+120
Event Type: Informations
User:

======Environment variables======

"BLAS_VERSION"=c:\matlab7\bin\win32\atlas_Athlon.dll
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=C:\Program Files\MiKTeX 2.7\miktex\bin;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\MATLAB71\bin\win32;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 124 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=7c02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"WATCOM"=C:\watcom-1.3
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 9 / 21
timay83
 
Et j'arrive pas a poster l'autre rapport, il me dit que je l'ai deja posté...
0
Réponse 10 / 21
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
2010-01-03 01:52:30 ----A---- C:\WINDOWS\system32\krl32mainweq.dll

j'ai gagnéééééééééééééééééééééé :p
0
Réponse 11 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
Malekal_morte-

ouais...facile, surtout pour toi

(sourire)

timay83

Désactiver le TeaTimer de Spybot (Merci à Nico et nathandre):
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé

Spybot va géner les outils

ensuite

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Télécharge ComboFix de sUBs en le renommant MDG.exe avant de l'enregistrer sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

(si tu ne le peux pas, continues)

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION

(remets provisoirement internet s'il le faut)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

0
Réponse 12 / 21
timay83
 
Le probleme c'est que je peux pas lancer Spybot... Ctrl+Alt+Suppr et arret de Tea Timer dans les processus?
0
Réponse 13 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
laisses tomber

passes à combofix
0
Réponse 14 / 21
timay83
 
Voila j'ai fait deux scans parce que la premiere fois il n'y avait pas la console de recup installée.

ComboFix 10-01-04.01 - Marv 10/01/2010 1:16.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1791.1318 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marv\Bureau\MDG.exe
Commutateurs utilisés :: c:\documents and settings\Marv\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 ))))))))))))))))))))))))))))))))))))
.

2010-01-10 00:26 . 2010-01-10 00:28 -------- d-----w- C:\Torrent
2010-01-10 00:09 . 2010-01-10 00:16 -------- d-----w- C:\Photos
2010-01-10 00:03 . 2010-01-10 00:06 -------- d-----w- C:\Musique
2010-01-09 23:56 . 2010-01-10 00:03 -------- d-----w- C:\M&A
2010-01-09 23:42 . 2010-01-10 00:08 -------- d-----w- C:\MDG
2010-01-09 23:36 . 2010-01-09 23:53 -------- d-----w- C:\Films
2010-01-09 23:31 . 2010-01-09 23:32 -------- d-----w- C:\Dessins
2010-01-09 23:28 . 2010-01-09 23:29 -------- d-----w- C:\Guitar Pro 5
2010-01-09 20:24 . 2008-09-25 16:35 181120 ----a-w- c:\windows\system32\drivers\ext2fs.sys
2010-01-09 20:24 . 2008-08-28 21:45 51072 ----a-w- c:\windows\system32\drivers\ifsmount.sys
2010-01-09 20:24 . 2008-07-26 22:56 210432 ----a-w- c:\windows\system32\ifsdrives.dll
2010-01-09 20:22 . 2010-01-09 20:22 -------- d-----w- C:\CPM
2010-01-09 18:41 . 2010-01-09 18:42 -------- d-----w- c:\program files\trend micro
2010-01-09 18:41 . 2010-01-09 18:42 -------- d-----w- C:\rsit
2010-01-09 13:20 . 2010-01-09 13:36 -------- d-----w- C:\FindyKill
2010-01-09 12:09 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-09 12:09 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-09 12:09 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-09 12:09 . 2010-01-09 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-08 22:25 . 2010-01-08 22:25 -------- d-----w- c:\documents and settings\Marv\Application Data\DarkBls
2010-01-08 22:23 . 2010-01-08 22:23 -------- d-----w- c:\program files\SHOE
2010-01-08 20:43 . 2010-01-08 20:43 58904 ----a-w- c:\windows\system32\is4tray.dll
2010-01-08 20:43 . 2010-01-08 20:53 -------- d-----w- c:\program files\Invisible Secrets 4
2010-01-07 19:14 . 2010-01-07 19:14 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2010-01-02 18:21 . 2010-01-02 18:21 -------- d-----w- c:\windows\Performance
2010-01-02 18:21 . 2010-01-02 18:21 -------- d-----w- c:\documents and settings\Marv\Local Settings\Application Data\Microsoft Corporation
2010-01-02 18:21 . 2010-01-02 18:21 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-01-01 19:54 . 2010-01-01 19:54 -------- d-----w- c:\program files\MSXML 4.0
2009-12-28 12:00 . 2009-12-28 12:00 5248 ----a-w- c:\windows\system32\giveio.sys
2009-12-28 11:54 . 2009-12-28 12:10 -------- d-----w- c:\program files\SSC Service Utility
2009-12-27 18:12 . 2009-12-27 18:36 -------- d-----w- c:\program files\Burn4Free
2009-12-27 17:01 . 2009-12-27 17:45 -------- d-----w- c:\documents and settings\Marv\Application Data\Dr. DivX 2.0 OSS
2009-12-27 16:15 . 2009-12-27 16:16 -------- d-----w- C:\divx
2009-12-27 15:47 . 2009-12-27 15:47 -------- d-----w- c:\program files\ahead
2009-12-27 10:44 . 2009-12-27 10:45 -------- d-----w- c:\program files\VirtualDJ
2009-12-26 23:07 . 2009-12-27 14:08 -------- d-----w- c:\documents and settings\Marv\Local Settings\Application Data\WMTools Downloaded Files
2009-12-26 22:48 . 2010-01-09 12:09 -------- d-----w- c:\documents and settings\Marv\Application Data\MAGIX
2009-12-26 22:48 . 2007-04-27 09:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-12-26 22:48 . 2009-12-26 22:48 -------- d-----w- c:\program files\Fichiers communs\MAGIX Services
2009-12-26 11:39 . 2009-12-26 11:39 -------- d-----w- c:\program files\Audacity
2009-12-26 09:33 . 2009-12-26 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\POP3Profiles
2009-12-26 09:31 . 2009-12-26 09:31 -------- d-----w- c:\program files\Ubisoft
2009-12-25 13:36 . 2009-12-25 13:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-25 13:36 . 2009-12-25 13:36 -------- d-----w- c:\program files\MSBuild
2009-12-25 13:36 . 2009-12-25 13:36 -------- d-----w- c:\program files\Reference Assemblies
2009-12-25 13:36 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-25 13:35 . 2009-12-25 13:36 -------- d-----w- C:\a81cdd646c0df1b31a
2009-12-25 13:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-25 13:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-25 13:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-25 13:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-25 13:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-25 13:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-25 13:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-25 13:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-25 01:57 . 2009-12-25 01:57 -------- d-----w- c:\documents and settings\Marv\Application Data\Red Kawa
2009-12-25 01:53 . 2009-12-25 01:53 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-25 01:53 . 2009-12-25 01:53 -------- d-----w- c:\program files\Red Kawa
2009-12-19 13:20 . 2009-12-19 13:20 -------- d-----w- c:\program files\iPod
2009-12-19 13:19 . 2009-12-25 00:28 -------- d-----w- c:\program files\iTunes
2009-12-19 13:16 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-19 13:16 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-12-19 13:16 . 2009-12-19 13:16 -------- d-----w- c:\windows\Logs
2009-12-19 13:14 . 2009-12-19 13:15 -------- d-----w- c:\program files\QuickTime
2009-12-19 13:12 . 2010-01-08 20:52 -------- d-----w- c:\documents and settings\Marv\Application Data\Winamp
2009-12-19 13:12 . 2009-12-19 13:18 -------- d-----w- c:\program files\Winamp
2009-12-19 13:01 . 2009-12-19 13:20 -------- d-----w- c:\documents and settings\Marv\Application Data\Mp3tag
2009-12-19 13:01 . 2009-12-19 13:01 -------- d-----w- c:\program files\Mp3tag
2009-12-19 13:00 . 2009-12-19 13:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-19 12:26 . 2009-12-19 12:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-12 16:33 . 2009-12-12 16:34 -------- d-----w- c:\program files\GeoGebra

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 00:09 . 2009-08-30 18:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-09 23:42 . 2009-09-12 16:02 -------- d-----w- c:\documents and settings\Marv\Application Data\Skype
2010-01-09 23:42 . 2009-08-29 23:28 -------- d-----w- c:\documents and settings\Marv\Application Data\uTorrent
2010-01-09 13:18 . 2009-08-29 21:28 -------- d-----w- c:\documents and settings\Marv\Application Data\vlc
2010-01-09 12:07 . 2009-09-06 21:55 -------- d-----w- c:\program files\DivX
2010-01-09 12:07 . 2009-11-01 19:48 -------- d-----w- c:\program files\DicoRime
2010-01-09 12:02 . 2009-09-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Aspell
2010-01-03 14:29 . 2009-09-01 00:47 -------- d-----w- c:\documents and settings\Marv\Application Data\dvdcss
2009-12-27 13:48 . 2009-08-29 15:27 43104 ----a-w- c:\documents and settings\Marv\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 22:50 . 2009-12-26 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-12-26 09:31 . 2009-08-29 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 02:03 . 2003-04-24 14:00 84724 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-26 02:03 . 2003-04-24 14:00 510562 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-25 00:28 . 2009-08-31 14:35 -------- d-----w- c:\documents and settings\Marv\Application Data\Apple Computer
2009-12-24 19:32 . 2009-12-10 13:13 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-24 19:32 . 2009-12-10 13:13 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-12-21 15:43 . 2009-10-10 09:48 20516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-20 17:45 . 2009-12-10 10:58 -------- d-----w- c:\program files\Pandora Recovery
2009-12-19 13:20 . 2009-08-31 14:32 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-19 12:36 . 2009-10-04 15:07 -------- d-----w- c:\program files\Safari
2009-12-13 17:49 . 2009-11-15 19:04 59 ----a-w- c:\windows\wpd99.drv
2009-12-13 17:49 . 2009-11-15 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-12-13 12:25 . 2009-09-06 21:55 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-12-10 10:58 . 2009-12-10 10:58 -------- d-----w- c:\documents and settings\Marv\Application Data\PandoraRecovery
2009-11-15 19:47 . 2009-11-15 19:47 -------- d-----w- c:\program files\Ghostgum
2009-11-15 19:09 . 2009-11-15 19:09 -------- d-----w- c:\documents and settings\Marv\Application Data\pdf995
2009-11-15 19:06 . 2009-11-15 19:04 -------- d-----w- c:\program files\pdf995
2009-11-15 19:04 . 2009-11-15 19:04 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-11-15 19:04 . 2009-11-15 19:04 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-11-15 09:33 . 2009-11-15 09:33 -------- d-----w- c:\program files\Avira
2009-11-14 17:10 . 2009-11-14 11:28 -------- d-----w- c:\program files\LEd
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 18:13 . 2009-11-12 18:13 -------- d-----w- c:\program files\directx
2009-10-30 18:39 . 2009-10-30 18:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-30 18:39 . 2009-10-30 18:39 152576 ----a-w- c:\documents and settings\Marv\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-29 07:42 . 2003-04-24 14:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2009-08-29 15:19 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:39 . 2009-08-29 15:19 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-08-29 15:19 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-18 16:01 . 2009-10-18 16:01 127 ----a-w- c:\documents and settings\Marv\Local Settings\Application Data\fusioncache.dat
2009-10-13 10:33 . 2003-04-24 14:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2003-04-24 14:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2003-04-24 14:00 150528 ----a-w- c:\windows\system32\rastls.dll
2001-11-30 17:26 . 2001-11-30 17:26 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2003-04-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-04-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2003-04-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-04-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2008-04-13 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-13 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-13 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-13 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-13 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-13 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-13 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-13 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-13 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-13 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-13 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-13 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-13 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-13 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-13 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-13 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-13 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-13 17:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-13 17:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-19 14:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-04-13 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-13 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-13 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-13 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-13 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-13 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-13 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-29 . 09CF09FD79B523D72E63C7C87DA42B7B . 5940736 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . 09CF09FD79B523D72E63C7C87DA42B7B . 5940736 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-29 . CAAC5BF7EB6B3D0E58C9E94C70ACA4FC . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-22 . 15AF288B61A2E017B18D7E185080AC49 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . B6FCAFC596E6B91BBAACEAA65CBB3597 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 590162EA07145D620FA95D2454364FC4 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . 182C1908B26DD3BCEB58B735C3F97F7C . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 29AA8EA1DAA83DBEC54916669BF09077 . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . 19C9FC84B91467171674D76EB0224D48 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\ie8\mshtml.dll
[-] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2008-04-13 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2008-04-13 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-13 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\70f5406714b9a7b7c9769e146ad6c4dc\backup\sp3gdr\mshtml.dll
[-] 2008-04-13 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\70f5406714b9a7b7c9769e146ad6c4dc\backup\sp3qfe\mshtml.dll
[-] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-13 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-13 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-19 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-13 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-13 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-13 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-13 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-13 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-13 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-13 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-13 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-13 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-13 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-13 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-13 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-13 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-13 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-13 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-10-29 . AB28712FEB7BE2A52A9ABFA0FF94C1B6 . 916480 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . AB28712FEB7BE2A52A9ABFA0FF94C1B6 . 916480 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-10-29 . F461ACD33F06BF1FB28FFF1EF345FE63 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 4CFF479B02819293167F42940B5EF12B . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 39E483C39E0EED381977EC1121ADD2BF . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . B0249F1B9F68E55CB7D2656339D13323 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 995E2754D7FB0203A45351A1376836ED . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\ie8\wininet.dll
[-] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-13 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2008-04-13 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-13 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\70f5406714b9a7b7c9769e146ad6c4dc\backup\sp3gdr\wininet.dll
[-] 2008-04-13 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\70f5406714b9a7b7c9769e146ad6c4dc\backup\sp3qfe\wininet.dll
[-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-13 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-13 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-13 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-13 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-13 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-13 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-13 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-13 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-13 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-13 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-13 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-13 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-13 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-13 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-13 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-13 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-13 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-13 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-13 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-13 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-13 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-13 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2003-04-24 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-13 17:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-13 17:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2003-04-24 14:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-13 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-13 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-13 17:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-19 14:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
[-] 2004-08-19 14:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2008-04-13 17:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-13 17:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-19 14:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-13 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-13 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Marv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-29 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-06 289584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Invisible Secrets 4"="c:\progra~1\INVISI~1\invtray.exe" [2005-03-01 786944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-05-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"upnphost"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [09/01/2010 21:24 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [09/01/2010 21:24 51072]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/01/2010 13:09 108289]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/10/2009 17:07 721904]
.
Contenu du dossier 'Tâches planifiées'

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-287218729-839522115-1003Core.job
- c:\documents and settings\Marv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 16:30]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-287218729-839522115-1003UA.job
- c:\documents and settings\Marv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-29 16:30]
.
.
------- Examen supplémentaire -------
.
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 01:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3596)
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-01-10 01:23:01
ComboFix-quarantined-files.txt 2010-01-10 00:22
ComboFix21.txt 2010-01-10 00:08

Avant-CF: 5 361 893 376 octets libres
Après-CF: 5 347 778 560 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

- - End Of File - - 4257FE665DA3CB98BDD15A0E4E0BE0A7
0
Réponse 15 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
• Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

• Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus → Exécuter en temps qu'administrateur
• L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
• A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
0
Réponse 16 / 21
timay83
 
17:25:09:375 2268 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
17:25:09:375 2268 ================================================================================
17:25:09:375 2268 SystemInfo:

17:25:09:375 2268 OS Version: 5.1.2600 ServicePack: 3.0
17:25:09:375 2268 Product type: Workstation
17:25:09:375 2268 ComputerName: MARVIN
17:25:09:375 2268 UserName: Marv
17:25:09:375 2268 Windows directory: C:\WINDOWS
17:25:09:375 2268 Processor architecture: Intel x86
17:25:09:375 2268 Number of processors: 1
17:25:09:375 2268 Page size: 0x1000
17:25:09:375 2268 Boot type: Normal boot
17:25:09:375 2268 ================================================================================
17:25:09:375 2268 ForceUnloadDriver: NtUnloadDriver error 2
17:25:09:375 2268 ForceUnloadDriver: NtUnloadDriver error 2
17:25:09:375 2268 ForceUnloadDriver: NtUnloadDriver error 2
17:25:09:375 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
17:25:09:375 2268 main: Driver KLMD successfully dropped
17:25:09:375 2268 main: Driver KLMD successfully loaded
17:25:09:375 2268
Scanning Registry ...
17:25:09:390 2268 ScanServices: Searching service UACd.sys
17:25:09:390 2268 ScanServices: Open/Create key error 2
17:25:09:390 2268 ScanServices: Searching service TDSSserv.sys
17:25:09:390 2268 ScanServices: Open/Create key error 2
17:25:09:390 2268 ScanServices: Searching service gaopdxserv.sys
17:25:09:390 2268 ScanServices: Open/Create key error 2
17:25:09:390 2268 ScanServices: Searching service gxvxcserv.sys
17:25:09:390 2268 ScanServices: Open/Create key error 2
17:25:09:390 2268 ScanServices: Searching service MSIVXserv.sys
17:25:09:390 2268 ScanServices: Open/Create key error 2
17:25:09:390 2268 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
17:25:09:390 2268 UnhookRegistry: Kernel local addr: A40000
17:25:09:421 2268 UnhookRegistry: KeServiceDescriptorTable addr: ABC020
17:25:09:640 2268 UnhookRegistry: KiServiceTable addr: A6AB9C
17:25:09:640 2268 UnhookRegistry: NtEnumerateKey service number (local): 47
17:25:09:640 2268 UnhookRegistry: NtEnumerateKey local addr: B83B72
17:25:09:640 2268 KLMD_OpenDevice: Trying to open KLMD device
17:25:09:640 2268 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
17:25:09:640 2268 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
17:25:09:640 2268 KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4]
17:25:09:640 2268 UnhookRegistry: NtEnumerateKey service number (kernel): 47
17:25:09:640 2268 KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4]
17:25:09:640 2268 UnhookRegistry: NtEnumerateKey real addr: 8061AB72
17:25:09:640 2268 UnhookRegistry: NtEnumerateKey calc addr: 8061AB72
17:25:09:640 2268 UnhookRegistry: No SDT hooks found on NtEnumerateKey
17:25:09:640 2268 KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA]
17:25:09:640 2268 UnhookRegistry: No splicing found on NtEnumerateKey
17:25:09:640 2268
Scanning Kernel memory ...
17:25:09:656 2268 KLMD_OpenDevice: Trying to open KLMD device
17:25:09:656 2268 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
17:25:09:656 2268 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:25:09:656 2268 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A404158
17:25:09:656 2268 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
17:25:09:656 2268 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A3C9C68
17:25:09:656 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C9C68
17:25:09:656 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A3C9C68[0x38]
17:25:09:656 2268 DetectCureTDL3: DRIVER_OBJECT addr: 8A404158
17:25:09:656 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A404158[0xA8]
17:25:09:656 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1023378[0x208]
17:25:09:656 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:25:09:656 2268 DetectCureTDL3: IrpHandler (0) addr: B811EBB0
17:25:09:656 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (2) addr: B811EBB0
17:25:09:656 2268 DetectCureTDL3: IrpHandler (3) addr: B8118D1F
17:25:09:656 2268 DetectCureTDL3: IrpHandler (4) addr: B8118D1F
17:25:09:656 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (9) addr: B81192E2
17:25:09:656 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (14) addr: B81193BB
17:25:09:656 2268 DetectCureTDL3: IrpHandler (15) addr: B811CF28
17:25:09:656 2268 DetectCureTDL3: IrpHandler (16) addr: B81192E2
17:25:09:656 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (22) addr: B811AC82
17:25:09:656 2268 DetectCureTDL3: IrpHandler (23) addr: B811F99E
17:25:09:656 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:25:09:656 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:25:09:656 2268 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
17:25:09:656 2268 KLMD_ReadMem: DeviceIoControl error 1
17:25:09:656 2268 TDL3_StartIoHookDetect: Unable to get StartIo handler code
17:25:09:656 2268 TDL3_FileDetect: Processing driver: Disk
17:25:09:656 2268 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
17:25:09:656 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
17:25:09:656 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
17:25:09:671 2268 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A3CAC68
17:25:09:671 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3CAC68
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A3CAC68[0x38]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT addr: 8A404158
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A404158[0xA8]
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1023378[0x208]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:25:09:671 2268 DetectCureTDL3: IrpHandler (0) addr: B811EBB0
17:25:09:671 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (2) addr: B811EBB0
17:25:09:671 2268 DetectCureTDL3: IrpHandler (3) addr: B8118D1F
17:25:09:671 2268 DetectCureTDL3: IrpHandler (4) addr: B8118D1F
17:25:09:671 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (9) addr: B81192E2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (14) addr: B81193BB
17:25:09:671 2268 DetectCureTDL3: IrpHandler (15) addr: B811CF28
17:25:09:671 2268 DetectCureTDL3: IrpHandler (16) addr: B81192E2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (22) addr: B811AC82
17:25:09:671 2268 DetectCureTDL3: IrpHandler (23) addr: B811F99E
17:25:09:671 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
17:25:09:671 2268 KLMD_ReadMem: DeviceIoControl error 1
17:25:09:671 2268 TDL3_StartIoHookDetect: Unable to get StartIo handler code
17:25:09:671 2268 TDL3_FileDetect: Processing driver: Disk
17:25:09:671 2268 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
17:25:09:671 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
17:25:09:671 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
17:25:09:671 2268 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A3CB9F0
17:25:09:671 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3CB9F0
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A3CB9F0[0x38]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT addr: 8A404158
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A404158[0xA8]
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1023378[0x208]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
17:25:09:671 2268 DetectCureTDL3: IrpHandler (0) addr: B811EBB0
17:25:09:671 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (2) addr: B811EBB0
17:25:09:671 2268 DetectCureTDL3: IrpHandler (3) addr: B8118D1F
17:25:09:671 2268 DetectCureTDL3: IrpHandler (4) addr: B8118D1F
17:25:09:671 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (9) addr: B81192E2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (14) addr: B81193BB
17:25:09:671 2268 DetectCureTDL3: IrpHandler (15) addr: B811CF28
17:25:09:671 2268 DetectCureTDL3: IrpHandler (16) addr: B81192E2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (22) addr: B811AC82
17:25:09:671 2268 DetectCureTDL3: IrpHandler (23) addr: B811F99E
17:25:09:671 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
17:25:09:671 2268 KLMD_ReadMem: DeviceIoControl error 1
17:25:09:671 2268 TDL3_StartIoHookDetect: Unable to get StartIo handler code
17:25:09:671 2268 TDL3_FileDetect: Processing driver: Disk
17:25:09:671 2268 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
17:25:09:671 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
17:25:09:671 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
17:25:09:671 2268 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A374AB8
17:25:09:671 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A374AB8
17:25:09:671 2268 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A3CD9E8
17:25:09:671 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3CD9E8
17:25:09:671 2268 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A385D98
17:25:09:671 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A385D98
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A385D98[0x38]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT addr: 8A404D20
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0x8A404D20[0xA8]
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1005CF8[0x208]
17:25:09:671 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
17:25:09:671 2268 DetectCureTDL3: IrpHandler (0) addr: B7F146F2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (2) addr: B7F146F2
17:25:09:671 2268 DetectCureTDL3: IrpHandler (3) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (4) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (9) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (14) addr: B7F14712
17:25:09:671 2268 DetectCureTDL3: IrpHandler (15) addr: B80E98B4
17:25:09:671 2268 DetectCureTDL3: IrpHandler (16) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (22) addr: B7F1473C
17:25:09:671 2268 DetectCureTDL3: IrpHandler (23) addr: B7F1B336
17:25:09:671 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
17:25:09:671 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
17:25:09:671 2268 KLMD_ReadMem: Trying to ReadMemory 0xB7F11864[0x400]
17:25:09:671 2268 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
17:25:09:671 2268 TDL3_FileDetect: Processing driver: atapi
17:25:09:671 2268 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
17:25:09:671 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
17:25:09:671 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
17:25:09:750 2268
Completed

Results:
17:25:09:750 2268 Infected objects in memory: 0
17:25:09:750 2268 Cured objects in memory: 0
17:25:09:750 2268 Infected objects on disk: 0
17:25:09:750 2268 Objects on disk cured on reboot: 0
17:25:09:750 2268 Objects on disk deleted on reboot: 0
17:25:09:750 2268 Registry nodes deleted on reboot: 0
17:25:09:750 2268
0
Réponse 17 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
relances RSIT et postes juste le rapport log
0
Réponse 18 / 21
timay83
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marv at 2010-01-11 14:08:01
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (39%) free of 118 GB
Total RAM: 1791 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:17, on 11/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Marv\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marv\Mes documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Marv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 19 / 21
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

dans cet ordre (tu peux poster les rapports en suivant)

1)
Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur le bureau .

• Choisir l'option2
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

......................

2)
Téléchargez Toolbar-S&D ( Merci à Eric_71, Angel Dark, Sham_Rock et XmichouX ) sur le Bureau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lancez l'installation du programme en exécutant le fichier téléchargé.
Double-cliquez maintenant sur le raccourci de Toolbar-S&D.
Sélectionnez la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisir maintenant l'option 2 (Suppression)). Patientez jusqu'à la fin de la recherche.
Postez le rapport généré. (C:\TB.txt)

Tuto: https://sites.google.com/site/toolbarsd/aideenimages

......................

3)
Télécharge GMER à partir de ce lien : http://www.gmer.net#files - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : https://www.malekal.com/tutorial-gmer/

Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
Laisse tout coché.
Clic sur Scan
Lorsque le scan est terminé, clic sur "Copy"

Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

0
Réponse 20 / 21
timay83
 
############################## | UsbFix V6.073 |

User : Marv (Administrateurs) # MARVIN
Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 15:06:29 | 11/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Mobile AMD Sempron(tm) Processor 3600+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local # 139,29 Go (68,03 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 7,46 Go (7,45 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 652
C:\WINDOWS\system32\csrss.exe 720
C:\WINDOWS\system32\winlogon.exe 744
C:\WINDOWS\system32\services.exe 792
C:\WINDOWS\system32\lsass.exe 804
C:\WINDOWS\system32\svchost.exe 964
C:\WINDOWS\system32\svchost.exe 1024
C:\WINDOWS\System32\svchost.exe 1064
C:\WINDOWS\System32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1252
C:\WINDOWS\system32\WgaTray.exe 1576
C:\WINDOWS\Explorer.EXE 1608
C:\WINDOWS\system32\spoolsv.exe 1668
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1744
C:\WINDOWS\System32\svchost.exe 1808
C:\WINDOWS\System32\acs.exe 840
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1092
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1180
C:\Program Files\Bonjour\mDNSResponder.exe 1192
C:\Program Files\Java\jre6\bin\jqs.exe 1340
C:\WINDOWS\system32\nvsvc32.exe 1408
C:\WINDOWS\System32\svchost.exe 1936
C:\WINDOWS\system32\wuauclt.exe 456
C:\WINDOWS\System32\wbem\wmiapsrv.exe 2204
C:\WINDOWS\system32\wbem\wmiprvse.exe 2280
C:\WINDOWS\System32\alg.exe 2680
C:\WINDOWS\system32\wbem\wmiprvse.exe 2688

################## | Elements infectieux |

Supprimé ! C:\DOCUME~1\Marv\LOCALS~1\Temp\Setup.exe
Supprimé ! C:\Recycler\S-1-5-21-1645522239-287218729-839522115-1003
Supprimé ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{220f5987-fe37-11de-9a08-806d6172696f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[29/08/2009 15:15|--a------|0] C:\AUTOEXEC.BAT
[26/10/2009 22:18|--a------|212] C:\Boot.bak
[10/01/2010 01:15|-rahs----|282] C:\boot.ini
[24/04/2003 15:00|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] C:\cmldr
[10/01/2010 01:23|--a------|48002] C:\ComboFix.txt
[29/08/2009 15:15|--a------|0] C:\CONFIG.SYS
[05/10/2009 23:13|--a------|148] C:\dxlog.txt
[29/08/2009 15:15|-rahs----|0] C:\IO.SYS
[29/08/2009 15:15|-rahs----|0] C:\MSDOS.SYS
[29/08/2009 16:17|-rahs----|47564] C:\NTDETECT.COM
[29/08/2009 17:00|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[10/01/2010 17:25|--a------|31944] C:\TDSSKiller.2.1.1_10.01.2010_17.25.09_log.txt
[11/01/2010 15:13|--a------|3390] C:\UsbFix.txt
[09/01/2010 23:10|--a------|795] E:\ubnpathl.txt
[24/09/2007 23:27|--a------|391168] E:\visopsys
[24/09/2007 23:26|--a------|14347] E:\vloader
[09/01/2010 23:13|--a------|13332] E:\ubnfilel.txt
[09/01/2010 23:13|-rahs----|13639] E:\ldlinux.sys
[09/01/2010 23:13|--a------|159] E:\syslinux.cfg
[09/01/2010 23:13|--a------|145680] E:\vesamenu.c32

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.

################## | Crack > Keygen > Serial |

"C:\Torrent\Termin‚s\Photomatix Pro v3.2+ SERIAL\PhotomatixPro32x32.exe"
18/10/2009 15:17 |Size 3338856 |Crc32 4ae69f2a |Md5 b28df46877dd8e437dd4059dbeb0b610

"C:\Torrent\Termin‚s\Atomix Virtual DJ Professional v6.0.4 Multilangages + Crack.rar"
-> contain : install_virtualdj_pro_v6.0.4.exe

"C:\Torrent\Termin‚s\Atomix Virtual DJ Professional v6.0.4 Multilangages + Crack.rar"
-> contain : Crack\virtualdj.exe

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\Marv\Bureau\UsbFix_Upload_Me_MARVIN.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
0

Discussions similaires

Problème avec discord pour le lancer au démarrage
Sarkarth -
fabul -

4 réponses
jeux affichés sur le mauvais ecran
Julie22 -
Elia -

5 réponses
Discord se lance mais l'écran se reste gris et rien ne se passe
Azo23 -
theo -

42 réponses
Discord ne s'ouvre pas
plouc99 -
plouc99 -

3 réponses
Pilote AMD Software : Adrenalin Edition ne s'ouvre pas
A4xn -
bazfile -

1 réponse