Sujet Précédent Sujet Suivant

Problème important Win32

Fermé
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008 - 25 juil. 2008 à 11:11
 Utilisateur anonyme - 30 juil. 2008 à 12:40
Bonjour,

Alors voila, il y a quelques jours j'ai essayé d'installer un logiciel et le problème suivant est apparu "Ce n'est pas une application Win32 valide". J'ai cherché pour voir ce qu'était Win32 exactement et j'ai découvert que c'était tout simplement une merde. J'ai bau faire des scans avec mon antivirus ou même en ligne mais ils ne trouvent rien, sa m'énerve, en plus mon ordi subit de fort ralentissement a intermittence quand je suis sur internet ( même maintenant d'ailleurs ).
J'ai aussi vu des fichier qui me semble suspect dans C:/Documents and Settings/Anthony/Local Settings/Temp comme swt-win32-3430.dll et un autre ou j'ai des doutes ~DFEC15.tmp , je les supprimes mais ils reviennent toujours.

Est ce que quelqu'un pourrait m'aider a résoudre ce problème et a me débarrasser de c virus ?

56 réponses

Précédent
Réponse 21 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 17:05
D'accord alors voila d'abord le main.txt

Deckard's System Scanner v20071014.68
Run by Anthony on 2008-07-27 16:49:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
164: 2008-07-27 14:50:25 UTC - RP164 - Deckard's System Scanner Restore Point
163: 2008-07-27 08:44:15 UTC - RP163 - ComboFix created restore point
162: 2008-07-26 18:48:25 UTC - RP162 - Installé Nero 8 Trial
161: 2008-07-26 17:23:11 UTC - RP161 - Le Service Pack 3 pour Windows XP a été installé.
160: 2008-07-26 16:30:58 UTC - RP160 - Supprimé Nero - Burning Rom


-- First Restore Point --
1: 2008-06-08 17:38:50 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:57, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\CONTRO~1\bin\optgui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Anthony\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1409082233-1292428093-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: bw+0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FEBA860B-9291-44C8-B10D-DBD0C666EF32} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 22 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 17:06
et voila le extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Architecture: X86; Language: French

Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.23 MiB / 537.72 MiB
Pagefile Memory (total/avail): 2459.98 MiB / 1972.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 32.79 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anthony\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=STIVY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anthony
LOGONSERVER=\\STIVY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\MKVtoolnix;C:\Program Files\Fichiers communs\Nero\Lib\;C:\Program Files\Fichiers communs\Nero\Lib\;C:\Program Files\Fichiers communs\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
TMP=C:\DOCUME~1\Anthony\LOCALS~1\Temp
USERDOMAIN=STIVY
USERNAME=Anthony
USERPROFILE=C:\Documents and Settings\Anthony
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Anthony [I](admin)/I


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe® Photoshop® Album Edition Découverte 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AntiVirus Firewall --> "C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x40c
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\setup.exe" -l0x40c
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS_Ai_Proactive_Screensaver (E) --> C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr /u
ASUSUpdate --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Contrôle Parental --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
Cool & Quiet --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
CoreAAC Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreAAC-uninstall.exe"
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x40c /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative Zen Micro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x40c /remove
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DS Legends of Aranna --> "C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
eMule --> "C:\Program Files\eMule\Uninstall.exe"
encodeur Real Video Producer --> C:\Program Files\Producer\PRODUCER_Uninstal.exe
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F19D07BC-6240-49D3-BA5C-59B015DF8916}\SETUP.EXE" -l0x40c UNINST
EPSON Event Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x40c -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Print CD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x40c -SYSTEM
EPSON PRINT Image Framer Tool --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD04987D-96A6-4FE1-813B-82B77B8B809C}\SETUP.EXE" -l0x40c anything
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX640 Guide d'utilisation --> C:\Program Files\EPSON\TPMANUAL\ESPRX640\USE_G\DOCUNINS.EXE
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Gestionnaire Internet --> C:\PROGRA~1\Wanadoo\uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 4.0.0 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x40c UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly
LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly
Magellan POI File Editor --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{104A059B-CD20-4632-A8F6-D8C80E14782D}\Setup.exe" -l0x40c
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MKVtoolnix 2.2.0 --> C:\Program Files\MKVtoolnix\uninst.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Navigateur Orange --> C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Nero 8 Trial --> MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
OpenOffice.org 2.4 --> MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Pack PSP - Ri4m - v1.0a --> C:\Program Files\Pack PSP - Ri4m\Uninstal.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PHOTOfunSTUDIO -viewer- --> C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x040cPackage -removeonly
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Ri4m v5.0.1d --> C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
RIAM Video Enhancer --> C:\Program Files\RIAM Video Enhancer\Uninstal.exe
Ripp-It Codec Pack v 4.2.6 --> C:\Program Files\Ripp-It Codec Pack\uninst.exe
SILKYPIX Developer Studio 2.1 SE --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{5B25274F-088A-4A24-AE12-4AEE9278025A} /l1036 UNINSTALL
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe"
x264 Revision 573 x264.nl (remove only) --> "C:\Program Files\x264\x264-uninstall.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2387 / Error
Event Submitted/Written: 07/27/2008 04:44:15 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
10 2008-07-27 16:44:12+02:00 stivy STIVY\Anthony F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ORANGE\ANTIVIRUSFIREWALL\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type2386 / Error
Event Submitted/Written: 07/27/2008 02:26:56 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
9 2008-07-27 14:26:53+02:00 stivy STIVY\Anthony F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\RASDLG.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type2385 / Error
Event Submitted/Written: 07/27/2008 01:02:39 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
8 2008-07-27 13:02:36+02:00 stivy STIVY\Anthony F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ORANGE\ANTIVIRUSFIREWALL\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type2384 / Error
Event Submitted/Written: 07/27/2008 11:44:59 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
7 2008-07-27 11:44:57+02:00 stivy STIVY\Anthony F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\K-LITE CODEC PACK\MEDIA PLAYER CLASSIC\MPLAYERC.INI was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type2383 / Error
Event Submitted/Written: 07/27/2008 11:28:28 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
6 2008-07-27 11:28:26+02:00 stivy STIVY\Anthony F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\AC3FILTER.AX was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8492 / Error
Event Submitted/Written: 07/27/2008 04:39:43 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type8491 / Error
Event Submitted/Written: 07/27/2008 04:39:38 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type8490 / Error
Event Submitted/Written: 07/27/2008 04:39:33 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type8489 / Error
Event Submitted/Written: 07/27/2008 04:39:28 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Event Record #/Type8488 / Error
Event Submitted/Written: 07/27/2008 04:21:05 PM
Event ID/Source: 7 / Disk
Event Description:
Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.



-- End of Deckard's System Scanner: finished at 2008-07-27 16:53:12 ------------
0
Réponse 23 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 17:08
et j'ai aussi un moved.txt

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-07-27 11:05:16 0 d-------- C:\DOCUME~1\Anthony\LOCALS~1\Temp\e4jC1.tmp_dir5346
2008-07-27 11:05:17 0 d-------- C:\DOCUME~1\Anthony\LOCALS~1\Temp\hsperfdata_Anthony

-*- End of Logfile -*-
0
Réponse 24 / 56
Utilisateur anonyme
27 juil. 2008 à 17:16
ok

désinstal Desktop Messenger

ensuite :


Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\ScUnin.exe
Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 17:51
Euh sa me met Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/33 (0%)

je dois attendre encore ou pas ?
0
Réponse 26 / 56
Utilisateur anonyme
27 juil. 2008 à 17:54
laisse tans pis

un dernier scan stp

Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"
Ouvres le et double-clic sur go.cmd et pas sur autre chose !

--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , fermes la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...


0
Réponse 27 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 20:19
Voici le rapport :

DiagHelp version v1.4 - http://www.malekal.com
excute le 27/07/2008 à 20:12:34,66


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->27/07/2008 20:12:13
C:\WINDOWS\prefetch\LICMGR.EXE-15748A15.pf -->27/07/2008 20:11:54
C:\WINDOWS\prefetch\FSDC.EXE-200127F2.pf -->27/07/2008 20:11:44
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->27/07/2008 20:11:41
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->27/07/2008 20:11:32
C:\WINDOWS\prefetch\MPLAYERC.EXE-06A9CBF3.pf -->27/07/2008 19:45:50
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->27/07/2008 19:37:53
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->27/07/2008 19:37:49
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->27/07/2008 18:30:00
C:\WINDOWS\prefetch\CCLEANER.EXE-0BCE437C.pf -->27/07/2008 17:39:26

C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->23/07/2008 20:09:44
C:\WINDOWS\System32\drivers\mbam.sys -->23/07/2008 20:09:38
C:\WINDOWS\System32\drivers\nocashio.sys -->04/07/2008 07:56:19
C:\WINDOWS\System32\drivers\fetnd5bv.sys -->25/06/2008 06:36:08
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12
C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 13:40:08
C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 13:08:27

C:\WINDOWS\System32\nvapps.xml -->26/07/2008 21:32:20
C:\WINDOWS\System32\MsiExec.exe.log -->26/07/2008 21:07:44
C:\WINDOWS\System32\spupdwxp.log -->26/07/2008 19:36:10
C:\WINDOWS\System32\wpa.dbl -->26/07/2008 19:35:38
C:\WINDOWS\System32\CmdLineExt03.dll -->23/07/2008 12:18:14
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->22/07/2008 16:11:02
C:\WINDOWS\System32\FNTCACHE.DAT -->21/07/2008 07:11:00
C:\WINDOWS\System32\rmoc3260.dll -->07/07/2008 05:00:00
C:\WINDOWS\System32\pndx5032.dll -->07/07/2008 05:00:00
C:\WINDOWS\System32\pndx5016.dll -->07/07/2008 05:00:00
C:\WINDOWS\System32\pncrt.dll -->07/07/2008 05:00:00
C:\WINDOWS\System32\lameACM.acm -->04/07/2008 08:34:14
C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log -->25/06/2008 23:51:40
C:\WINDOWS\System32\MRT.exe -->25/06/2008 18:15:46
C:\WINDOWS\System32\mswsock.dll -->20/06/2008 19:47:22
C:\WINDOWS\System32\dnsapi.dll -->20/06/2008 19:47:22
C:\WINDOWS\System32\x264vfw.dll -->18/06/2008 22:37:28
C:\WINDOWS\System32\ealregsnapshot1.reg -->18/06/2008 12:13:40
C:\WINDOWS\System32\ff_vfw.dll -->12/06/2008 20:36:38
C:\WINDOWS\System32\javaws.exe -->10/06/2008 02:32:34
C:\WINDOWS\System32\javacpl.cpl -->10/06/2008 02:32:34
C:\WINDOWS\System32\javaw.exe -->10/06/2008 01:21:04
C:\WINDOWS\System32\java.exe -->10/06/2008 01:21:01
C:\WINDOWS\System32\OggDSuninst.exe -->09/06/2008 15:55:13
C:\WINDOWS\System32\CoreAAC-uninstall.exe -->09/06/2008 15:55:02

C:\WINDOWS\setupapi.log -->27/07/2008 20:11:54
C:\WINDOWS\NeroDigital.ini -->27/07/2008 19:45:53
C:\WINDOWS\wiadebug.log -->27/07/2008 18:33:11
C:\WINDOWS\WindowsUpdate.log -->27/07/2008 13:04:19
C:\WINDOWS\system.ini -->27/07/2008 10:47:49
C:\WINDOWS\wiaservc.log -->27/07/2008 10:34:45
C:\WINDOWS\bootstat.dat -->27/07/2008 10:34:27
C:\WINDOWS\SchedLgU.Txt -->27/07/2008 00:01:14
C:\WINDOWS\UPGRADE.TXT -->26/07/2008 23:04:40
C:\WINDOWS\win.ini -->26/07/2008 22:54:10
C:\WINDOWS\Sti_Trace.log -->26/07/2008 17:27:50
C:\WINDOWS\avisplitter.INI -->24/07/2008 23:29:58
C:\WINDOWS\Dessinez, C'est Disney.INI -->20/07/2008 16:22:49
C:\WINDOWS\QTFont.qfn -->12/07/2008 20:00:23
C:\WINDOWS\Kit.ini -->09/07/2008 23:05:03

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 3600
Command line: C:\WINDOWS\explorer.exe

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll
0x10000000 0xbf000 4.00.0016.0000 C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
0x00d10000 0x11000 2.01.0000.0000 C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
0x01580000 0xda000 4.00.0010.0000 C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x018a0000 0x8a000 4.00.0010.0000 C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\System32\msvcp60.dll
0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x02fd0000 0x3c000 1.02.6950.0000 C:\Program Files\Orange\AntivirusFirewall\Spam Control\fsscoepl.dll
0x02b10000 0x10000 C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
0x02b20000 0xb000 C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
0x031e0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x02b90000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x02bd0000 0x9000 7.00.12180.0000 C:\Program Files\Orange\AntivirusFirewall\Common\fpshx.dll
0x17000000 0x1d000 7.50.10035.0000 C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.dll
0x18000000 0x12000 7.50.10035.0000 C:\Program Files\Orange\AntivirusFirewall\Common\FSPMAPI.dll
0x02e40000 0x38000 7.02.3140.0000 C:\Program Files\Orange\AntivirusFirewall\Common\fslapi.dll
0x03150000 0xc000 7.00.12180.0000 C:\Program Files\Orange\AntivirusFirewall\Common\fpshx.eng
0x03230000 0x40000 3.05.0003.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x03980000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x04270000 0x9a000 6.86.0101.0002 C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll
0x04400000 0xc8000 6.86.0134.0006 C:\Program Files\Nokia\Nokia PC Suite 6\NGSCM.DLL
0x04310000 0xa000 6.86.0063.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
0x04320000 0x8e000 6.86.0020.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
0x03600000 0xe000 C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.4\program\MSVCR71.dll
0x03e70000 0x3c000 3.04.0000.0000 C:\WINDOWS\system32\mp3fhg.acm
0x5f290000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.4\program\uwinapi.dll
0x61310000 0x54000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
0x60e20000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.4\program\MSVCP71.dll
0x03010000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x03fa0000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
0x05010000 0x202000 3.03.0003.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x04240000 0x13000 4.57.0000.0000 C:\Program Files\7-Zip\7-zip.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x04a60000 0x15a000 8.03.0006.0000 C:\Program Files\Fichiers communs\Nero\Shared\NL3\ShellManager3.dll
0x056e0000 0x2d2000 6.14.0010.5664 C:\WINDOWS\System32\nvcpl.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\System32\OLEACC.dll
0x02980000 0x70000 6.14.0010.5664 C:\WINDOWS\System32\nvshell.dll
0x028f0000 0x42000 6.14.0010.5664 C:\WINDOWS\system32\NVWRSFR.DLL
0x00fd0000 0x16000 6.16.0061.0000 C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
0x02a10000 0x1a000 C:\WINDOWS\system32\CmdLineExt03.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 648
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x10000000 0x16000 6.16.0061.0000 C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C59-96B0

Répertoire de C:\WINDOWS\system32

14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 35 197 874 176 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C59-96B0

Répertoire de C:\WINDOWS\Downloaded Program Files

09/07/2008 17:00 <REP> .
09/07/2008 17:00 <REP> ..
27/06/2008 16:47 289 as2stubie.inf
08/06/2008 19:23 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
11/04/2007 14:55 1 292 erma.inf
25/07/2002 17:05 172 032 isusweb.dll
30/07/2007 19:24 293 wuweb.inf
7 fichier(s) 395 155 octets

Total des fichiers listés :
7 fichier(s) 395 155 octets
2 Rép(s) 35 197 870 080 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000004c3

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
212 - nvsvc32.exe
220 - FCH32.EXE
252 - optproxy.exe
336 - snmp.exe
612 - csrss.exe
648 - winlogon.exe
692 - services.exe
704 - lsass.exe
860 - svchost.exe
888 - FSM32.EXE
944 - svchost.exe
1036 - svchost.exe
1076 - svchost.exe
1120 - E_FATIAME.EXE
1172 - FAMEH32.EXE
1188 - fsqh.exe
1312 - svchost.exe
1324 - OPTGui.exe
1448 - spoolsv.exe
1500 - taskmgr.exe
1672 - TaskBarIcon.exe
1740 - ctfmon.exe
1792 - fsaua.exe
1936 - FSMA32.EXE
1948 - fsgk32.exe
2036 - FSMB32.EXE
2092 - fsdfwd.exe
2192 - fsav32.exe
2208 - cmd.exe
2312 - fsguidll.exe
2584 - alg.exe
3000 - fssm32.exe
3032 - fsus.exe
3424 - svchost.exe
3600 - explorer.exe

Total number of processes = 36
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806D0000 - \WINDOWS\system32\hal.dll
F7ADC000 - \WINDOWS\system32\KDCOM.DLL
F79EC000 - \WINDOWS\system32\BOOTVID.dll
F73DB000 - spoi.sys
F7ADE000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F73C3000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7394000 - ACPI.sys
F7383000 - pci.sys
F75DC000 - isapnp.sys
F7BA4000 - pciide.sys
F785C000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F7AE0000 - viaide.sys
F75EC000 - MountMgr.sys
F7364000 - ftdisk.sys
F7864000 - PartMgr.sys
F786C000 - pavboot.sys
F75FC000 - VolSnap.sys
F734C000 - atapi.sys
F760C000 - disk.sys
F761C000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F732C000 - fltmgr.sys
F731A000 - sr.sys
F762C000 - PxHelp20.sys
F7303000 - KSecDD.sys
F72F0000 - WudfPf.sys
F7263000 - Ntfs.sys
F763C000 - fsdfw.sys
F7236000 - \WINDOWS\System32\drivers\NDIS.SYS
F7874000 - \WINDOWS\System32\drivers\fsndis5.sys
F787C000 - viaagp1.sys
F721C000 - Mup.sys
F6A8D000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F6A79000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F771C000 - \SystemRoot\system32\DRIVERS\imapi.sys
F78CC000 - \SystemRoot\system32\drivers\Afc.sys
F78D4000 - \SystemRoot\system32\drivers\pfc.sys
F772C000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F773C000 - \SystemRoot\System32\DRIVERS\redbook.sys
F6A56000 - \SystemRoot\System32\DRIVERS\ks.sys
F78DC000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6A32000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F78E4000 - \SystemRoot\System32\DRIVERS\fdc.sys
F6A1E000 - \SystemRoot\System32\DRIVERS\parport.sys
F7B0C000 - \SystemRoot\System32\DRIVERS\ASACPI.sys
F774C000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F78EC000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F6A0D000 - \SystemRoot\System32\DRIVERS\serial.sys
F71E0000 - \SystemRoot\System32\DRIVERS\serenum.sys
F6693000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F666F000 - \SystemRoot\system32\drivers\portcls.sys
F775C000 - \SystemRoot\system32\drivers\drmk.sys
F660A000 - \SystemRoot\System32\Drivers\azhva9ov.SYS
F77AC000 - \SystemRoot\System32\DRIVERS\AmdK8.sys
F7C80000 - \SystemRoot\System32\DRIVERS\audstub.sys
F77BC000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F6C60000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F64ED000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F77EC000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F77FC000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F795C000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F64DC000 - \SystemRoot\System32\DRIVERS\psched.sys
F780C000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F79BC000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F798C000 - \SystemRoot\System32\DRIVERS\raspti.sys
F76FC000 - \SystemRoot\System32\DRIVERS\termdd.sys
F79C4000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7B50000 - \SystemRoot\System32\DRIVERS\swenum.sys
F647E000 - \SystemRoot\System32\DRIVERS\update.sys
F7AB4000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F6504000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F783C000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7B6A000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7924000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7B80000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7D0A000 - \SystemRoot\System32\Drivers\Null.SYS
F7B82000 - \SystemRoot\System32\Drivers\Beep.SYS
F7934000 - \SystemRoot\System32\drivers\vga.sys
F7B84000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B86000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F793C000 - \SystemRoot\System32\Drivers\Msfs.SYS
F78F4000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7A9C000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F52C8000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F526F000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F5247000 - \SystemRoot\System32\DRIVERS\netbt.sys
F5225000 - \SystemRoot\System32\drivers\afd.sys
F769C000 - \SystemRoot\System32\DRIVERS\netbios.sys
F51FA000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F518A000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F76AC000 - \SystemRoot\System32\Drivers\Fips.SYS
F5164000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F76BC000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F76DC000 - \??\C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys
F7B88000 - \SystemRoot\system32\drivers\AsIO.sys
F7944000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F6C6C000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F779C000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F794C000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
F7954000 - \SystemRoot\system32\DRIVERS\LHidKE.Sys
F6C68000 - \SystemRoot\System32\DRIVERS\mouhid.sys
F512B000 - \SystemRoot\system32\DRIVERS\LMouKE.Sys
F770C000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F5073000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B8A000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F5150000 - \SystemRoot\System32\drivers\Dxapi.sys
F7964000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7BDA000 - \SystemRoot\System32\drivers\dxgthk.sys
F50EB000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F71F4000 - \SystemRoot\System32\DRIVERS\NVxbar.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
F3032000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F2393000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7B18000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F7C7E000 - \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys
F22C9000 - \SystemRoot\System32\DRIVERS\srv.sys
F2282000 - \SystemRoot\System32\DRIVERS\nvcap.sys
F211E000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F1FC9000 - \SystemRoot\system32\drivers\wdmaud.sys
F4BB9000 - \SystemRoot\system32\drivers\sysaudio.sys
F1C97000 - \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys
F1A4E000 - \SystemRoot\System32\Drivers\HTTP.sys
F7B2A000 - \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
F2D70000 - \??\C:\ComboFix\catchme.sys
EF4D7000 - \SystemRoot\system32\drivers\kmixer.sys
F7C88000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 128

Liste des programmes installes

7-Zip 4.57
AC3Filter (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Edition Découverte 3.2
Adobe® Photoshop® Album Edition Découverte 3.2
AntiVirus Firewall
Apple Software Update
Applian FLV Player
Archiveur WinRAR
ArcSoft PhotoImpression 5
ArcSoft Software Suite
Assistant de connexion Windows Live
ASUS_Ai_Proactive_Screensaver (E)
ASUSUpdate
Athlon 64 Processor Driver
AutoUpdate
AviSynth 2.5
Azureus Vuze
CCleaner (remove only)
Contrôle Parental
Cool & Quiet
CoreAAC Audio Decoder (remove only)
Correctif pour Windows Internet Explorer 7 (KB947864)
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DS Legends of Aranna
eMule
encodeur Real Video Producer
EPSON Attach To Email
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Event Manager
EPSON File Manager
EPSON Image Clip Palette
EPSON Logiciel imprimante
EPSON Print CD
EPSON PRINT Image Framer Tool
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESPRX640 Guide d'utilisation
Galerie de photos Windows Live
Gestionnaire Internet
Google Earth
Haali Media Splitter
HijackThis 2.0.2
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 4.0.0
Lame ACM MP3 Codec
Lecteur Windows Media 11
livebox
Logitech Desktop Messenger
Logitech SetPoint
LUMIX Simple Viewer
Magellan POI File Editor
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
MKVtoolnix 2.2.0
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (3.0.1)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
Navigateur Orange
Nero 8 Trial
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA WDM Drivers
On2 VP7 Personal Edition
OpenOffice.org 2.4
Pack PSP - Ri4m - v1.0a
Panda ActiveScan 2.0
PC Connectivity Solution
PC Probe II
PhotoFiltre
PHOTOfunSTUDIO -viewer-
PIF DESIGNER
Platform
QuickTime
Realtek AC'97 Audio
Ri4m v5.0.1d
RIAM Video Enhancer
Ripp-It Codec Pack v 4.2.6
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SILKYPIX Developer Studio 2.1 SE
SILKYPIX Developer Studio 2.1 SE
Starcraft
Uniblue RegistryBooster 2
VCRedistSetup
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFast(R) Display Driver
x264 Revision 573 x264.nl (remove only)
Xvid 1.1.2 final uninstall



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C59-96B0

Répertoire de C:\Program Files

26/07/2008 21:40 <REP> .
26/07/2008 21:40 <REP> ..
09/06/2008 18:24 <REP> 7-Zip
09/06/2008 15:55 <REP> AC3Filter
01/07/2008 08:16 <REP> Adobe
26/07/2008 18:31 <REP> ahead
26/07/2008 18:28 <REP> AMD
09/06/2008 20:02 <REP> Apple Software Update
09/06/2008 20:05 <REP> ArcSoft
08/06/2008 19:49 <REP> ASUS
09/06/2008 15:48 <REP> AviSynth 2.5
08/06/2008 19:45 <REP> AvRack
03/07/2008 14:10 <REP> Azureus
09/06/2008 15:04 <REP> CCleaner
08/06/2008 19:20 <REP> ComPlus Applications
09/06/2008 16:16 <REP> Controle Parental
09/06/2008 19:39 <REP> Creative
12/06/2008 14:38 <REP> DAEMON Tools Lite
09/06/2008 16:00 <REP> DivX
24/07/2008 20:20 <REP> eMule
09/06/2008 11:57 <REP> epson
09/06/2008 11:56 <REP> EPSON Print CD
04/07/2008 08:53 <REP> fichier système
27/07/2008 10:46 <REP> Fichiers communs
16/06/2008 12:06 <REP> FLV Player
09/06/2008 15:26 <REP> Google
09/06/2008 16:01 <REP> Haali
11/06/2008 14:50 <REP> Internet Explorer
09/06/2008 20:12 <REP> ISL
09/06/2008 16:02 <REP> IVCsoft
22/07/2008 16:11 <REP> Java
17/07/2008 15:27 <REP> K-Lite Codec Pack
09/06/2008 11:33 <REP> Logitech
09/06/2008 19:54 <REP> Magellan
25/07/2008 11:47 <REP> Malwarebytes' Anti-Malware
09/06/2008 09:17 <REP> Messenger
08/06/2008 19:25 <REP> microsoft frontpage
12/06/2008 14:43 <REP> Microsoft Games
18/07/2008 22:40 <REP> Microsoft Silverlight
09/06/2008 21:07 <REP> Microsoft SQL Server Compact Edition
17/07/2008 17:05 <REP> MKVtoolnix
09/06/2008 13:54 <REP> Movie Maker
27/07/2008 20:11 <REP> Mozilla Firefox
08/06/2008 19:19 <REP> MSN
08/06/2008 19:18 <REP> MSN Gaming Zone
28/06/2008 17:08 <REP> MSXML 4.0
22/07/2008 17:20 <REP> Navilog1
26/07/2008 20:49 <REP> Nero
09/06/2008 09:13 <REP> NetMeeting
26/07/2008 23:07 <REP> nLite
09/06/2008 20:40 <REP> Nokia
09/06/2008 16:01 <REP> On2 Technologies
25/06/2008 23:56 <REP> OpenOffice.org 2.4
09/06/2008 09:46 <REP> Orange
09/06/2008 09:12 <REP> Outlook Express
09/06/2008 15:49 <REP> Pack PSP - Ri4m
09/06/2008 19:59 <REP> Panasonic
21/06/2008 22:33 <REP> Panda Security
09/06/2008 20:40 <REP> PC Connectivity Solution
18/06/2008 19:23 <REP> PhotoFiltre
09/06/2008 15:50 <REP> Producer
09/06/2008 20:04 <REP> QuickTime
08/06/2008 19:45 <REP> Realtek AC97
08/06/2008 19:45 <REP> Realtek Sound Manager
09/06/2008 15:50 <REP> RIAM Video Enhancer
09/06/2008 15:54 <REP> Ripp-It Codec Pack
18/07/2008 11:07 <REP> Ripp-it_AM
09/07/2008 22:36 <REP> SAGEM
08/06/2008 19:19 <REP> Services en ligne
16/07/2008 10:41 <REP> Starcraft
25/07/2008 11:28 <REP> Trend Micro
08/06/2008 20:21 <REP> Ulead Systems
09/06/2008 13:04 <REP> Uniblue
08/06/2008 19:44 <REP> VIA
17/07/2008 15:22 <REP> VideoLAN
27/07/2008 10:35 <REP> Wanadoo
10/06/2008 09:16 <REP> Windows Live
24/06/2008 21:13 <REP> Windows Live Safety Center
09/06/2008 10:59 <REP> Windows Media Connect 2
09/06/2008 10:59 <REP> Windows Media Player
09/06/2008 09:12 <REP> Windows NT
08/06/2008 20:21 <REP> WinFast
09/06/2008 18:24 <REP> WinRAR
09/06/2008 16:00 <REP> x264
08/06/2008 19:25 <REP> xerox
09/06/2008 16:00 <REP> Xvid
0 fichier(s) 0 octets
86 Rép(s) 35 186 319 360 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C59-96B0

Répertoire de C:\Program Files\fichiers communs

27/07/2008 10:46 <REP> .
27/07/2008 10:46 <REP> ..
10/06/2008 17:21 <REP> Adobe
09/06/2008 20:09 <REP> ArcSoft
09/06/2008 12:06 <REP> InstallShield
09/06/2008 13:01 <REP> Java
09/06/2008 11:31 <REP> Logitech
05/07/2008 19:02 <REP> Microsoft Shared
08/06/2008 19:20 <REP> MSSoap
26/07/2008 21:03 <REP> Nero
09/06/2008 20:41 <REP> Nokia
08/06/2008 19:55 <REP> ODBC
09/06/2008 20:41 <REP> PCSuite
08/06/2008 19:21 <REP> Services
08/06/2008 19:54 <REP> SpeechEngines
09/06/2008 09:12 <REP> System
08/06/2008 20:21 <REP> Ulead Systems
0 fichier(s) 0 octets
17 Rép(s) 35 186 319 360 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C59-96B0

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

08/06/2008 19:38 <REP> .
08/06/2008 19:38 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 35 186 319 360 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe
c:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre_web.exe
c:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstCCD.exe
c:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCS.exe
c:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
c:\Documents and Settings\Anthony\Bureau\ComboFix.exe
c:\Documents and Settings\Anthony\Bureau\HJTInstall.exe
c:\Documents and Settings\Anthony\Bureau\OTMoveIt2.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Anthony\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Anthony\Mes documents\My Games\neverend\Anthony\invision.exe
c:\Documents and Settings\Anthony\Mes documents\My Games\neverend\Anthony\OTMoveIt2.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
c:\Documents and Settings\Anthony\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_STIVY.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 28 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 20:21
On m'a mis un autre rapport qui s'appelle catchme.log , je le met aussi ?
0
Réponse 29 / 56
Utilisateur anonyme
27 juil. 2008 à 20:30
oui met le

et désinstal ces deux version de java :

Java(TM) 6 Update 4
Java(TM) 6 Update 6
0
Réponse 30 / 56
Utilisateur anonyme
27 juil. 2008 à 20:39
Ensuite instal ceci puis redémarre le pc et dis moi si t as encore le message

http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=333325fd-ae52-4e35-b531-508d977d32a6
0
Réponse 31 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 20:54
D'accord alors le voici :

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:96,ee,69,fa,f0,c4,3d,d7,73,93,06,54,ed,66,59,73,19,98,01,7a,af,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,87,7a,ea,ab,c9,6b,fa,3d,ad,1d,8c,7b,82,ba,13,13,..
"khjeh"=hex:54,1c,40,d2,89,b8,69,ab,84,37,30,44,46,0b,0a,49,fa,d4,1f,be,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e9,c9,38,53,3b,00,84,b7,13,ac,80,2b,16,c5,97,d4,1a,e8,f5,fa,63,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000004c3

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


Je fais ce que tu m'a dit et je redémarre mon ordi.
0
Réponse 32 / 56
Utilisateur anonyme
27 juil. 2008 à 21:02
ok

àToute
0
Réponse 33 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 21:51
Oui j'ai toujours le même message.
0
Réponse 34 / 56
Utilisateur anonyme
27 juil. 2008 à 21:54


j ai parcouru tes rapports

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\prefetch\FSDC.EXE
C:\WINDOWS\system32\ealregsnapshot1.reg

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

et verifie si encore le message (apres redémarrage)

0
Réponse 35 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 22:44
File/Folder C:\WINDOWS\prefetch\FSDC.EXE not found.
C:\WINDOWS\system32\ealregsnapshot1.reg moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_224227

Non sa marche toujours pas.
0
Réponse 36 / 56
Utilisateur anonyme
27 juil. 2008 à 22:48
vide ce dossier : C:\WINDOWS\prefetch

ensuite test
0
Réponse 37 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 22:50
Ah au faite! Quand j'ai lancé mon jeu mon antivirus a découvert sa "AdTool.Win32.MyWebSearch".
Actuellement il est en quarantaine. Si sa peut vous aidez à résoudre mon problème.
0
Réponse 38 / 56
Utilisateur anonyme
27 juil. 2008 à 22:51
c est en effet une merdouille mais n est pas la cause de win32 non valide
0
Réponse 39 / 56
Kid7 Messages postés 31 Date d'inscription vendredi 25 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
27 juil. 2008 à 22:51
Non c pas sa non plus.
0
Réponse 40 / 56
Utilisateur anonyme
27 juil. 2008 à 22:53
refais un scan DiagHelp et post le rapport stp
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses