Aller au contenu

laidet

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    18

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par laidet

  1. laidet
    Bonjour, Finalement, j'ai formaté et suis passé en windows 7. A voir si je rame pas trop sur le long terme. En tout cas, je tiens à te remercier pour ton aide et tout le temps que tu as passé sur mon problème et désolé de ne pas être aller au bout. Merci. A plus peut être.
  2. laidet
    Bonjour, Après rkill, dont le post est ci dessous, Gmer ne fonctionne toujours pas.... Que faire ? This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as install on 06/02/2010 at 9:49:48. Processes terminated by Rkill or while it was running: C:\WINDOWS\system32\nvsvc32.exe C:\Documents and Settings\install\Bureau\rkill.exe Rkill completed on 06/02/2010 at 9:50:08.
  3. laidet
    Bonjour, GMER Rootkit Scanner ne fonctionne pas. Il se lance, et plante après 5-10 secondes sans que j'y touche.
  4. laidet
    ComboFix 10-02-03.01 - install 03/02/2010 18:48:22.3.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.605 [GMT 1:00] Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\install\Bureau\CFscript.txt AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1} FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-03 au 2010-02-03 )))))))))))))))))))))))))))))))))))) . 2010-02-03 07:56 . 2010-02-03 07:57 -------- d-----w- C:\tdsskiller 2010-02-02 17:25 . 2010-02-02 17:25 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Microsoft Corporation 2010-02-02 17:24 . 2010-02-02 17:25 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner 2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit 2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll 2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-01-18 20:28 . 2010-01-26 18:05 -------- d-----w- c:\program files\ZebHelpProcess 2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix 2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-03 17:42 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat 2010-02-03 00:32 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice 2010-01-28 21:14 . 2006-11-10 16:11 34653528 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-01-28 02:50 . 2010-01-18 20:50 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp 2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip 2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007 2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft 2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft 2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint 2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip 2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp 2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP 2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe 2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java 2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod 2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour 2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime 2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log . ------- Sigcheck ------- [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Splash screen for Avast!"="c:\program files\Alwil Software\Avast4\ashAvast.exe" [2009-11-24 274640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 13b8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] 2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 22:54 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook] 2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "dmadmin"=3 (0x3) "PlugPlay"=2 (0x2) "Eventlog"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "nwiz"=nwiz.exe /install "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "SkyTel"=SkyTel.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler "AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [09/01/2006 14:29 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [09/01/2006 14:29 5248] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/01/2010 21:50 64288] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16:11 35328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 07:22 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 07:22 20560] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [25/07/2005 16:42 137344] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-01-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51] 2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56] 2010-01-29 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-02-02 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-02-02 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe Trusted Zone: registration.sonystyle-europe.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-03 18:57 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BDCA78]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3 \Driver\ACPI -> ACPI.sys @ 0xf7415cb8 \Driver\atapi -> 0x86bdca78 IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\System\MountedDevice1] @Denied: (Read) (Administrators) "\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00, 00,00,00,00,00 "\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00 "\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f, 8b,08,00,00,00 "\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00 "\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c, 4f,12,00,00,00 "\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00 "\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00, 00,00,00,00,00 "\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26, db,12,00,00,00 "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00 "\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00, 00,00,00,00,00 "\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00, 00,00,00,00,00 "\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00, 43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\ "\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00, 00,00,00,00,00 "\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(316) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2010-02-03 19:14:12 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-03 18:13 ComboFix2.txt 2010-01-28 21:30 ComboFix3.txt 2010-01-25 20:40 Avant-CF: 23 489 691 648 octets libres Après-CF: 23 427 796 992 octets libres - - End Of File - - 09915922129854191157523D3D443527 Merci d'avance pour le verdict.
  5. laidet
    Bonjour, Tu ne m'as pas déja fait faire cette manip ? Ou alors est ce une autre ? Dans tous les cas, je ne comprends rien à tout ce que ces outils font.....lol alors j'exécute. Pour info, quel est le fichier endommagé stp ? Je n'ai pas eteint encore l'ordi suite à la manip précédente. Dois je le faire avant de lancer la dernièere manip avec Combofix ou est ce sans importance ? Je fais cette manip ce soir et te tiens au courant. Merci
  6. laidet
    Bonjour, merci pour le retour Ci dessous le rapport : 08:58:59:640 1428 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 08:58:59:640 1428 ================================================================================ 08:58:59:640 1428 SystemInfo: 08:58:59:640 1428 OS Version: 5.1.2600 ServicePack: 2.0 08:58:59:640 1428 Product type: Workstation 08:58:59:640 1428 ComputerName: AURÉLIEN 08:58:59:640 1428 UserName: install 08:58:59:640 1428 Windows directory: C:\WINDOWS 08:58:59:640 1428 Processor architecture: Intel x86 08:58:59:640 1428 Number of processors: 1 08:58:59:640 1428 Page size: 0x1000 08:58:59:734 1428 Boot type: Normal boot 08:58:59:734 1428 ================================================================================ 08:58:59:796 1428 UnloadDriverW: NtUnloadDriver error 2 08:58:59:796 1428 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 08:58:59:796 1428 UtilityInit: KLMD drop and load success 08:58:59:796 1428 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 08:58:59:796 1428 UtilityInit: KLMD open success 08:58:59:796 1428 UtilityInit: Initialize success 08:58:59:796 1428 08:58:59:796 1428 Scanning Services ... 08:58:59:796 1428 CreateRegParser: Registry parser init started 08:58:59:796 1428 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 08:58:59:796 1428 CreateRegParser: DisableWow64Redirection error 08:58:59:796 1428 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 08:58:59:796 1428 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 08:58:59:796 1428 wfopen_ex: Trying to KLMD file open 08:58:59:796 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 08:58:59:796 1428 wfopen_ex: File opened ok (Flags 2) 08:58:59:796 1428 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: AD49B0 08:58:59:796 1428 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 08:58:59:796 1428 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 08:58:59:796 1428 wfopen_ex: Trying to KLMD file open 08:58:59:796 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 08:58:59:796 1428 wfopen_ex: File opened ok (Flags 2) 08:58:59:796 1428 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: AD4A18 08:58:59:796 1428 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 08:58:59:796 1428 CreateRegParser: EnableWow64Redirection error 08:58:59:796 1428 CreateRegParser: RegParser init completed 08:59:00:250 1428 GetAdvancedServicesInfo: Raw services enum returned 378 services 08:59:00:265 1428 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 08:59:00:265 1428 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 08:59:00:265 1428 08:59:00:296 1428 Scanning Kernel memory ... 08:59:00:296 1428 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 08:59:00:296 1428 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86F53E18 08:59:00:296 1428 DetectCureTDL3: KLMD_GetDeviceObjectList returned 8 DevObjects 08:59:00:296 1428 08:59:00:296 1428 DetectCureTDL3: DEVICE_OBJECT: 857B68B8 08:59:00:296 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857B68B8 08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0x857B68B8[0x38] 08:59:00:296 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18 08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8] 08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18] 08:59:00:296 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 08:59:00:296 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30 08:59:00:296 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30 08:59:00:296 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B 08:59:00:296 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B 08:59:00:296 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366 08:59:00:296 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D 08:59:00:296 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3 08:59:00:296 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366 08:59:00:296 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3 08:59:00:296 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24 08:59:00:296 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:296 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:296 1428 TDL3_FileDetect: Processing driver: Disk 08:59:00:296 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:296 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:328 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 08:59:00:328 1428 08:59:00:328 1428 DetectCureTDL3: DEVICE_OBJECT: 856C7AB8 08:59:00:328 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 856C7AB8 08:59:00:328 1428 DetectCureTDL3: DEVICE_OBJECT: 860A97E0 08:59:00:328 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860A97E0 08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0x860A97E0[0x38] 08:59:00:328 1428 DetectCureTDL3: DRIVER_OBJECT: 86A069E0 08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A069E0[0xA8] 08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1FC68C8[0x1E] 08:59:00:328 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 08:59:00:328 1428 DetectCureTDL3: IrpHandler (0) addr: F7764218 08:59:00:328 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (2) addr: F7764218 08:59:00:328 1428 DetectCureTDL3: IrpHandler (3) addr: F776423C 08:59:00:328 1428 DetectCureTDL3: IrpHandler (4) addr: F776423C 08:59:00:328 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (9) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (14) addr: F7764180 08:59:00:328 1428 DetectCureTDL3: IrpHandler (15) addr: F74D895C 08:59:00:328 1428 DetectCureTDL3: IrpHandler (16) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (22) addr: F77635F0 08:59:00:328 1428 DetectCureTDL3: IrpHandler (23) addr: F7761A6E 08:59:00:328 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:328 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0xF7760F26[0x400] 08:59:00:328 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 08:59:00:328 1428 TDL3_FileDetect: Processing driver: USBSTOR 08:59:00:328 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:59:00:328 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:59:00:390 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 08:59:00:390 1428 08:59:00:390 1428 DetectCureTDL3: DEVICE_OBJECT: 86CD2440 08:59:00:390 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86CD2440 08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0x86CD2440[0x38] 08:59:00:390 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18 08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8] 08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18] 08:59:00:390 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 08:59:00:390 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30 08:59:00:390 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30 08:59:00:390 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B 08:59:00:390 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B 08:59:00:390 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366 08:59:00:390 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D 08:59:00:390 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3 08:59:00:390 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366 08:59:00:390 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3 08:59:00:390 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24 08:59:00:390 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:390 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:390 1428 TDL3_FileDetect: Processing driver: Disk 08:59:00:390 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:390 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:421 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 08:59:00:421 1428 08:59:00:421 1428 DetectCureTDL3: DEVICE_OBJECT: 86B16260 08:59:00:421 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B16260 08:59:00:421 1428 DetectCureTDL3: DEVICE_OBJECT: 86A17938 08:59:00:421 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A17938 08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A17938[0x38] 08:59:00:421 1428 DetectCureTDL3: DRIVER_OBJECT: 86A069E0 08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A069E0[0xA8] 08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1FC68C8[0x1E] 08:59:00:421 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 08:59:00:421 1428 DetectCureTDL3: IrpHandler (0) addr: F7764218 08:59:00:421 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (2) addr: F7764218 08:59:00:421 1428 DetectCureTDL3: IrpHandler (3) addr: F776423C 08:59:00:421 1428 DetectCureTDL3: IrpHandler (4) addr: F776423C 08:59:00:421 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (9) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (14) addr: F7764180 08:59:00:421 1428 DetectCureTDL3: IrpHandler (15) addr: F74D895C 08:59:00:421 1428 DetectCureTDL3: IrpHandler (16) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (22) addr: F77635F0 08:59:00:421 1428 DetectCureTDL3: IrpHandler (23) addr: F7761A6E 08:59:00:421 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:421 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0xF7760F26[0x400] 08:59:00:421 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 08:59:00:421 1428 TDL3_FileDetect: Processing driver: USBSTOR 08:59:00:421 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:59:00:421 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:59:00:484 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 08:59:00:484 1428 08:59:00:484 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4D8A0 08:59:00:484 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4D8A0 08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4D8A0[0x38] 08:59:00:484 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18 08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8] 08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18] 08:59:00:484 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 08:59:00:484 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30 08:59:00:484 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30 08:59:00:484 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B 08:59:00:484 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B 08:59:00:484 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366 08:59:00:484 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D 08:59:00:484 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3 08:59:00:484 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366 08:59:00:484 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3 08:59:00:484 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24 08:59:00:484 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:484 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:484 1428 TDL3_FileDetect: Processing driver: Disk 08:59:00:484 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:484 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:515 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 08:59:00:515 1428 08:59:00:515 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4DC68 08:59:00:515 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4DC68 08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4DC68[0x38] 08:59:00:515 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18 08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8] 08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18] 08:59:00:515 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 08:59:00:515 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30 08:59:00:515 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30 08:59:00:515 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B 08:59:00:515 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B 08:59:00:515 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366 08:59:00:515 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D 08:59:00:515 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3 08:59:00:515 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366 08:59:00:515 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3 08:59:00:515 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24 08:59:00:515 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:515 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:515 1428 TDL3_FileDetect: Processing driver: Disk 08:59:00:515 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:515 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:546 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 08:59:00:546 1428 08:59:00:546 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4D030 08:59:00:546 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4D030 08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4D030[0x38] 08:59:00:546 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18 08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8] 08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18] 08:59:00:546 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 08:59:00:546 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30 08:59:00:546 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30 08:59:00:546 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B 08:59:00:546 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B 08:59:00:546 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366 08:59:00:546 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D 08:59:00:546 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3 08:59:00:546 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366 08:59:00:546 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3 08:59:00:546 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24 08:59:00:546 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE 08:59:00:546 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE 08:59:00:546 1428 TDL3_FileDetect: Processing driver: Disk 08:59:00:546 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:546 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 08:59:00:578 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 08:59:00:578 1428 08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F3D030 08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3D030 08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F49C30 08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F49C30 08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F71940 08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F71940 08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F71940[0x38] 08:59:00:578 1428 DetectCureTDL3: DRIVER_OBJECT: 86F7E660 08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F7E660[0xA8] 08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1BF70C0[0x1A] 08:59:00:578 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 08:59:00:578 1428 DetectCureTDL3: IrpHandler (0) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (1) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (2) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (3) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (4) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (5) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (6) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (7) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler ( addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (9) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (10) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (11) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (12) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (13) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (14) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (15) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (16) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (17) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (18) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (19) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (20) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (21) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (22) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (23) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (24) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (25) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: IrpHandler (26) addr: 86C0E868 08:59:00:578 1428 DetectCureTDL3: All IRP handlers pointed to one addr: 86C0E868 08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86C0E868[0x400] 08:59:00:578 1428 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0xF73A87C6[0x400] 08:59:00:578 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 08:59:00:578 1428 TDL3_FileDetect: Processing driver: atapi 08:59:00:578 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 08:59:00:578 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 08:59:00:609 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 08:59:00:609 1428 08:59:00:640 1428 Completed 08:59:00:640 1428 08:59:00:640 1428 Results: 08:59:00:640 1428 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 08:59:00:640 1428 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 08:59:00:671 1428 File objects infected / cured / cured on reboot: 0 / 0 / 0 08:59:00:671 1428 08:59:00:671 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 08:59:00:671 1428 UtilityDeinit: KLMD(ARK) unloaded successfully Merci d'avance pour la suite.
  7. laidet
    Merci d'avance pour votre aide.....
  8. laidet
    Ci dessous mon log.txt suite à la manip ci dessus. Merci pour l'analyse. ComboFix 10-01-27.06 - install 28/01/2010 22:05:20.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.626 [GMT 1:00] Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\install\Bureau\CFscript.txt AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1} FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-28 )))))))))))))))))))))))))))))))))))) . 2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner 2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit 2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll 2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-01-18 20:28 . 2010-01-26 18:05 -------- d-----w- c:\program files\ZebHelpProcess 2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix 2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 21:14 . 2006-11-10 16:11 34653528 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-01-28 21:00 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat 2010-01-28 02:50 . 2010-01-18 20:50 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp 2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip 2010-01-21 19:23 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice 2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007 2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft 2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft 2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint 2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip 2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp 2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP 2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe 2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java 2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod 2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour 2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime 2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log . ------- Sigcheck ------- [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((( SnapShot@2010-01-25_20.14.04 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-28 21:14 . 2010-01-28 21:14 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat + 2006-09-01 13:34 . 2010-01-27 10:01 15159861 c:\windows\system32\ZoneLabs\spyware.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Splash screen for Avast!"="c:\program files\Alwil Software\Avast4\ashAvast.exe" [2009-11-24 274640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 13b8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] 2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 22:54 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook] 2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PlugPlay"=2 (0x2) "Eventlog"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "nwiz"=nwiz.exe /install "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "SkyTel"=SkyTel.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler "AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [09/01/2006 14:29 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [09/01/2006 14:29 5248] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/01/2010 21:50 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 07:22 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 07:22 20560] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [25/07/2005 16:42 137344] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-01-15 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51] 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51] 2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56] 2010-01-15 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-01-28 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-01-28 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe Trusted Zone: registration.sonystyle-europe.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 22:14 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C33228]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3 \Driver\ACPI -> ACPI.sys @ 0xf7415cb8 \Driver\atapi -> 0x86c33228 IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\System\MountedDevice1] @Denied: (Read) (Administrators) "\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00, 00,00,00,00,00 "\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00 "\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f, 8b,08,00,00,00 "\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00 "\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c, 4f,12,00,00,00 "\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00 "\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00, 00,00,00,00,00 "\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26, db,12,00,00,00 "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00 "\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00, 00,00,00,00,00 "\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00, 00,00,00,00,00 "\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00, 43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\ "\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00, 00,00,00,00,00 "\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1988) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\ashSimpl.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2010-01-28 22:30:21 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-28 21:29 ComboFix2.txt 2010-01-25 20:40 Avant-CF: 21 517 377 536 octets libres Après-CF: 21 492 449 280 octets libres - - End Of File - - 9D2E212E23F96D196B57A34E494EEB39
  9. laidet
    Merci d'avance pour votre analyse de ce log et me dire ce que je dois faire svp.
  10. laidet
    Bonsoir, Ci dessous le log du combofix. ComboFix 10-01-25.01 - install 25/01/2010 21:03:27.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.595 [GMT 1:00] Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1} FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\install\Application Data\Dossier de téléchargement Share-to-Web c:\program files\BulletProofSoft.com c:\recycler\NPROTECT C:\Thumbs.db c:\windows\EventSystem.log c:\windows\system32\m3.dll c:\windows\system32\testdll.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDOWS_LOG ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-25 au 2010-01-25 )))))))))))))))))))))))))))))))))))) . 2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner 2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit 2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll 2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-01-18 20:28 . 2010-01-22 17:59 -------- d-----w- c:\program files\ZebHelpProcess 2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix 2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-25 20:15 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat 2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp 2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip 2010-01-21 19:23 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice 2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-21 02:30 . 2010-01-18 20:50 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-01-21 02:25 . 2010-01-18 20:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-01-21 02:22 . 2010-01-18 20:50 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007 2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft 2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft 2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint 2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip 2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp 2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-28 22:08 . 2006-11-10 16:11 33524888 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP 2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe 2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java 2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod 2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour 2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime 2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 13b8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] 2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 22:54 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook] 2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PlugPlay"=2 (0x2) "Eventlog"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "nwiz"=nwiz.exe /install "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "SkyTel"=SkyTel.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler "AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 EasyModApache;EasyModApache;c:\program files\EasyBox\apache\apache.exe [x] S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys [2004-04-30 160640] S0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [2004-04-30 5248] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288] S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-18 1181328] S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2005-07-25 137344] S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2005-07-25 12032] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-01-15 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51] 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22] 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22] 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22] 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22] 2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:22] 2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56] 2010-01-15 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-01-25 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] 2010-01-25 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job - c:\windows\system32\mobsync.exe [2004-08-03 22:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe Trusted Zone: registration.sonystyle-europe.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-25 21:15 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C3C640]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3 \Driver\ACPI -> ACPI.sys @ 0xf7415cb8 \Driver\atapi -> 0x86c3c640 IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004 ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\System\MountedDevice1] @Denied: (Read) (Administrators) "\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00, 00,00,00,00,00 "\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00 "\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\ "\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f, 8b,08,00,00,00 "\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00 "\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c, 4f,12,00,00,00 "\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00 "\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00, 00,00,00,00,00 "\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26, db,12,00,00,00 "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\ "\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00 "\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00, 00,00,00,00,00 "\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00, 00,00,00,00,00 "\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00, 45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\ "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00, 43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\ "\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00, 00,00,00,00,00 "\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c, 00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\ "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3972) c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft IntelliType Pro\dw15.exe c:\program files\Microsoft IntelliPoint\dw15.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2010-01-25 21:40:34 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-25 20:39 Avant-CF: 27 204 055 040 octets libres Après-CF: 27 178 467 328 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn /TUTag=CJZ84W /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=CJZ84W-BAK - - End Of File - - 7D4B8A40461A892B934210A3F4061BCB
  11. laidet
    Merci pour ta réponse. Juste pour info, que les choses soient claires, les logs si dessus ont été généré avec le services.exe causant mes problèmes "Arreté". Puis je redémaré mon PC en désactivant toujours services.exe pour réaliser ta dernière tache combofix ? Merci d'avance.
  12. laidet
    Ci dessous log.txt issu d'un scan en mode normal mais avec le services.exe désactivé : est ce utile ou dois je lancer un scan en mode normal avec tous les services tournants ? Logfile of random's system information tool 1.06 (written by random/random) Run by install at 2010-01-21 21:10:50 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 26 GB (39%) free of 65 GB Total RAM: 1023 MB (34% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:11:39, on 21/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Restore\rstrui.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\install\Bureau\RSIT.exe E:\Aurélien\Mes fichiers reçus\HiJackThis\install.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Microsoft Office Outlook] C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE /recycle O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - D:\mrbookmakerfrMPP\MPPoker.exe (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://D:\The Tournament Director\comdlg32.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EasyModApache - Unknown owner - C:\Program Files\EasyBox\apache\apache.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/install/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 7299 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1132680612.job C:\WINDOWS\tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job C:\WINDOWS\tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job C:\WINDOWS\tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-17 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-08-23 968696] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-17 8478720] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2007-04-27 312328] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "Microsoft Office Outlook"=C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE [2008-05-21 12844576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\83exmodulau.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\83exmodulau.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\85exmodulau.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\85exmodulau.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulax.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulax.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulax.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulax.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\99exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\99exmodulay.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\81exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\81exmodulay.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\75exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\75exmodulay.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\1exmodulay.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\1exmodulay.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\78exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\78exmodulaz.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulaz.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\66exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\66exmodulaz.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\4exmodulaz.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\4exmodulaz.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\46exmodulba.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\82exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\82exmodulba.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\32exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\32exmodulba.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\54exmodulba.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\54exmodulba.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\29exmodulbb.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\29exmodulbb.exe:*:Enabled:Microsoft Update" "C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulbb.exe"="C:\DOCUME~1\install\LOCALS~1\Temp\72exmodulbb.exe:*:Enabled:Microsoft Update" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Konami\Pro Evolution Soccer 2008\PES2008.exe"="D:\Konami\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer" "C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9be0cb-4954-11de-b74e-001966628408}] shell\AutoRun\command - K:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e00d81c8-e1bf-11d9-b140-0011d8ce8029}] shell\AutoRun\command - F:\GTRLaunch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e33d87c2-4211-11de-b74d-001966628408}] shell\AutoRun\command - I:\WDSetup.exe ======List of files/folders created in the last 1 months====== 2010-01-21 21:10:50 ----D---- C:\rsit 2010-01-18 23:36:25 ----A---- C:\WINDOWS\system32\lsdelete.exe 2010-01-18 22:23:52 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2010-01-18 21:44:24 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2010-01-18 21:43:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-01-18 21:28:24 ----D---- C:\Program Files\Fichiers communs\Borland Shared 2010-01-18 21:28:24 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL 2010-01-18 21:28:06 ----D---- C:\Program Files\ZebHelpProcess 2010-01-18 21:13:34 ----D---- C:\Program Files\ZHPFix 2010-01-18 20:57:05 ----D---- C:\WINDOWS\BDOSCAN8 2010-01-16 00:16:46 ----A---- C:\WINDOWS\ntbtlog.txt 2009-12-24 17:46:38 ----D---- C:\Program Files\Lock Folder XP ======List of files/folders modified in the last 1 months====== 2010-01-21 21:10:16 ----D---- C:\WINDOWS\Internet Logs 2010-01-21 20:32:08 ----D---- C:\WINDOWS 2010-01-21 20:24:31 ----D---- C:\Program Files\Mozilla Firefox 2010-01-21 20:23:25 ----AD---- C:\Program Files\eMule Applejuice 2010-01-21 20:22:07 ----D---- C:\WINDOWS\Temp 2010-01-21 20:15:24 ----SD---- C:\WINDOWS\Tasks 2010-01-21 20:11:45 ----SHD---- C:\System Volume Information 2010-01-21 20:11:45 ----D---- C:\WINDOWS\system32\Restore 2010-01-21 20:11:33 ----D---- C:\WINDOWS\system32\ZoneLabs 2010-01-21 20:10:00 ----D---- C:\WINDOWS\system32 2010-01-21 20:10:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-21 20:07:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-21 20:07:02 ----SHD---- C:\WINDOWS\CSC 2010-01-20 08:43:54 ----D---- C:\WINDOWS\Prefetch 2010-01-19 23:11:29 ----SH---- C:\boot.ini 2010-01-19 23:11:29 ----A---- C:\WINDOWS\win.ini 2010-01-19 23:11:24 ----A---- C:\WINDOWS\system.ini 2010-01-19 19:17:42 ----D---- C:\WINDOWS\Minidump 2010-01-18 22:33:12 ----D---- C:\Program Files\TuneUp Utilities 2007 2010-01-18 22:16:13 ----D---- C:\Program Files\Lavasoft 2010-01-18 22:16:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-01-18 22:06:04 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-18 21:51:26 ----D---- C:\WINDOWS\system32\drivers 2010-01-18 21:51:17 ----HD---- C:\WINDOWS\inf 2010-01-18 21:50:53 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-01-18 21:44:24 ----SHD---- C:\WINDOWS\Installer 2010-01-18 21:43:44 ----D---- C:\WINDOWS\WinSxS 2010-01-18 21:28:24 ----D---- C:\Program Files\Fichiers communs 2010-01-18 21:28:06 ----RD---- C:\Program Files 2010-01-18 20:57:08 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-18 20:43:49 ----D---- C:\WINDOWS\pss 2010-01-16 15:26:32 ----D---- C:\Program Files\Microsoft IntelliPoint 2010-01-16 15:26:31 ----D---- C:\Program Files\Microsoft IntelliType Pro 2010-01-16 10:49:16 ----D---- C:\Documents and Settings 2010-01-09 12:25:52 ----D---- C:\Program Files\Windows Live Safety Center 2010-01-04 21:09:06 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408] R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-10-05 82380] R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912] R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys [] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-11-25 54368] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-08-23 392824] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-09-04 271360] R2 AvgTdi;AVG Network redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2005-09-24 4704] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-09-04 18048] R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-07-25 137344] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-09-28 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-09-28 55936] R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728] R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-07-25 12032] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-17 6845152] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968] R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys [] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [] S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-01 3072] S3 slabbus;INFORAD USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [] S3 slabser;INFORAD USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [] S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] S3 TMBUS;Thrustmapper Device Enumerator; C:\WINDOWS\system32\drivers\TMBUS.sys [] S3 TMMEmu;Thrustmapper virtual Mouse device driver; C:\WINDOWS\system32\drivers\TMMEmu.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-18 1181328] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-17 155715] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] S2 EasyModApache;EasyModApache; C:\Program Files\EasyBox\apache\apache.exe -k runservice [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-08-23 75768] -----------------EOF----------------- Ci dessous mon info.txt issu de mon scan info.txt logfile of random's system information tool 1.06 2010-01-21 21:12:23 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 3114 SATARAID5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9 Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe FreeUndelete-->C:\Program Files\FreeUndelete\GLFCA.exe /handle:fru GetDataBack for FAT and GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}\setup.exe" -l0x9 -removeonly Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"E:\Aurélien\Mes fichiers reçus\HiJackThis\HijackThis.exe" /uninstall HomePlayer 1.5.7-->C:\Program Files\HomePlayer\uninst.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iPhone Tunnel Suite 2.7 BETA-->"C:\Program Files\iPhone Tunnel Suite 2.7 BETA\unins000.exe" iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Photo et imagerie HP 1.0 - PSC 2000 Series Pilote-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052} Photo et imagerie HP 1.0 - PSC 2000 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\fra\hposcr01.exe -forcereboot -datfile hposcr01.dat Photo et imagerie HP 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} PokerStars-->"D:\PokerStars\PokerStarsUninstall.exe" /u:PokerStars Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini" PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Readiris 7.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\Setup.exe" -l0x40c Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Realtek High Definition Audio Driver-->RtlUpd.exe -r -m SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe SolidWorks 2008 API SDK-->MsiExec.exe /X{F02651E6-BFB4-4CF2-ADE0-DA44D90B573F} Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TCPMP-->C:\Program Files\Microsoft ActiveSync\TCPMP\Uninstall.exe TCPMP TomTom HOME 2.7.2.1825-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" WinFast® Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly WinSCP 4.1.9-->"C:\Program Files\WinSCP\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" yEnc32 (remove only)-->"C:\Program Files\eSite Media\yEnc32\uninstall.exe" ZebHelpProcess 2.34-->"C:\Program Files\ZebHelpProcess\unins000.exe" ZHPFix 1.12-->"C:\Program Files\ZHPFix\unins000.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: Système anti-virus AVG 7.0.323 AV: avast! antivirus 4.8.1368 [VPS 100117-1] FW: ZoneAlarm Pro Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=1f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "tvdumpflags"=8 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
  13. laidet
    Re Alors, je ne peux pas restaurer car je n'ai aucun point de restaure à part un qui date d'aujourd'hui, donc pas avant les problèmes. Y a t'il une solution de restaure quand même ? Merci d'avance.
  14. laidet
    J'ai déja désactivé une fois le Plug and Play et mon windows a tourné. tout ne fonctionnait pas certe mais il tournait, j'avais internet et c'est grace à cela que j'ai pu télécharger Hijackthis. Mais depuis que je l'ai redémaré, c'est à nouveau bloqué. Je vais tenté la restauration puis si ça ne change rien essayé de réalisé tes actions. Merci
  15. laidet
    Merci pour les infos. Cependant, comme dit ci dessus, je ne pourrais le télécharger étant donné que mon ordi est inexploitable. Si je le lance une fois que j'ai désactivé les services.exe. Cela va t'il me remonté les problème quand même ou faut il absolument que le processus fautif tourne lors du scan ? Sinon, je ne pourrais télécharger l'outil et le lancer.....
  16. laidet
    Merci pour l'info. Je teste ce soir et si cela marche pas, j'envoi mes résultats de scan.
  17. laidet
    Bonjour, Je suis sous XP SP2. Je n'ai pas tenté de restauration système car je dois avouer que j'avais peur du resultat. Comment fait on ? F8 en bootant ou dans gestionnaire et on selectionne la restaurantion système et on redémare ? Faut il le CD de XP pour cela. Si oui, c'est mort pour moi. Merci d'avance.
  18. laidet
    Bonjour, J'ai un problème depuis vendredi soir....suite à un plantage de itunes, mon ordi a rebooté tout seul et depuis j'ai le services.exe = 100% Autant dire que mon ordi est inexploitable....Je ne peux rien faire, je clique sur un programme, il est ouvert le lendemain après une nuit de sommeil. Donc j'ai décidé de démarrer en mode sans Echec : le services.exe tourne aussi donc inexploitable aussi (peut être un peu plus utilisable tout de meme). J'ai décidé de booter en mode diagnostic : la 1ère fois, j'ai du avoir de la chance, car le processus services.exe ne tournait pas. Je suis allé dans les services. J'ai désactivé manuellement les services "Journal des evennements" et "Plug and Play" (les 2 services qui tournent sous services.exe) Puis j'ai redémaré en mode normal sans ces 2 services...Mon ordi ne ramait plus du tout mais des programmes ne se lançais pas correctement ou pas du tout (ex : msn messenger ou plus de son) J'en ai profité pour installer hijackthis et Ad aware (Aucun virus trouvé) et j'ai lancé un scanHijackthis. Seulement, je suppose que celui n'est pas parlant pour mon problème sachant que le services.exe ne tournait pas. J'ai lancé manuellement les services "Journal des evennements" et "Plug and Play" et replantage et rammage. Inexploitable, j'ai du redémarer mon ordi salement et me mettre en mode sans echec. Ca ramait toujours CPU 100% mais j'ai reussi tant bien que mal à lancer un scan en mode sans echec => Est ce parlant de lancer un scan Hijackthis en mode sans echec ? Seulement, je n'arrive pas à lancer de scan en mode normal vu que mon ordi est inexploitable. Donc pour le moment, les 2 log que je peux eventuellement montrer sont : - 1 scan en mode sans echec avec le processus services.exe tournant et bouffant 100% du CPU - 1 scan en mode diagnostic sans le processus services.exe. Pour info, dans les 2 log, il n'y a aucune ligne faisant allusion à services.exe :S Enfin, je ne vous envoie pas mon résultat de scan car mon ordi étant inexploitable, je n'ai aucun moyen de vous l'envoyer pour le moment. J'essais de désactiver les services "Journal des evennements" et "Plug and Play" à nouveau ce soir pour avoir un ordi tournant et vous envoyer mon log Questions : Si je supprime le services.exe dans windows, cela va t'il entrainer un dérèglement de windows ou de mes programmes ? Je suppose que Plug and Play est important..... Merci pour vos conseil en attendant.
×
×
  • Créer...