Crash répétés et sites bloqués

[aziouz]

Bonsoir à tous,

 

Depuis quelques jours j'ai un problème de crash fréquents (freeze de l'écran) nécessitant un reset et l'impossibilité d'acceder à windows update, à microsoft.com et aux sites éditeurs d'antivirus (avira, symantec, sophos, etc...). Le fichier hosts semble normal, je l'ai reconstitué quand même avec Hoster. Impossible de mettre à jour Malwarebytes (dernière maj 22/5/09).

 

J'ai détecté hier et éliminé TR/Rootkit.Gen ainsi que WORM/IrcBot.6996727 mais les problèmes restent entiers. Comme Firewall, j'ai ZoneAlarm Pro.

 

Cause probable de l'infection : une clé USB

 

Merci pour l'aide

Modifié le 6 juin 2009 par aziouz

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

[aziouz]

Je ne peux malheureusement pas télécharger RSIT car 'malwareremoval.com' est également désactivé !!!!

J'ai l'impression que tous les noms de sites avec, dans le nom de domaine virus, malwares, etc... sont désactivés. En plus de microsoft, avira, etc..

 

Merci pour l'aide.

Modifié le 6 juin 2009 par aziouz

[Apollo]

Bonsoir, Thanos

 

Prends-le là pour voir: http://senduit.com/a78096

 

@++

[aziouz]

Voilà le contenu des deux fichiers :

 

Log.txt :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Aziz at 2009-06-06 23:52:33

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 11 GB (23%) free of 49 GB

Total RAM: 1023 MB (31% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52:56, on 06/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\pvmser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

E:\Program Files\USDownloader\USDownloader.exe

C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe

C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe

C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe

C:\Program Files\Mozilla Firefox\FIREFOX.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\System32\svchost.exe

E:\Downloads\RSIT.exe

C:\HijackThis\Aziz.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uSDownloader] "E:\Program Files\USDownloader\USDownloader.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Download with USDownloader - E:\Program Files\USDownloader\Ext\downloadie.html

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AutoLogin - {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165854171656

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: GEARSecurity - NetSupport Ltd - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: POMZBVVILXRL - Unknown owner - C:\Temp\POMZBVVILXRL.exe (file missing)

O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe

O23 - Service: WGDTMUGZL - Sysinternals - www.sysinternals.com - C:\Temp\WGDTMUGZL.exe

 

--

End of file - 12525 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

C:\WINDOWS\tasks\Schedule Task Weekly.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{8DD952B1-62EE-4584-B29D-4881C063DD6F}.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1547161642-839522115-1003.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-23 1410344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}]

AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-08-27 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8803722-A7F5-45C5-B39A-A8B244486EC2}]

Flash and Media Capture Helper - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352]

{650EB965-8A1D-41C9-A941-0578F5CFC569} - Flash and Media Capture Bar - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]

"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"USDownloader"=E:\Program Files\USDownloader\USDownloader.exe [2008-09-10 529920]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

C:\Program Files\Vtune\TBPanel.exe [2006-09-13 2154496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]

C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-09-18 185896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Action Manager 32.lnk]

C:\PROGRA~1\ScannerU\AM32.exe [2002-06-28 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EmEditor.lnk]

C:\PROGRA~1\EmEditor\emedtray.exe [2007-12-16 90768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk.disabled]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]

C:\DOCUME~1\Aziz\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2008-12-20 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SandraTheSrv"=3

"SandraDataSrv"=3

"ose"=3

"Macromedia Licensing Service"=3

"idsvc"=3

"FLEXnet Licensing Service"=3

"TUWinStylerThemeSvc"=2

"rpcapd"=3

"WMPNetworkSvc"=3

"odserv"=3

"NVSvc"=2

"NMIndexingService"=3

"NBService"=3

"gusvc"=3

"PSI_SVC_2"=2

"ProtexisLicensing"=2

"usnjsvc"=3

"TuneUp.Defrag"=3

"Nero BackItUp Scheduler 3"=2

"WLSetupSvc"=3

"Microsoft Office Groove Audit Service"=3

"SandraAgentSrv"=3

"PLFlash DeviceIoControl Service"=2

"maconfservice"=3

"LEC TranslateDotNet Server"=3

"Bonjour Service"=2

"Second Backup Service"=3

"gupdate1c9b70973ff494e"=2

"fsssvc"=3

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=C:\WINDOWS\qvphook.dll [2007-12-27 57344]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskmgr"=0

"DisableChangePassword"=0

"DisableLockWorkstation"=0

"NoDispSettingsPage"=0

"NoDispAppearancePage"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149

"NoFolderOptions"=0

"NoFileUrl"=0

"NoRun"=0

"NoUpdateCheck"=0

"NoLogoff"=0

"NoClose"=0

"NoSetFolders"=0

"NoFind"=0

"NoDrives"=0

"NoDesktop"=0

"DisallowRun"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\IBP 10\IBP.exe"="C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\e-Campaign\eCampaign.exe"="C:\Program Files\e-Campaign\eCampaign.exe:*:Enabled:e-Campaign"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05367272-5dd2-11db-8e1a-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118cd2-99ca-11db-8f1f-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622d9d2a-ac00-11dc-b98e-00194b88b63b}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b85817b0-549a-11dc-90df-00604c3ac173}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda1393c-8e05-11db-8ef5-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20195c6-3bf9-11de-8cc5-0016ec52896f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

 

 

======File associations======

 

.inf - open -

.ini - open - notepad.exe %1

.js - edit -

.js - open -

.reg - edit -

.txt - open - notepad.exe %1

.vbs - edit -

 

======List of files/folders created in the last 1 months======

 

2009-06-06 23:52:33 ----D---- C:\rsit

2009-06-06 22:59:16 ----A---- C:\lopR.txt

2009-06-06 22:57:47 ----D---- C:\Lop SD

2009-06-06 09:12:34 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-05 15:50:57 ----D---- C:\HijackThis

2009-06-05 00:01:23 ----A---- C:\WINDOWS\wininit.ini

2009-06-04 23:23:00 ----D---- C:\Program Files\Avira GmbH

2009-05-29 19:36:14 ----D---- C:\Documents and Settings\Aziz\Application Data\Broad Intelligence

2009-05-29 19:36:06 ----D---- C:\Program Files\MediaCoder Mobile Phone Edition

2009-05-28 21:47:56 ----A---- C:\WINDOWS\system32\TweakUI.exe

2009-05-23 08:19:23 ----A---- C:\process.txt

2009-05-23 00:29:13 ----D---- C:\Program Files\VirusSecureLab

2009-05-22 19:02:04 ----A---- C:\WINDOWS\system32\regedit.exe

2009-05-18 12:13:15 ----D---- C:\Program Files\Avira

2009-05-18 12:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-05-10 22:06:27 ----D---- C:\Program Files\Second Backup

 

======List of files/folders modified in the last 1 months======

 

2009-06-06 23:44:06 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-03 21:47:46 ----A---- C:\Documents and Settings\Aziz\Application Data\ispro3_0.tmp

2009-06-01 00:24:54 ----A---- C:\WINDOWS\NeroDigital.ini

2009-05-26 13:50:16 ----A---- C:\WINDOWS\win.ini

2009-05-26 13:50:16 ----A---- C:\WINDOWS\SYSTEM.INI

2009-05-26 13:50:16 ----A---- C:\BOOT.INI

2009-05-23 01:19:22 ----A---- C:\WINDOWS\wincmd.ini

2009-05-10 22:06:10 ----A---- C:\WINDOWS\iun6002.exe

2009-05-07 08:16:30 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]

R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368]

R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PCISys;PCISys; C:\WINDOWS\system32\drivers\pcisys.sys [2008-10-09 39520]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-02 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

R3 gdihook5;gdihook5; C:\WINDOWS\system32\DRIVERS\gdihook5.sys [2008-10-09 31328]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-03-13 47360]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-11-09 10368]

R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []

S2 HF30Sys;HF30Sys; C:\WINDOWS\system32\drivers\HF30Sys.sys []

S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys []

S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys []

S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\WINDOWS\system32\DRIVERS\bcfilter.sys []

S3 BcfilterMP;BcfilterMP; C:\WINDOWS\system32\DRIVERS\bcfilter.sys []

S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []

S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []

S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]

S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Mobile Phone Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 gwiopm;gwiopm; C:\WINDOWS\system32\drivers\gwiopm.sys []

S3 HF30Kbd;HF30Kbd; C:\WINDOWS\system32\drivers\HF30Kbd.sys []

S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 mrlgmrye;mrlgmrye; \??\C:\WINDOWS\system32\0248.tmp []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]

S3 pascczn;pascczn; \??\C:\WINDOWS\system32\0590.tmp []

S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-02 5888]

S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\WNt500x86\Sandra.sys []

S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []

S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []

S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728]

S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2006-02-09 248704]

S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []

S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2009-01-15 85184]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]

R2 pvmwinser;pvmwinser; C:\WINDOWS\system32\pvmser.exe [2007-06-21 86016]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2009-02-15 2402184]

S2 zqlcsz.REN;Support Universal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-02 19456]

S3 POMZBVVILXRL;POMZBVVILXRL; C:\Temp\POMZBVVILXRL.exe []

S3 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S3 WGDTMUGZL;WGDTMUGZL; C:\Temp\WGDTMUGZL.exe [2009-06-06 478080]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-02 655624]

S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S4 gupdate1c9b70973ff494e;Google Update Service (gupdate1c9b70973ff494e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 133104]

S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-09 138168]

S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S4 maconfservice;maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [2008-05-14 576680]

S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe []

S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]

S4 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224]

S4 Second Backup Service;Second Backup Service; C:\Program Files\Second Backup\SecondBackup.exe [2009-01-20 1744896]

S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-05 362240]

S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-12-05 603904]

S4 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

 

 

Contenu d'infos.txt :

 

info.txt logfile of random's system information tool 1.06 2009-06-06 23:53:00

 

======Uninstall list======

 

Site Map Maker 1.4-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Site Map Maker\ss2uinst.dat"

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Program Files\ProgDVB\uninstall.exe

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

A1 Keyword Research-->"C:\Program Files\Micro-Sys Software\Keyword\unins000.exe"

A1 Sitemap Generator-->"C:\Program Files\Sitemap\unins000.exe"

AAA Logo 2008 2.10-->"C:\Program Files\AAALOGO2008\unins000.exe"

ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}

ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}

Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG

Adult Online TV Player 2009 1.00-->C:\Program Files\Adult Online TV Player 2009\Uninstall.exe

Advanced eLearning Builder 3.6.4-->"C:\Program Files\Advanced eLearning Builder\unins000.exe"

Agama Web Buttons-->"C:\Program Files\Agama Web Buttons\unins000.exe"

Agama Web Menus-->"C:\Program Files\Agama Web Menus\unins000.exe"

AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"

Aleo Flash Intro Banner Maker 2.6.106-->"C:\Program Files\Aleo Software\Flash Intro and Banner Maker\unins000.exe"

Alligator Flash Designer 7 (7.0.7) Trial-->C:\PROGRA~1\Selteco\ALLIGA~1\Setup.exe /remove

Allok Video to FLV Converter 4.7.1202-->"C:\Program Files\Allok Video to FLV Converter\unins000.exe"

AMS Photo Effects 1.67-->"C:\Program Files\AMS Photo Effects\unins000.exe"

ANTONOV AN-26 FSX-->E:\Jeux\FSX\Désinstaller ANTONOV AN-26 FSX.exe

Ap PDF to HTML-->"C:\Program Files\PDF to HTML\unins000.exe"

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Applet Effects Factory-->C:\APPLET~1\UNWISE.EXE C:\APPLET~1\INSTALL.LOG

Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"

Arles Image Web Page Creator 7.1-->"C:\Program Files\Arles Image Web Page Creator\unins000.exe"

ASF-AVI-RM-WMV Repair 1.82-->"C:\Program Files\ASF-AVI-RM-WMV Repair\unins000.exe"

Astro-->C:\Program Files\Astro\astrouninst.exe

AutoRun Pro version 3.0-->"C:\Program Files\Longtion\AutoRunPro\unins000.exe"

Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly

AVI/MPEG/RM/WMV Joiner 4.82-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

AVS Video Tools 5.3-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"

Banner Maker Pro Version 7-->"C:\Program Files\Banner Maker Pro 7\unins000.exe"

Belarc Advisor 7.2-->C:\PROGRA~1\BELARC\ADVISOR\Uninstall.exe C:\PROGRA~1\BELARC\ADVISOR\INSTALL.LOG

bioVirtual 3DMeNow-->"C:\Program Files\bioVirtual\3DMeNow\unins000.exe"

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

BusinessCardsMX 3.92-->"C:\Program Files\BusinessCardsMX3\unins000.exe"

Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

ChangeMoney-->MsiExec.exe /I{7B386C98-6FA4-4498-8E00-D19B2A42B7CF}

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Classic Menu 3.9x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe"

Cleanerzoomer 3.7-->"C:\Program Files\Cleanerzoomer\Uninstall.exe" "C:\Program Files\Cleanerzoomer\install.log"

CloneDVD 3.9-->"C:\Program Files\CloneDVD\unins000.exe"

CodecInstaller 2.6.2-->C:\Program Files\CodecInstaller\uninst.exe

CoffeeCup Flash Menu Builder-->C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG

CoffeeCup Flash Photo Gallery - Registered-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG

CoffeeCup GIF Animator-->C:\PROGRA~1\COFFEE~1\GIFANI~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\GIFANI~1\GAinst.LOG

CoffeeCup Google SiteMapper-->C:\PROGRA~1\COFFEE~1\COF6DF~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COF6DF~1\SITEMA~1.LOG

CoffeeCup Visual Site Designer-->C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe

CoffeeCup Web Calendar-->C:\PROGRA~1\COFFEE~1\CO7336~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO7336~1\INSTALL.LOG

CoffeeCup Web Form Builder - Registered-->C:\PROGRA~1\COFFEE~1\CO4208~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO4208~1\INSTALL.LOG

CoffeeCup Web Video Player - Registered-->C:\PROGRA~1\COFFEE~1\COAEA2~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COAEA2~1\INSTALL.LOG

CoffeeCup WebCam 3.5-->C:\PROGRA~1\COFFEE~1\WEBCAM~1.5\UNWISE.EXE C:\PROGRA~1\COFFEE~1\WEBCAM~1.5\INSTALL.LOG

CommentCaMarche 2.0.6-->"C:\Program Files\CommentCaMarche\unins000.exe"

ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"

Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

CVitae 2.1.1-->"C:\Program Files\CVitae\uninstall.exe"

CyD WEB Calendar Creator-->C:\Program Files\WEB Calendar Creator\Install.exe u

Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}

DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log

DivXLand Media Subtitler-->C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log

DMi 1.6.9-->"C:\Program Files\DMi\unins000.exe"

Double Drive-->"C:\Program Files\Double Driver\unins000.exe"

Drive Rescue 1.9-->"C:\Program Files\Drive Rescue\unins000.exe"

Driver Magician 3.32-->"C:\Program Files\Driver Magician\unins000.exe"

DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove

Easy Website Pro 4-->C:\Program Files\Easy Website Pro 4\Uninstall.exe

EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe"

e-Campaign-->C:\PROGRA~1\E-CAMP~1\UNWISE.EXE C:\PROGRA~1\E-CAMP~1\INSTALL.LOG

eComm PRO-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TRELLIAN\eComm PRO\Uninst.isu"

Egyptoid-->"C:\Program Files\Egyptoid\unins000.exe"

EmEditor Professional (English)-->MsiExec.exe /I{102DE03E-CFCE-47F5-A1CC-C9F5F4CBA888}

eMule-->"C:\Program Files\eMule\Uninstall.exe"

encodeur Real Video Producer-->C:\Program Files\Ripp-it_AM\PRODUCER_Uninstal.exe

ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}

ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

EVEREST Home Edition v2.20-->"C:\Program Files\Everest\unins000.exe"

EximiousSoft GIF Creator V5.60-->"C:\Program Files\GifCreator\unins000.exe"

EzGenerator Trial 2.8-->C:\Program Files\EzGenerator28\uninst.exe

ffdshow [rev 2676] [2009-02-11]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"

FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla Client\uninstall.exe

Flash Effect Maker Pro v4.0 Full (578 Templates/Unicode UTF8)-->"C:\Program Files\Flash Effect Maker\unins000.exe"

Flash Menu Factory-->"C:\WINDOWS\Flash Menu Factory\uninstall.exe" "/U:C:\Program Files\Flash Menu Factory\Uninstall\uninstall.xml"

Flash Menu Labs Pro v2-->"C:\Program Files\Flash Menu Labs Pro v2\unins000.exe"

Flash Optimizer 2-->"C:\Program Files\Flash Optimizer 2\unins000.exe"

FLV Player-->C:\Program Files\FLV Player2\uninstall.exe

FlvRecorder-->"C:\Program Files\FlvRecorder\unins000.exe"

Focus Photoeditor 5-->"C:\Program Files\NWSoftware\Focus Photoeditor 5\unins000.exe"

Folderico 3.7.2-->C:\Program Files\Folderico\uninst.exe

Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Free Folder Hider 10.7-->"C:\Program Files\FreeFolderHider\unins000.exe"

Free Video Dub version 1.4-->"C:\Program Files\Free Video Dub\unins000.exe"

French language for ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /X{93F25E80-52AA-4B91-BE8A-56F940D8B7F8}

FreshUI-->"C:\Program Files\FreshDevices\FreshUI\unins000.exe"

Frotv-->MsiExec.exe /I{64C87E9E-824E-4030-96B4-486237984D00}

FSNavigator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

GMail Drive Shell Extension-->rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf

GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe"

Google Earth Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly

Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GreenBox 1.0-->"C:\Program Files\Studio V5\GreenBox\unins000.exe"

GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe"

Helexis Site Publisher-->"C:\Program Files\Site Publisher v2\uninstall.exe"

Help & Manual 4.5-->"C:\Program Files\HelpandManual4\unins000.exe"

Help Workshop-->C:\Program Files\Help Workshop\_instpgm.exe /U

Hex Workshop v5.1-->MsiExec.exe /I{54A55DF7-BCC0-4C98-84AB-01CDA57687C7}

Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}

HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall

HoverIP v1.0 beta-->"C:\Program Files\HoverIP\unins000.exe"

HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

HTML Code Library 1.6.0.48-->"C:\Program Files\HTML Code Library\unins000.exe"

HTML Email Creator 2.1 build 659-->C:\Program Files\HTML Email Creator\uninst.exe

HTML Help Workshop-->C:\Program Files\HTML Help Workshop\setup.exe Uninstall

HTML Password Lock 3.4-->"C:\Program Files\HTML Password Lock\unins000.exe"

Html To Image 2.0-->"C:\Program Files\Html To Image\unins000.exe"

Htpasswd Generator 3.0-->"C:\Program Files\Htpasswd Generator\unins000.exe"

IBP 10.0.3-->"C:\Program Files\IBP 10\unins000.exe"

Image Grabber II-->"C:\Program Files\Image Grabber II\uninstall.exe"

Infiltrations MG-->C:\Program Files\InfiltrationsMG\Uninstal.exe

Install Creator Pro-->C:\Program Files\Install Creator Pro\Uninstal.exe

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Instant Photo Artist 2.0-->C:\Program Files\Instant Photo Artist 2\Uninstall.exe

IP Changer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IP Changer 2.0\Uninst.isu"

IsoBuster 1.9.1-->"C:\Program Files\IsoBuster\Uninst\unins000.exe"

iSpring Pro 3.1.0-->"C:\Program Files\iSpring Pro 3\unins000.exe"

J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

kBilling Invoicing Software-->"C:\Program Files\kBilling\unins000.exe"

KeyEditor-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\KeyEditor\Uninst.isu"

Kill Process 5.0.0.5 (désinstaller seulement)-->"C:\Program Files\Kill Process\uninstall.exe"

K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall

L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf

Language pack for Ad-Aware SE-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\INSTALL.LOG

Lara Croft Tomb Raider : L’Ange des Ténèbres-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}

Lauyan TOWeb-->"C:\Program Files\Lauyan\TOWeb V1\unins000.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Life Photo Maker-->"C:\Program Files\LifePhotoMaker\Uninstall.exe"

Likno Web Button Maker-->C:\PROGRA~1\LIKNOW~1\UNWISE.EXE C:\PROGRA~1\LIKNOW~1\INSTALL.LOG

LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"

LingvoSoft Talking Dictionary 2006 (French<->Arabic) for Windows-->C:\PROGRA~1\LINGVO~1\LINGVO~1\UNWISE.EXE C:\PROGRA~1\LINGVO~1\LINGVO~1\INSTALL.LOG

Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c

Lynx 2.8.5rel.1-->"C:\Program Files\lynx\unins000.exe"

Ma-Config.com-->MsiExec.exe /X{35CB235F-6E2B-4F20-9739-51E0ED3D8093}

Magic Image Resizer 1.5 (remove only)-->"C:\Program Files\Magic Image Resizer\uninst.exe"

Magic Morph 1.95b-->"C:\Program Files\Magic Morph\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}

MediaCoder Mobile Phone Edition-->C:\Program Files\MediaCoder Mobile Phone Edition\uninst.exe

Memory Release Master v5.0.0.1-->"C:\Program Files\Memory Release Master\unins000.exe"

Meracl ImageMap Generator v3.5.3-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ImageMap Generator\ST6UNST.LOG"

MetaProducts Flash and Media Capture 1.3-->MsiExec.exe /X{045F98F0-C980-4B32-BA23-529843557B2B}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}

Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}

Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}

Microsoft Expression Web-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL

Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}

Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server Compact 3.5 Design Tools FRA-->MsiExec.exe /X{043ECF7B-4724-4F7B-8A9D-BC22719E95F7}

Microsoft SQL Server Database Publishing Wizard 1.1-->MsiExec.exe /X{8C6EE0B4-650F-452E-B9C2-882A72227B19}

Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Visual Basic 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - FRA\setup.exe

Microsoft Visual Basic 2008 Express Edition - FRA-->MsiExec.exe /X{ACC61C04-48C5-3F6F-977B-AD33E94E5F40}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}

MightyFax-->C:\PROGRA~1\MIGHTY~1\UNWISE.EXE C:\PROGRA~1\MIGHTY~1\INSTALL.LOG

Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

MKVtoolnix 2.1.0-->C:\Program Files\MKVtoolnix\uninst.exe

Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Momindum Studio - version 1.2.1r349-->"C:\Program Files\Momindum Studio\unins000.exe"

MorphBuster-->MsiExec.exe /I{79EB9E06-7239-42B2-A638-1F21E5DDF08C}

Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mpeg2Decoder 1.3-->"C:\Program Files\Mpeg2Decoder\unins000.exe"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

My Life Poster Maker-->C:\Program Files\MyLifePosterMaker\uninstal.exe

myFMbutler DoScript-->MsiExec.exe /I{34E0A308-C4F6-4091-B87E-CAC06727CE12}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

Neuro-Programmer Professional 2.4.2-->"C:\Program Files\Neuro-Programmer 2 Professional\unins000.exe"

nLite 1.4.9-->"C:\Program Files\nLite\unins001.exe"

Nullsoft Install System-->"C:\Program Files\NSIS\uninst-nsis.exe"

Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

OpenDNS Updater 1.3.0.180-->"C:\Program Files\OpenDNS Updater\Uninstall.exe"

OpenSSL 0.9.8e Light-->"C:\Program Files\OpenSSL\unins000.exe"

Ophta 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E29710E-710C-4FAB-95DA-7290FAF0E937}\setup.exe" -l0x40c -removeonly

OpticPro ST12-->C:\PROGRA~1\ScannerU\UNINSTAL\SETUP.EXE

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Pack PSP - Ri4m - v1.0a-->C:\Program Files\Ripp-it_AM\dlls\Uninstal.exe

Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf

Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf

Panorado 3.3-->"C:\Program Files\Panorado\Panorado.exe" -UnregServer -UI

Partition Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}

Pass4Side FM0-303 Ver Demo-->C:\Program Files\Pass4Side\FM0-303\uninst.exe

Passware Kit Enterprise 8.3-->C:\Program Files\Passware\un-kit_ent.exe

PayPal Shop Builder 1.5.1-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\PAYPALSB15.LOG

PC Sync Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PC Sync Manager\Uninst.isu"

PCI Audio Driver-->cmuninst.exe

PDF Creator Plus 4.0-->MsiExec.exe /I{49D56762-52DA-4350-9420-97BACA9D7D62}

PDF Image Extraction Wizard 1.2-->"C:\Program Files\PDF Image Extraction Wizard 1.2\unins000.exe"

PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0409

Picture Merge Genius 2.2-->"C:\Program Files\Picture Merge Genius\unins000.exe"

Portrait Professional Max 6.3-->"C:\Program Files\Portrait Professional Max 6\unins000.exe"

Power Video Converter 1.5.47-->"C:\Program Files\Power Video Converter\unins000.exe"

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

PPTminimizer-->"C:\Program Files\PPTminimizer\unins000.exe"

Private Pix -->C:\Program Files\Privp\privp.exe /u

Product Key Explorer 2.0.2-->"C:\Program Files\ProductKeyExplorer\unins000.exe"

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

ProxyShell Hide IP 2.2.0-->"C:\Program Files\ProxyShell\ProxyShell Hide IP\unins000.exe"

PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"

PureImage NR 1.7-->"C:\Program Files\PureImage\unins000.exe"

Quick View Plus-->C:\WINDOWS\UNINSQVP.EXE

QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}

RAR Password Recovery v1.1 RC16 (remove only)-->C:\Program Files\Rar Password Recovery\uninstall.exe

RealDraw Pro v4.0.17.1-->"C:\Program Files\RealDrawPRO4\Uninstall\unins000.exe"

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Registry Easy v4.8-->"C:\Program Files\Registry Easy\unins000.exe"

Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe

Ripp-It Codec Pack v 4.2.6-->C:\Program Files\Ripp-It Codec Pack\uninst.exe

Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"

RoadRash-->C:\WINDOWS\unin040c.exe -fe:\jeux\roadrash\DeIsL1.isu

SAGEM F@st 3302-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A975AC1-1E5B-43B7-B42B-6E617B39C936}\setup.exe" -l0x40c

Sandboxie 3.34-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove

Sarmsoft Resume Builder-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{748D56F4-F3B5-4A9C-BCEF-5D4CD33C87E5} /l1036

Second Backup 9.8.15-->C:\WINDOWS\iun6002.exe "C:\Program Files\Second Backup\irunin.ini"

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Serials 2000 8.1 SR-2 by Kostolomac.TK-->MsiExec.exe /X{07B3E0EC-E746-4D97-A7A5-65CB10592E8D}

Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"

SHARM 2.4-->"C:\Program Files\SHARM 2.4\unins000.exe"

SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

ShopFactory V7 Gold-->"C:\Program Files\ShopFactory V7\unins000.exe"

Simple VIVO Player-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Vivoplayer\ST6UNST.LOG"

Site Studio-->MsiExec.exe /X{53145EBA-86F8-4FAE-A9CB-43EA6633A116}

skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SnagIt 9-->MsiExec.exe /I{ADDD6985-3A28-44D0-A1BA-FDD19A820491}

SolSuite 2007 v7.7-->"E:\Jeux\SolSuite\unins000.exe"

Sothink DHTML Menu 8-->"C:\Program Files\SourceTec\Sothink DHTML Menu 8\unins000.exe"

Source Code Library 1.8.5.314-->"C:\Program Files\Source Code Library\unins000.exe"

Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins001.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"

Sqirlz Water Reflections-->C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe

staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

Stereogram magician (V3.21)-->"C:\Program Files\Stereogram magician\unins000.exe"

StudioLine Web-->C:\Program Files\StudioLine Web\SLUninst.exe

SubMagic V0.65-->"C:\Program Files\SubMagic\unins000.exe"

Supaplex 3000-->"E:\Jeux\Supaplex 3000\unins000.exe"

Super Video Splitter 5.7.4-->"C:\Program Files\Super Video Splitter\unins000.exe"

Sweet Home 3D version 1.4-->"C:\Program Files\Sweet Home 3D\unins000.exe"

SWF & FLV Toolbox 3.5 (build 3.5.22.310)-->"C:\Program Files\Eltima Software\SWF & FLV Toolbox\unins000.exe"

SWF Decompiler Magic 5.0.1.3557-->"C:\Program Files\SWF Decompiler Magic\unins000.exe"

SWFMenu-->C:\PROGRA~1\SWFMENU\UNWISE.EXE C:\PROGRA~1\SWFMENU\INSTALL.LOG

SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

The Flash Ad Creator v2.5-->C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log

The Flash Ad Creator-->C:\WINDOWS\unvise32.exe C:\Program Files\The Flash Ad Creator\uninstal.log

Tom A330-200 FSX-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{8E326~1\Setup.exe /remove /q0

Tomb Raider - The Last Revelation-->C:\WINDOWS\IsUninst.exe -f"e:\jeux\Tomb Raider - The Last Revelation\Uninst.isu"

Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe

TreeSize Professional 5.1.2-->"C:\Program Files\TreeSize Professional\Uninstall\unins000.exe"

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

Turbo ZIP Cracker v. 1.3-->"C:\Program Files\FDRLab\Turbo ZIP Cracker\unins000.exe"

TVUPlayer 2.3.5.4-->C:\Program Files\TVUPlayer\uninst.exe

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"

Ultra PPT To HTML Converter 2.0-->"C:\Program Files\Ultra PPT To HTML Converter\unins000.exe"

Ultra Video Joiner 4.8.0411-->"C:\Program Files\Ultra Video Joiner\unins000.exe"

Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"

Uninstall Website Layout Maker-->"C:\Program Files\Website Layout Maker\uninstall.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}

VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

VIA/S3G Display Driver 6.14.10.0331-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns

VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns

Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe

Video Edit Magic 4.3-->"C:\Program Files\Deskshare\Video Edit Magic 4.3\unins000.exe"

Video Snapshots Genius 2.3.1-->"C:\Program Files\Video Snapshots Genius\unins000.exe"

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Virtual Plastic Surgery Software - VPSS v1.0-->"C:\Program Files\VPSS\unins000.exe"

Virus Effect Remover 2.8-->C:\Program Files\VirusSecureLab\Virus Effect Remover\Uninstall.exe

VisualSubSync (remove only)-->"C:\Program Files\VisualSubSync\VisualSubSync-uninstall.exe"

VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

VSO Image Resizer 1.3.4-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

Vtune 4.6-->"C:\Program Files\Vtune\unins000.exe"

Weather Clock 3.1-->"C:\Program Files\Weather Clock\unins000.exe"

Web Gallery Builder version 1.87-->"C:\Program Files\Web Gallery Builder\unins000.exe"

Web Gallery Wizard PRO 1.5.3113.1-->"C:\Program Files\Web Gallery Wizard PRO\unins000.exe"

Web Page Maker V2.5-->"C:\Program Files\Web Page Maker V2\unins000.exe"

Web Page Maker V3.12-->"C:\Program Files\Web Page Maker\unins000.exe"

Web Palette Pro-->MsiExec.exe /I{8B9806E6-BBB6-40B4-A5B6-848C132E3460}

Webcam Video Capture 1.9.41-->"C:\Program Files\Webcam Video Capture\unins000.exe"

Website Submitter 2.2-->"C:\Program Files\Submit Suite\Website Submitter\unins000.exe"

WhoCrashed 1.01-->"C:\Program Files\WhoCrashed\unins000.exe"

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinFuture xp-Iso-Builder 3.0.7-->"C:\Program Files\xp-Iso-Builder\unins000.exe"

WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinUHA 2.0 RC1 (2005.02.27)-->"C:\Program Files\WinUHA\unins000.exe"

WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Wondershare Flash Slideshow Builder Giveaway Edition (4.6.0)-->"C:\Program Files\Wondershare\Flash Slideshow Builder\unins000.exe"

WYSIWYG Web Builder 5.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\WYSIWYG Web Builder 5\irunin.ini"

Xenu's Link Sleuth-->"C:\Program Files\Xenu\unins000.exe"

XP Repair Pro 2007-->MsiExec.exe /X{7D5EDF94-4A58-4C53-A07A-1E4B535307D5}

XTNDConnect PC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D6ACBBB-A640-4715-BA0F-42D1EA05F23A}\Setup.exe" UNINSTALL

yBook-->"C:\Program Files\yBook\unins000.exe"

yWriter2-->"C:\Program Files\yWriter2\unins000.exe"

ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

=====HijackThis Backups=====

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= wellcome khaled-3hp =~-. [2009-06-05]

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) [2009-06-05]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-06-05]

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll [2009-06-05]

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aziz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-06-06]

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: AntiVir Desktop (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

FW: ZoneAlarm Pro Firewall

 

======System event log======

 

Computer Name: XXXXXX

Event Code: 1003

Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir

du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00194B88B63B. Il s'est

produit l'erreur suivante :

L'opération a été annulée par l'utilisateur.

.

Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du

serveur d'adresse réseau (DHCP).

 

Record Number: 81406

Source Name: Dhcp

Time Written: 20090523080400.000000+060

Event Type: warning

User:

 

Computer Name: XXXXXX

Event Code: 7026

Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :

StarOpen

 

Record Number: 81405

Source Name: Service Control Manager

Time Written: 20090523080400.000000+060

Event Type: error

User:

 

Computer Name: XXXXXX

Event Code: 7000

Message: Le service HF30Sys n'a pas pu démarrer en raison de l'erreur :

Le fichier spécifié est introuvable.

 

 

Record Number: 81404

Source Name: Service Control Manager

Time Written: 20090523080356.000000+060

Event Type: error

User:

 

Computer Name: XXXXXX

Event Code: 7000

Message: Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer en raison de l'erreur :

Le fichier spécifié est introuvable.

 

 

Record Number: 81403

Source Name: Service Control Manager

Time Written: 20090523080356.000000+060

Event Type: error

User:

 

Computer Name: XXXXXX

Event Code: 10005

Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service upnphost avec les arguments ""

pour démarrer le serveur :

{204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Record Number: 81372

Source Name: DCOM

Time Written: 20090523030011.000000+060

Event Type: error

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: XXXXXX

Event Code: 20

Message:

Record Number: 7590

Source Name: Google Update

Time Written: 20090516142702.000000+060

Event Type: error

User: AUTORITE NT\SYSTEM

 

Computer Name: XXXXXX

Event Code: 20

Message:

Record Number: 7589

Source Name: Google Update

Time Written: 20090516132703.000000+060

Event Type: error

User: AUTORITE NT\SYSTEM

 

Computer Name: XXXXXX

Event Code: 20

Message:

Record Number: 7588

Source Name: Google Update

Time Written: 20090516122702.000000+060

Event Type: error

User: AUTORITE NT\SYSTEM

 

Computer Name: XXXXXX

Event Code: 20

Message:

Record Number: 7587

Source Name: Google Update

Time Written: 20090516112704.000000+060

Event Type: error

User: AUTORITE NT\SYSTEM

 

Computer Name: XXXXXX

Event Code: 4691

Message: L'environnement d'exécution n'a pas pu initialiser les transactions nécessaires pour la gestion des composants transactionnels. Assurez-vous que MS-DTC est en cours d'exécution. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Record Number: 7585

Source Name: COM+

Time Written: 20090516111601.000000+060

Event Type: error

User:

 

======Environment variables======

 

".NET_Framework"=C:\Windows\Microsoft.NET\Framework\v2.0.50727

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"MOMINDUM_STUDIO_ALL_USERS_PROFILE"=C:\Documents and Settings\All Users\Application Data\Momindum Studio

"MOMINDUM_STUDIO_HOME"=C:\Program Files\Momindum Studio

"NUMBER_OF_PROCESSORS"=2

"OPENSSL_CONF"=C:\Program Files\OpenSSL\bin\openssl.cnf

"OS"=Windows_NT

"Path"=C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\php;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\DataDirect\slodbc54\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel

"PROCESSOR_LEVEL"=15

"PROCESSOR_REVISION"=0401

"TEMP"=C:\TEMP

"TMP"=C:\TEMP

"windir"=%SystemRoot%

"tvdumpflags"=8

 

-----------------EOF-----------------

 

 

 

Bonsoir, Thanos

 

Prends-le là pour voir: http://senduit.com/a78096

 

@++

 

Merci Apollo pour le lien, çà marche !!

Modifié le 7 juin 2009 par aziouz

[aziouz]

Bonjour à tous

 

Une dernière analyse anti-virale me fait détecter Confiker W32.Downadup !!!!! Avec quelques acrobaties puisque les sites éditeurs m'étaient interdits, j'ai pu télécharger l'outil de désinfection de Symantec.

 

Cet outils me semble efficace sur mon notebook, le virus est détecté et éliminé. Ma navigation redevient normale, les fichiers cachés sont enfin visibles.

 

Sur mon ordi de bureau (objet de ce post), c'est plus laborieux (350 Go !). Une première désinfection me semble incomplète malgré la découverte de plusieurs clés du registre infectées. Ma clé USB se réinfecte à chaque fois avec un fichier autorun.inf et un répertoire Recycled cachés. Je vais retenter une désinfection ce soir.

 

Ce forum que je consulte souvent est une source intarissable d'informations et de bonnes idées ! Bravo pour vos aides.

 

Le post est toujours ouvert, mon problème principal n'étant pas résolu.

Modifié le 7 juin 2009 par aziouz

[Thanos]

salut

 

Ok! si Confiker W32.Downadup a été détecté, voici la marche à suivre pour ton pc de bureau >>

 

Le vers qui s'attaque à ton pc utilise une faille de sécurité de Windows pour le faire. On va donc utiliser un programme dédié pour nettoyer l'infection et mettre ton système à jour dans la foulée.

 

Tu n'auras pas la possibilité de consulter la procédure car il va falloir déconnecter le pc physiquement à un moment. Il va donc falloir que tu utilises le notebook pour pouvoir consulter la pprocédure

 

*************

 

1°) Téléchargement des programmes >>

 

Télécharge D.exe sur le Bureau. Ne lance pas encore le programme!

 

Télécharge aussi la Mise à jour de sécurité pour Windows XP (KB958644) => ICI

 

2°) Ferme tous les programmes et désactive la connexion Internet (débranche le cable pour cela).

 

3°) Utilisation de l'outil Symantec >>

• Double clique sur D.exe pour le lancer.
  
• Clique sur Start
  
• En cas d'échec recommence la procédure en Mode sans Echec
  
• Redémarre le pc et relance l'outil une seconde fois.
  

3°) Une fois ceci fait, installe le correctif de Microsoft => (KB958644)

 

Note: il est important de déconnecter le pc physiquement avant de lancer l'outil!

 

Poste stp le rapport de l'outil de Symantec

Modifié le 7 juin 2009 par Thanos

[aziouz]

L'opération a été exécutée à la lettre sans passage par la case mode sans échec.

 

Mon ordi est redevenu "normal". Je me croyais à jour des maj windowsupdate : il en manquait une !!

 

Merci Thanos pour toute l'aide prodiguée et merci au forum Zebulon

 

Je double mes précautions doréanavant.

 

Rapport de l'outil Symantec :

 

Symantec W32.Downadup Removal Tool 1.1.0.7

 

 

ERROR: Can't change ACL/permissions for file C:\pagefile.sys; file not scanned

C:\Program Files\Flash Menu Labs Pro v2\FlashMenuLabs.exe: failed in scanning.

C:\WINDOWS\system32\ylwvoghj.vir: W32.Downadup.B (unrepairable) (deleted)

 

 

ERROR: Can't change ACL/permissions for file C:\WINDOWS\system32\zllictbl.dat; file not scanned

C:\System Volume Information\_restore{D2091FDC-462D-439B-8A10-86EDA1E22E67}\RP1\A0000055.DLL: W32.Downadup.B (unrepairable) (deleted)

 

 

ERROR: Can't change ACL/permissions for file E:\pagefile.sys; file not scanned

 

registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: dl (value deleted)

registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: ds (value deleted)

registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3))

 

W32.Downadup has been successfully removed from your computer!

 

Here is the report:

 

The total number of the scanned files: 622723

The number of deleted threat files: 2

The number of threat processes terminated: 0

The number of threat threads terminated: 0

The number of registry entries fixed: 3

Modifié le 7 juin 2009 par aziouz

[Thanos]

salut

 

Je reviens la dessus >>

Cet outils me semble efficace sur mon notebook, le virus est détecté et éliminé. Ma navigation redevient normale, les fichiers cachés sont enfin visibles.

As tu utilisé le même outil pour nettoyer ton portable ?

 

L'outil de Symantec a fait son boulot Il y a encore du ménage à faire sur ce pc cependant >>

 

Normalement tu dois pouvoir télécharger ce programme sans soucis à présent:

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complêt"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

2°) Relance RSIT mais ne poste que le rapport log.txt stp

Modifié le 7 juin 2009 par Thanos

[aziouz]

Voilà les deux fichiers (Malwarebytes et RSIT)

 

Malwarebytes' Anti-Malware 1.37

Version de la base de données: 2243

Windows 5.1.2600 Service Pack 3

 

07/06/2009 22:09:28

mbam-log-2009-06-07 (22-09-28).txt

 

Type de recherche: Examen complet (C:\|E:\|H:\|)

Eléments examinés: 531690

Temps écoulé: 1 hour(s), 53 minute(s), 4 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

-------------------------------------------------------------

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Aziz at 2009-06-07 20:36:22

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 12 GB (25%) free of 49 GB

Total RAM: 1023 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:03, on 07/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\pvmser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

E:\Program Files\USDownloader\USDownloader.exe

C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe

C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe

C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\FIREFOX.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

E:\Logiciels\Virus\RSIT.exe

C:\HijackThis\Aziz.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uSDownloader] "E:\Program Files\USDownloader\USDownloader.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Download with USDownloader - E:\Program Files\USDownloader\Ext\downloadie.html

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: AutoLogin - {D04AA3F7-DEE7-479B-A153-24E6C36300C0} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165854171656

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: GEARSecurity - NetSupport Ltd - (no file)

O23 - Service: Service Google Update (gupdate1c9e6fe28128e9a) (gupdate1c9e6fe28128e9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: POMZBVVILXRL - Unknown owner - C:\Temp\POMZBVVILXRL.exe (file missing)

O23 - Service: pvmwinser - Unknown owner - C:\WINDOWS\system32\pvmser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe

O23 - Service: WGDTMUGZL - Sysinternals - www.sysinternals.com - C:\Temp\WGDTMUGZL.exe

 

--

End of file - 12790 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

C:\WINDOWS\tasks\Schedule Task Weekly.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{8DD952B1-62EE-4584-B29D-4881C063DD6F}.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1547161642-839522115-1003.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-23 1410344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC200356-0864-4F66-8964-5D43A19300F5}]

AL2Spy Class - C:\WINDOWS\AUTOLO~1\AL2DLL.dll [2007-08-27 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8803722-A7F5-45C5-B39A-A8B244486EC2}]

Flash and Media Capture Helper - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-13 5804872]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-07 399352]

{650EB965-8A1D-41C9-A941-0578F5CFC569} - Flash and Media Capture Bar - C:\Program Files\Fichiers communs\MetaProducts\FMCapt.dll [2007-11-15 1739352]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]

"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"USDownloader"=E:\Program Files\USDownloader\USDownloader.exe [2008-09-10 529920]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

C:\Program Files\Vtune\TBPanel.exe [2006-09-13 2154496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]

C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-09-18 185896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Action Manager 32.lnk]

C:\PROGRA~1\ScannerU\AM32.exe [2002-06-28 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EmEditor.lnk]

C:\PROGRA~1\EmEditor\emedtray.exe [2007-12-16 90768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk.disabled]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aziz^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]

C:\DOCUME~1\Aziz\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2008-12-20 143360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SandraTheSrv"=3

"SandraDataSrv"=3

"ose"=3

"Macromedia Licensing Service"=3

"idsvc"=3

"FLEXnet Licensing Service"=3

"TUWinStylerThemeSvc"=2

"rpcapd"=3

"WMPNetworkSvc"=3

"odserv"=3

"NVSvc"=2

"NMIndexingService"=3

"NBService"=3

"gusvc"=3

"PSI_SVC_2"=2

"ProtexisLicensing"=2

"usnjsvc"=3

"TuneUp.Defrag"=3

"Nero BackItUp Scheduler 3"=2

"WLSetupSvc"=3

"Microsoft Office Groove Audit Service"=3

"SandraAgentSrv"=3

"PLFlash DeviceIoControl Service"=2

"maconfservice"=3

"LEC TranslateDotNet Server"=3

"Bonjour Service"=2

"Second Backup Service"=3

"gupdate1c9b70973ff494e"=2

"fsssvc"=3

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=C:\WINDOWS\qvphook.dll [2007-12-27 57344]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskmgr"=0

"DisableChangePassword"=0

"DisableLockWorkstation"=0

"NoDispSettingsPage"=0

"NoDispAppearancePage"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoFolderOptions"=0

"NoFileUrl"=0

"NoRun"=0

"NoUpdateCheck"=0

"NoLogoff"=0

"NoClose"=0

"NoSetFolders"=0

"NoFind"=0

"NoDrives"=0

"NoDesktop"=0

"DisallowRun"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\IBP 10\IBP.exe"="C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\e-Campaign\eCampaign.exe"="C:\Program Files\e-Campaign\eCampaign.exe:*:Enabled:e-Campaign"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05367272-5dd2-11db-8e1a-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17118cd2-99ca-11db-8f1f-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ddd21d-2ea4-11de-8ca1-00194b88b63b}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622d9d2a-ac00-11dc-b98e-00194b88b63b}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda1393c-8e05-11db-8ef5-4d6564696130}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20195c6-3bf9-11de-8cc5-0016ec52896f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

 

 

======File associations======

 

.inf - open -

.ini - open - notepad.exe %1

.js - edit -

.js - open -

.reg - edit -

.txt - open - notepad.exe %1

.vbs - edit -

 

======List of files/folders created in the last 1 months======

 

2009-06-07 15:50:09 ----D---- C:\WINDOWS\LastGood

2009-06-07 03:25:20 ----A---- C:\WINDOWS\IE4 Error Log.txt

2009-06-07 00:25:55 ----D---- C:\Program Files\Google

2009-06-06 23:52:33 ----D---- C:\rsit

2009-06-06 22:59:16 ----A---- C:\lopR.txt

2009-06-06 22:57:47 ----D---- C:\Lop SD

2009-06-06 09:12:34 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-05 15:50:57 ----D---- C:\HijackThis

2009-06-05 00:01:23 ----A---- C:\WINDOWS\wininit.ini

2009-06-04 23:23:00 ----D---- C:\Program Files\Avira GmbH

2009-05-29 19:36:14 ----D---- C:\Documents and Settings\Aziz\Application Data\Broad Intelligence

2009-05-29 19:36:06 ----D---- C:\Program Files\MediaCoder Mobile Phone Edition

2009-05-28 21:47:56 ----A---- C:\WINDOWS\system32\TweakUI.exe

2009-05-23 08:19:23 ----A---- C:\process.txt

2009-05-23 00:29:13 ----D---- C:\Program Files\VirusSecureLab

2009-05-22 19:02:04 ----A---- C:\WINDOWS\system32\regedit.exe

2009-05-18 12:13:15 ----D---- C:\Program Files\Avira

2009-05-18 12:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-05-10 22:06:27 ----D---- C:\Program Files\Second Backup

 

======List of files/folders modified in the last 1 months======

 

2009-06-07 15:47:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-03 21:47:46 ----A---- C:\Documents and Settings\Aziz\Application Data\ispro3_0.tmp

2009-06-01 00:24:54 ----A---- C:\WINDOWS\NeroDigital.ini

2009-05-26 13:50:16 ----A---- C:\WINDOWS\win.ini

2009-05-26 13:50:16 ----A---- C:\WINDOWS\SYSTEM.INI

2009-05-26 13:50:16 ----A---- C:\BOOT.INI

2009-05-23 01:19:22 ----A---- C:\WINDOWS\wincmd.ini

2009-05-10 22:06:10 ----A---- C:\WINDOWS\iun6002.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]

R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368]

R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PCISys;PCISys; C:\WINDOWS\system32\drivers\pcisys.sys [2008-10-09 39520]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-02 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

R3 gdihook5;gdihook5; C:\WINDOWS\system32\DRIVERS\gdihook5.sys [2008-10-09 31328]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-03-13 47360]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-11-09 10368]

R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []

S2 HF30Sys;HF30Sys; C:\WINDOWS\system32\drivers\HF30Sys.sys []

S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys []

S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys []

S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\WINDOWS\system32\DRIVERS\bcfilter.sys []

S3 BcfilterMP;BcfilterMP; C:\WINDOWS\system32\DRIVERS\bcfilter.sys []

S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []

S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []

S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]

S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Mobile Phone Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 gwiopm;gwiopm; C:\WINDOWS\system32\drivers\gwiopm.sys []

S3 HF30Kbd;HF30Kbd; C:\WINDOWS\system32\drivers\HF30Kbd.sys []

S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 mrlgmrye;mrlgmrye; \??\C:\WINDOWS\system32\0248.tmp []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]

S3 pascczn;pascczn; \??\C:\WINDOWS\system32\0590.tmp []

S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-02 5888]

S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\WNt500x86\Sandra.sys []

S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []

S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []

S3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 9728]

S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2006-02-09 248704]

S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []

S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe [2009-01-15 85184]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]

R2 pvmwinser;pvmwinser; C:\WINDOWS\system32\pvmser.exe [2007-06-21 86016]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2009-02-15 2402184]

S2 gupdate1c9e6fe28128e9a;Service Google Update (gupdate1c9e6fe28128e9a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-07 133104]

S2 zqlcsz.REN;Support Universal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-02 19456]

S3 POMZBVVILXRL;POMZBVVILXRL; C:\Temp\POMZBVVILXRL.exe []

S3 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S3 WGDTMUGZL;WGDTMUGZL; C:\Temp\WGDTMUGZL.exe [2009-06-06 478080]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-02 655624]

S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S4 maconfservice;maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [2008-05-14 576680]

S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe []

S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]

S4 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224]

S4 Second Backup Service;Second Backup Service; C:\Program Files\Second Backup\SecondBackup.exe [2009-01-20 1744896]

S4 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]

S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-05 362240]

S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-12-05 603904]

S4 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------