[Résolu] Défaillance DCOM

grimmy · le 30 janvier 2010

Bonjour à tous ! Je transfère un post que j'ai mis ds la rubrique software et apparemment un zebulonien m'a dit que j'étais infesté et que je devais venir par ici, donc, je remets mon post original ainsi que les logs que j'ai faits avec RSIT.exe

Si qq'un peut me donner un coup de main pour me dire par quoi je suis infesté et comment m'en débarrasser, ce sera vraiment très sympa de votre part !

Lien vers ancien post : http://forum.zebulon.fr/defaillance-dcom-t173160.html

Voilà, j'ai un souci depuis quelques semaines.

J'ai un message d'erreur système qui s'affiche de façon totalement aléatoire m'indiquant :

"Arrêt du système - Le service Lanceur de processus serveur DCOM s'est terminé de manière inattendue. "

Ensuite j'ai le compte à rebours de 60 secondes et le système redémarre.

Alors bien évidemment ceci m'a fait penser à Blast ou Sasser MAIS :

- J'ai XP sp3 (donc faille corrigée en principe dès le SP2)

- Ce n'est pas le service RPC qui est défaillant mais bien DCOM

- J'ai scanné tout le PC : Antivir, Scan en ligne, Ad-Aware, tous mis à jour et ils ne trouvent strictement rien .

Alors pour éviter le reboot, je connaissais deja l'action "Executer - shutdown -a" mais cela ne résout en rien le problème puisque l'erreur peut revenir

J'ai modifié dans les services la réponse en cas de défaillance, c'est à dire qu'au lieu de rebooter le système, j'ai indiquer de redémarrer le service (ca m'évite le shutdown)

Seulement voilà, ca m'énerve d'avoir cette erreur, d'autant plus quej'ai d'autres symptomes qui sont arrivés plus ou moins en même temps, à savoir :

- Des onglets pas des popuup !) publicitaires s'ouvrent avec Firefox (ce qui ne m'arrivait jamais avant)

- MSN impossible de se connecter après l'erreur DCOM (mais bon cela est peut être normal..?)

Enfin voilà, si quelqu'un avait une nouvelle piste à étudier, je suis preneur parce que là je sèche carrément.

merci d'avance !

Les logs RSIT.exe :

Voila les 2 fichiers log : Le 1er c est les fichier info.txt, le second c est le fichier log.txt

Merci de votre aide !

info.txt logfile of random's system information tool 1.06 2010-01-30 12:44:34

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00-->C:\Program Files\InstallShield Installation Information\{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}\setup.exe -runfromtemp -l0x0409

Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"

adsl TV-->C:\Program Files\adslTV\Uninstal.exe

aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"

AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

BitTorrent-->C:\Program Files\BitTorrent\uninst.exe

Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x40c Brunin03.dll -removeonly

CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"

CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr)-->"C:\Program Files\CFWebAdvancedU_BOBTV.FR\Uninstall.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"

chat-land-->"C:\Program Files\chat-land\unins000.exe"

C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe

Code de la Route-->MsiExec.exe /X{A37A26D5-8444-4862-933B-478371D0299D}

Conseiller de mise à niveau vers Windows 7-->MsiExec.exe /I{4983AA07-81D0-4605-BF92-49A343056DC8}

ddali-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\DDali\DeIsL1.isu" -c"C:\Program Files\DDali\_ISREG32.DLL"

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

Dietetik 5.3-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\GLD\Dietetik 5.3\DeIsL1.isu" -c"C:\Program Files\GLD\Dietetik 5.3\_ISREG32.DLL"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EVEREST Ultimate Edition v5.01-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

GigaTribe 3.16-->"C:\Program Files\GigaTribe\unins000.exe"

HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Fabrice\Bureau\Maintenance\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

IsoBuster 2.5.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Kill Process 5.0.0.5 (désinstaller seulement)-->"C:\Program Files\Kill Process\uninstall.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Live Downloader 1-->"C:\Program Files\Live Downloader\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft LifeCam-->MsiExec.exe /X{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}

Microsoft Money-->D:\Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mise à jour pour Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}

Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}

Nokia Music-->MsiExec.exe /I{DC432844-6914-4421-910C-F1B05B3A761C}

Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_fre_web.exe

Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Package de pilotes Windows - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf

Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf

Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}

Phyloboîte version 1.2.0.0 R2-->"C:\Program Files\phyloboite\unins000.exe"

Phylogene V2.5.1-->"C:\INRP\Phylogene\unins000.exe"

Phylogenia v.2.0-->C:\Program Files\Phylogenia v.2.0\Uninstal.exe

play2p-->C:\Program Files\play2p\uninstall.exe

PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}

Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sound Blaster AudioPCI 128-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Creative\CTSND\DeIsL1.isu"

Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9

StartupMonitor-->MsiExec.exe /I{76EFAC4F-1712-401F-B2AE-590B170C9BCE}

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe

The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"

TV Orange 0.94-->"C:\Program Files\TV Orange\unins000.exe"

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Outlook 2007 Junk Email Filter (kb977839)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C568005C-5FC6-4C81-A664-BD136610A931}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u

Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"

WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Zeb-Utility 1.2-->C:\Program Files\Zeb-Utility\Uninstal.exe

=====HijackThis Backups=====

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe [2009-11-21]

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [2009-11-21]

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-21]

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-21]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us [2009-12-19]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us [2009-12-19]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us [2009-12-19]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us [2009-12-19]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s [2009-12-19]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us [2009-12-19]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us [2009-12-19]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ [2009-12-19]

O4 - HKLM\..\Run: [winternet] C:\Documents and Settings\Fabrice\winternet.exe [2009-12-19]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us [2009-12-19]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us [2009-12-19]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us [2009-12-19]

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-12-19]

O4 - HKLM\..\Run: [WebcammaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" -a [2010-01-06]

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_0_0.cab [2010-01-06]

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL [2010-01-06]

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-01-06]

O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Fabrice\scriptjava.html [2010-01-06]

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-01-06]

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-01-06]

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-01-11]

O15 - Trusted Zone: *.chat-land.org [2010-01-21]

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE [2010-01-29]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2010-01-29]

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 [2010-01-29]

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe [2010-01-29]

O4 - S-1-5-21-789336058-329068152-725345543-1005 Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (User '?') [2010-01-29]

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-01-29]

O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe [2010-01-29]

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe [2010-01-29]

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS [2010-01-29]

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe [2010-01-29]

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2010-01-29]

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: SILMARIL-3RQ5TV

Event Code: 7036

Message: Le service Windows Installer est entré dans l'état : arrêté.

Record Number: 12644

Source Name: Service Control Manager

Time Written: 20091229105002.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 7036

Message: Le service Windows Installer est entré dans l'état : en cours d'exécution.

Record Number: 12643

Source Name: Service Control Manager

Time Written: 20091229104938.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Windows Installer.

Record Number: 12642

Source Name: Service Control Manager

Time Written: 20091229104938.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: SILMARIL-3RQ5TV

Event Code: 7034

Message: Le service Client Virtualization Handler s'est terminé de façon inattendue pour la 1ème fois.

Record Number: 12641

Source Name: Service Control Manager

Time Written: 20091229104809.000000+060

Event Type: erreur

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 7036

Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.

Record Number: 12640

Source Name: Service Control Manager

Time Written: 20091229101852.000000+060

Event Type: Informations

User:

=====Application event log=====

Computer Name: SILMARIL-3RQ5TV

Event Code: 301

Message: Windows (1732) Windows: Le moteur de base de données commence la relecture du fichier journal C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS17E8A.log.

Record Number: 3769

Source Name: ESENT

Time Written: 20091226132253.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 301

Message: Windows (1732) Windows: Le moteur de base de données commence la relecture du fichier journal C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS17E89.log.

Record Number: 3768

Source Name: ESENT

Time Written: 20091226132252.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 301

Message: Windows (1732) Windows: Le moteur de base de données commence la relecture du fichier journal C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS17E88.log.

Record Number: 3767

Source Name: ESENT

Time Written: 20091226132250.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 301

Message: Windows (1732) Windows: Le moteur de base de données commence la relecture du fichier journal C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS17E87.log.

Record Number: 3766

Source Name: ESENT

Time Written: 20091226132249.000000+060

Event Type: Informations

User:

Computer Name: SILMARIL-3RQ5TV

Event Code: 301

Message: Windows (1732) Windows: Le moteur de base de données commence la relecture du fichier journal C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS17E86.log.

Record Number: 3765

Source Name: ESENT

Time Written: 20091226132247.000000+060

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)

Run by Fabrice at 2010-01-30 12:44:09

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 37 GB (63%) free of 59 GB

Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:30, on 30/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\WINDOWS\StartupMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

D:\Downloads Firefox\RSIT.exe

C:\Documents and Settings\Fabrice\Bureau\Maintenance\Fabrice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3409FF4-F625-4D06-AEB2-6865BCF01556}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4651 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{FDF23347-F772-48BD-ACD0-6A319E123431}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-14 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]

"nwiz"=nwiz.exe /install []

"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-01-07 1496968]

"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]

"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]

"VX1000"=C:\WINDOWS\vVX1000.exe [2009-06-26 757248]

"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

"Run StartupMonitor"=C:\WINDOWS\StartupMonitor.exe [2000-05-20 86016]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"

"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Downloads Firefox\Pack617Winks\installer\mcoinstall.exe"="D:\Downloads Firefox\Pack617Winks\installer\mcoinstall.exe:*:Enabled:mcoinstall"

"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\Program Files\play2p\play2p.exe"="C:\Program Files\play2p\play2p.exe:*:Disabled:play2p"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Disabled:Teamviewer Remote Control Application"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call"

"C:\WINDOWS\system32\mcoinstall.exe"="C:\WINDOWS\system32\mcoinstall.exe:*:Disabled:mcoinstall"

"D:\Downloads Firefox\mcoview.exe"="D:\Downloads Firefox\mcoview.exe:*:Disabled:mcoview"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live FolderShare"

"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Disabled:Wish Application"

"E:\receptions GT\Emulateur DS + jeux[www.torrent411.com]\desmume_sse2.exe"="E:\receptions GT\Emulateur DS + jeux[www.torrent411.com]\desmume_sse2.exe:*:Disabled:desmume_sse2"

"C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:GigaTribe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01fe0511-4bcb-11de-a6bf-00110965e099}]

shell\AutoRun\command - H:\start.exe

shell\FramaKey\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2b695b-44b6-11de-9163-00110965e099}]

shell\AutoRun\command - nano/bananna.exe

shell\explore\command - nano/bananna.exe

shell\open\command - nano/bananna.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4ad2ad6-8856-11de-a702-00110965e099}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

======List of files/folders created in the last 1 months======

2010-01-30 12:36:06 ----D---- C:\rsit

2010-01-30 08:45:32 ----A---- C:\WINDOWS\imsins.BAK

2010-01-30 08:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-01-29 23:46:58 ----D---- C:\WINDOWS\NV1643460.TMP

2010-01-27 15:41:55 ----D---- C:\Program Files\DDali

2010-01-27 15:41:55 ----A---- C:\WINDOWS\system32\Vbrun300.dll

2010-01-27 15:35:00 ----D---- C:\Program Files\GLD

2010-01-27 15:34:47 ----A---- C:\WINDOWS\unin040c.exe

2010-01-21 01:31:28 ----D---- C:\Documents and Settings\Fabrice\Application Data\QuickScan

2010-01-18 22:59:40 ----D---- C:\Program Files\MSECache

2010-01-13 14:09:47 ----A---- C:\WINDOWS\system32\TweakUI.exe

2010-01-12 18:34:38 ----D---- C:\Documents and Settings\Fabrice\Application Data\Malwarebytes

2010-01-12 18:34:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-01-12 18:34:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-12 08:03:33 ----D---- C:\Program Files\Ad-Remover

2010-01-12 08:00:53 ----A---- C:\TB.txt

2010-01-06 15:17:35 ----D---- C:\WINDOWS\system32\NtmsData

2010-01-04 11:06:27 ----D---- C:\WINDOWS\SxsCaPendDel

======List of files/folders modified in the last 1 months======

2010-01-30 12:43:56 ----SD---- C:\WINDOWS\Tasks

2010-01-30 12:43:46 ----D---- C:\WINDOWS\Temp

2010-01-30 12:42:06 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-30 12:41:47 ----A---- C:\WINDOWS\RTacDbg.txt

2010-01-30 12:41:46 ----D---- C:\WINDOWS

2010-01-30 12:39:33 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-30 11:48:19 ----D---- C:\Program Files\Mozilla Thunderbird

2010-01-30 09:30:37 ----D---- C:\Program Files\Mozilla Firefox

2010-01-30 08:51:01 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-30 08:51:01 ----D---- C:\WINDOWS\system32

2010-01-30 08:51:01 ----D---- C:\WINDOWS\system

2010-01-30 08:49:24 ----D---- C:\WINDOWS\security

2010-01-30 08:46:08 ----HD---- C:\WINDOWS\inf

2010-01-30 08:46:07 ----D---- C:\Program Files\Internet Explorer

2010-01-30 08:45:44 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-30 08:45:02 ----D---- C:\WINDOWS\system32\drivers

2010-01-30 08:44:00 ----D---- C:\WINDOWS\Prefetch

2010-01-30 00:19:43 ----D---- C:\WINDOWS\Help

2010-01-30 00:19:40 ----D---- C:\WINDOWS\nview

2010-01-29 20:29:22 ----D---- C:\WINDOWS\system32\LogFiles

2010-01-29 20:29:21 ----D---- C:\WINDOWS\Debug

2010-01-29 20:09:42 ----D---- C:\Program Files\CFWebAdvancedU

2010-01-27 17:24:25 ----A---- C:\WINDOWS\system32\lsdelete.exe

2010-01-27 15:41:55 ----RD---- C:\Program Files

2010-01-27 15:35:00 ----D---- C:\Program Files\Common Files

2010-01-22 07:15:24 ----D---- C:\Documents and Settings\Fabrice\Application Data\BitTorrent

2010-01-21 12:45:00 ----SHD---- C:\System Volume Information

2010-01-21 12:45:00 ----D---- C:\WINDOWS\system32\Restore

2010-01-20 13:05:19 ----D---- C:\Program Files\Microsoft Silverlight

2010-01-20 08:52:30 ----SHD---- C:\WINDOWS\Installer

2010-01-20 08:52:30 ----SHD---- C:\Config.Msi

2010-01-13 18:00:22 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-01-13 18:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-01-13 09:01:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-01-13 06:51:16 ----D---- C:\WINDOWS\AppPatch

2010-01-09 21:14:09 ----D---- C:\WINDOWS\Registration

2010-01-08 16:28:16 ----A---- C:\Program Files\Fabrice.txt

2010-01-06 15:21:56 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-05 23:30:51 ----D---- C:\WINDOWS\Minidump

2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-04 11:05:52 ----D---- C:\Program Files\Microsoft Office

2010-01-04 11:05:52 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-01-04 11:05:50 ----D---- C:\WINDOWS\system32\wbem

2010-01-04 11:04:55 ----D---- C:\Documents and Settings\Fabrice\Application Data\SoftGrid Client

2010-01-02 20:40:12 ----D---- C:\Documents and Settings\Fabrice\Application Data\CamfrogWEB

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]

R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-07-13 28520]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-05-19 21035]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-08 279712]

R2 CAMTHWDM;WebcamMax, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2009-08-07 1053056]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-20 25888]

R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-07-06 34064]

R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]

R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]

R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]

R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [2007-02-02 306560]

R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]

S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]

S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]

S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]

S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]

S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]

S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]

S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]

S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-27 1181328]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-14 152984]

S3 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-28 3100060]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]

S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

Modifié le 31 janvier 2010 par grimmy

Apollo · le 30 janvier 2010

Bonsoir,

Flanque tes logiciels de P2P aux ordures et tu choperas moins de crasses de ce genre.

Emule et ses petits frères sont des nids à virus; est-ce que cela vaut la peine de mettre tes données en péril si tu chopais Virut, par exemple? Tout ça pour piquer quelques musiques, jeux ou cracks, que sais-je encore?

Télécharge TDSSKiller.zip de Kaspersky et enregistre le sur ton bureau.

Clique droit sur le fichier et choisis Extraire tout.
Un dossier va s'ouvrir à l'écran contenant le fichier TDSSkiller.exe.
Double-clique sur tdsskiller.exe pour le lancer.
Une fenêtre noire va s'ouvrir et le scan va commencer. Laisse le faire sans l'interrompre.
A la fin il te sera demandé d'appuyer sur une touche pour continuer.
Appuie sur une touche du clavier et la fenêtre noire va se fermer.
Double-clique sur Ordinateur puis sur C: et recherche un fichier dont le nom commence par TDSSKiller...
Double-clique dessus pour l'ouvrir et copie-colle l'intégralité de son contenu dans ta prochaine réponse.

@++

grimmy · le 30 janvier 2010

Salut Appolo et merci de te pencher sur mon souci

Voici le log que j ai obtenu , j'espère qu'il te sera utile.

Merci d'avance .

21:29:18:765 1332 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

21:29:18:765 1332 ================================================================================

21:29:18:765 1332 SystemInfo:

21:29:18:765 1332 OS Version: 5.1.2600 ServicePack: 3.0

21:29:18:765 1332 Product type: Workstation

21:29:18:765 1332 ComputerName: SILMARIL-3RQ5TV

21:29:18:765 1332 UserName: Fabrice

21:29:18:765 1332 Windows directory: C:\WINDOWS

21:29:18:765 1332 Processor architecture: Intel x86

21:29:18:765 1332 Number of processors: 2

21:29:18:765 1332 Page size: 0x1000

21:29:18:765 1332 Boot type: Normal boot

21:29:18:765 1332 ================================================================================

21:29:18:781 1332 UnloadDriverW: NtUnloadDriver error 2

21:29:18:781 1332 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

21:29:18:781 1332 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

21:29:18:828 1332 UtilityInit: KLMD drop and load success

21:29:18:828 1332 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

21:29:18:828 1332 UtilityInit: KLMD open success

21:29:18:828 1332 UtilityInit: Initialize success

21:29:18:828 1332

21:29:18:828 1332 Scanning Services ...

21:29:18:828 1332 CreateRegParser: Registry parser init started

21:29:18:828 1332 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

21:29:18:828 1332 CreateRegParser: DisableWow64Redirection error

21:29:18:828 1332 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

21:29:18:828 1332 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

21:29:18:828 1332 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:29:18:828 1332 wfopen_ex: Trying to KLMD file open

21:29:18:828 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

21:29:18:828 1332 wfopen_ex: File opened ok (Flags 2)

21:29:18:828 1332 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 264B20

21:29:18:843 1332 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

21:29:18:843 1332 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

21:29:18:843 1332 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:29:18:843 1332 wfopen_ex: Trying to KLMD file open

21:29:18:843 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

21:29:18:843 1332 wfopen_ex: File opened ok (Flags 2)

21:29:18:843 1332 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 264BC8

21:29:18:843 1332 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

21:29:18:843 1332 CreateRegParser: EnableWow64Redirection error

21:29:18:843 1332 CreateRegParser: RegParser init completed

21:29:19:312 1332 GetAdvancedServicesInfo: Raw services enum returned 368 services

21:29:19:312 1332 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

21:29:19:312 1332 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

21:29:19:312 1332

21:29:19:312 1332 Scanning Kernel memory ...

21:29:19:312 1332 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

21:29:19:312 1332 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86690A08

21:29:19:312 1332 DetectCureTDL3: KLMD_GetDeviceObjectList returned 7 DevObjects

21:29:19:312 1332

21:29:19:312 1332 DetectCureTDL3: DEVICE_OBJECT: 863E6BD0

21:29:19:312 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863E6BD0

21:29:19:312 1332 KLMD_ReadMem: Trying to ReadMemory 0x863E6BD0[0x38]

21:29:19:312 1332 DetectCureTDL3: DRIVER_OBJECT: 86690A08

21:29:19:312 1332 KLMD_ReadMem: Trying to ReadMemory 0x86690A08[0xA8]

21:29:19:312 1332 KLMD_ReadMem: Trying to ReadMemory 0xE15A7E90[0x18]

21:29:19:312 1332 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

21:29:19:312 1332 DetectCureTDL3: IrpHandler (0) addr: F7894BB0

21:29:19:312 1332 DetectCureTDL3: IrpHandler (1) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (2) addr: F7894BB0

21:29:19:312 1332 DetectCureTDL3: IrpHandler (3) addr: F788ED1F

21:29:19:312 1332 DetectCureTDL3: IrpHandler (4) addr: F788ED1F

21:29:19:312 1332 DetectCureTDL3: IrpHandler (5) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (6) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (7) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler ( addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (9) addr: F788F2E2

21:29:19:312 1332 DetectCureTDL3: IrpHandler (10) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (11) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (12) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (13) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (14) addr: F788F3BB

21:29:19:312 1332 DetectCureTDL3: IrpHandler (15) addr: F7892F28

21:29:19:312 1332 DetectCureTDL3: IrpHandler (16) addr: F788F2E2

21:29:19:312 1332 DetectCureTDL3: IrpHandler (17) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (18) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (19) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (20) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (21) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (22) addr: F7890C82

21:29:19:312 1332 DetectCureTDL3: IrpHandler (23) addr: F789599E

21:29:19:312 1332 DetectCureTDL3: IrpHandler (24) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (25) addr: 804F6739

21:29:19:312 1332 DetectCureTDL3: IrpHandler (26) addr: 804F6739

21:29:19:312 1332 TDL3_FileDetect: Processing driver: Disk

21:29:19:312 1332 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:312 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:343 1332 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

21:29:19:343 1332

21:29:19:343 1332 DetectCureTDL3: DEVICE_OBJECT: 86327AB8

21:29:19:343 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86327AB8

21:29:19:343 1332 DetectCureTDL3: DEVICE_OBJECT: 865E2AE0

21:29:19:343 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865E2AE0

21:29:19:343 1332 KLMD_ReadMem: Trying to ReadMemory 0x865E2AE0[0x38]

21:29:19:343 1332 DetectCureTDL3: DRIVER_OBJECT: 86448030

21:29:19:343 1332 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

21:29:19:343 1332 KLMD_ReadMem: Trying to ReadMemory 0xE100F070[0x1E]

21:29:19:343 1332 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

21:29:19:343 1332 DetectCureTDL3: IrpHandler (0) addr: EED2A218

21:29:19:343 1332 DetectCureTDL3: IrpHandler (1) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (2) addr: EED2A218

21:29:19:343 1332 DetectCureTDL3: IrpHandler (3) addr: EED2A23C

21:29:19:343 1332 DetectCureTDL3: IrpHandler (4) addr: EED2A23C

21:29:19:343 1332 DetectCureTDL3: IrpHandler (5) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (6) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (7) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler ( addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (9) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (10) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (11) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (12) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (13) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (14) addr: EED2A180

21:29:19:343 1332 DetectCureTDL3: IrpHandler (15) addr: EED259E6

21:29:19:343 1332 DetectCureTDL3: IrpHandler (16) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (17) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (18) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (19) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (20) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (21) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (22) addr: EED295F0

21:29:19:343 1332 DetectCureTDL3: IrpHandler (23) addr: EED27A6E

21:29:19:343 1332 DetectCureTDL3: IrpHandler (24) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (25) addr: 804F6739

21:29:19:343 1332 DetectCureTDL3: IrpHandler (26) addr: 804F6739

21:29:19:343 1332 KLMD_ReadMem: Trying to ReadMemory 0xEED26F26[0x400]

21:29:19:343 1332 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

21:29:19:343 1332 TDL3_FileDetect: Processing driver: USBSTOR

21:29:19:343 1332 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:29:19:343 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:29:19:390 1332 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

21:29:19:390 1332

21:29:19:390 1332 DetectCureTDL3: DEVICE_OBJECT: 86682030

21:29:19:390 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86682030

21:29:19:390 1332 KLMD_ReadMem: Trying to ReadMemory 0x86682030[0x38]

21:29:19:390 1332 DetectCureTDL3: DRIVER_OBJECT: 86690A08

21:29:19:390 1332 KLMD_ReadMem: Trying to ReadMemory 0x86690A08[0xA8]

21:29:19:390 1332 KLMD_ReadMem: Trying to ReadMemory 0xE15A7E90[0x18]

21:29:19:390 1332 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

21:29:19:390 1332 DetectCureTDL3: IrpHandler (0) addr: F7894BB0

21:29:19:390 1332 DetectCureTDL3: IrpHandler (1) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (2) addr: F7894BB0

21:29:19:390 1332 DetectCureTDL3: IrpHandler (3) addr: F788ED1F

21:29:19:390 1332 DetectCureTDL3: IrpHandler (4) addr: F788ED1F

21:29:19:390 1332 DetectCureTDL3: IrpHandler (5) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (6) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (7) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler ( addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (9) addr: F788F2E2

21:29:19:390 1332 DetectCureTDL3: IrpHandler (10) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (11) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (12) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (13) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (14) addr: F788F3BB

21:29:19:390 1332 DetectCureTDL3: IrpHandler (15) addr: F7892F28

21:29:19:390 1332 DetectCureTDL3: IrpHandler (16) addr: F788F2E2

21:29:19:390 1332 DetectCureTDL3: IrpHandler (17) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (18) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (19) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (20) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (21) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (22) addr: F7890C82

21:29:19:390 1332 DetectCureTDL3: IrpHandler (23) addr: F789599E

21:29:19:390 1332 DetectCureTDL3: IrpHandler (24) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (25) addr: 804F6739

21:29:19:390 1332 DetectCureTDL3: IrpHandler (26) addr: 804F6739

21:29:19:390 1332 TDL3_FileDetect: Processing driver: Disk

21:29:19:390 1332 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:390 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:406 1332 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

21:29:19:406 1332

21:29:19:406 1332 DetectCureTDL3: DEVICE_OBJECT: 8675BC68

21:29:19:406 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8675BC68

21:29:19:406 1332 KLMD_ReadMem: Trying to ReadMemory 0x8675BC68[0x38]

21:29:19:406 1332 DetectCureTDL3: DRIVER_OBJECT: 86690A08

21:29:19:406 1332 KLMD_ReadMem: Trying to ReadMemory 0x86690A08[0xA8]

21:29:19:406 1332 KLMD_ReadMem: Trying to ReadMemory 0xE15A7E90[0x18]

21:29:19:406 1332 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

21:29:19:406 1332 DetectCureTDL3: IrpHandler (0) addr: F7894BB0

21:29:19:406 1332 DetectCureTDL3: IrpHandler (1) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (2) addr: F7894BB0

21:29:19:406 1332 DetectCureTDL3: IrpHandler (3) addr: F788ED1F

21:29:19:406 1332 DetectCureTDL3: IrpHandler (4) addr: F788ED1F

21:29:19:406 1332 DetectCureTDL3: IrpHandler (5) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (6) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (7) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler ( addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (9) addr: F788F2E2

21:29:19:406 1332 DetectCureTDL3: IrpHandler (10) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (11) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (12) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (13) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (14) addr: F788F3BB

21:29:19:406 1332 DetectCureTDL3: IrpHandler (15) addr: F7892F28

21:29:19:406 1332 DetectCureTDL3: IrpHandler (16) addr: F788F2E2

21:29:19:406 1332 DetectCureTDL3: IrpHandler (17) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (18) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (19) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (20) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (21) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (22) addr: F7890C82

21:29:19:406 1332 DetectCureTDL3: IrpHandler (23) addr: F789599E

21:29:19:406 1332 DetectCureTDL3: IrpHandler (24) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (25) addr: 804F6739

21:29:19:406 1332 DetectCureTDL3: IrpHandler (26) addr: 804F6739

21:29:19:406 1332 TDL3_FileDetect: Processing driver: Disk

21:29:19:406 1332 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:406 1332 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

21:29:19:406 1332 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

21:29:19:406 1332

21:29:19:406 1332 DetectCureTDL3: DEVICE_OBJECT: 8668A9F0

21:29:19:406 1332 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8668A9F0

21:29:19:406 1332 KLMD_ReadMem: Trying to ReadMemory 0x8668A9F0[0x38]