Infection par "AntiSpyware Soft", un de plus :/

[Lewled]

Bonjour a tous, voila je surfais sur le net tranquillement quand j'ai été averti d'un virus, puis Avira s'est fermé, et le programme "Antispyware Soft" s'est lancé, ne voulant pas se fermer.

J'ai vite senti l'embrouille et j'ai commencé a chercher un peu des solutions, et j'ai trouvé ce forum.

Vu que pour chaque personne vous faites une réponse perso en fonction de ses analyses HJT etc, je me permet d'ouvrir un nouveau sujet.

 

Donc j'ai réussi a pouvoir lancer l'ordinateur sans me faire harasser par ce virus de m*rde en lancant le task manager tres rapidement et en arretant tous les processus qui me semblaient suspects (et depuis 5 mn le virus s'est toujours pas lancé), et j'ai pu faire mon analyse HTJ que voici :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:26:29, on 08/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\DOCUME~1\AFP\LOCALS~1\Temp\Qzl.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-service.exe

C:\Program Files\Agence France-Presse\AfpNetwork-Service\afpnetwork-service.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\AFP\LOCALS~1\Temp\win32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Xobni\XobniService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Agence France-Presse (v1.0)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll

O2 - BHO: C:\WINDOWS\system32\j89t6och4.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\j89t6och4.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)

O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TvOutSwitch] C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck

O4 - HKLM\..\Run: [ezLife] rundll32 "pkznixsa.dll",,Run

O4 - HKLM\..\Run: [uvwqbsty] C:\Documents and Settings\AFP\Local Settings\Application Data\fwnngsxvr\ejwfyhntssd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\AFP\LOCALS~1\Temp\Qzl.exe

O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\AFP\LOCALS~1\Temp\win32.exe

O4 - HKCU\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\DOCUME~1\AFP\LOCALS~1\Temp\rp1yfb025.exe

O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOCUME~1\AFP\LOCALS~1\Temp\kvps2p.dll, RestoreWindows

O4 - HKCU\..\Run: [uvwqbsty] C:\Documents and Settings\AFP\Local Settings\Application Data\fwnngsxvr\ejwfyhntssd.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: AfpDico-Status.lnk = C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra buttone: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

 

--

End of file - 14722 bytes

 

Pour info, quand le virus marche, je peux lancer AUCUN .exe, je peux pas faire de restauration de systeme, ni de copier coller.

De plus, le pc a un dual boot linux, si jamais ca peut aider, de passer par linux pour éradiquer le virus, peut etre est il bon de le préciser.

Enfin je ne peux pas lancer de logiciel en administrateur puisque je n'ai pas le mot de passe admin (si ça peut se changer au démarrage alors ça peut s'arranger, sinon non.

 

 

Merci d'avance

 

EDIT: ah oui et même en ayant le virus non actif, je ne peux pas faire de restauration sysème:

 

"La restauration du système à été mise hors tenstion par la stratégie de groupe. Pour mettre la restauration du système sous tension, contactez votre administrateur de domaine.

 

EDIT2: Je pensais a supprimer ça : C:\Documents and Settings\AFP\Local Settings\Application Data\fwnngsxvr\ejwfyhntssd.exe, je peux le faire manuellement mais pour les registre, quand je fais regedit ca me dit "la modification du registre a été désactivée par votre administrateur", bref je suis bloqué, a moins qu'une simple délétion dans la corbeille suffise (m'étonnerait)?

mcexecwin.exe me parait suspect aussi..

 

J'ai aussi fait une analyse Spybot S&D + corrigé les erreurs trouvées, meme si ca m'a pas l'air d'avoir fait grand chose.

Modifié le 8 mai 2010 par Lewled

[Apollo]

Bonjour,

 

Sacrée infection que voilà.

 

On attaque les bébêtes:

 

1) Télécharge TDSSKiller.zip de Kaspersky sur ton bureau.

 

Décompresse-le. (clic droit/extraire ici).

 

Ouvre le dossier si la décompression a donné un répertoire TDSSKiller.

 

Double-clique sur TDSSKiller.exe

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Si un reboot est demandé, accepter en tapant Y (yes) et valider avec Enter.

 

NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

Hidden service detected: nom du service caché:

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

,

 

tape delete et valide par la touche Enter.

 

Il y aura un rapport TDSSKiller.txt sur le C:\

Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse.

 

--------------------------------

2) Étape 1: rkill (de Grinler), téléchargement

Télécharger rkill depuis l'un des liens ci-dessous:

 

Lien 1

Lien 2

Lien 3

Lien 4

 

Enregistrer le fichier sur le Bureau.

 

 

Étape 2: Pas de processus de contrôle en temps réel

Désactiver le module résident de l'antivirus et celui de l'antispyware.

 

 

Étape 3: rkill (de Grinler), exécution

Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

 

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

 

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

 

Le rapport se trouve sous C:\rkill/txt --> Poste-le stp.

 

-----------------------------

3) Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
   
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

-------------------------------

4) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log Hijackthis stp.

 

@++

[Lewled]

Bonjour, et merci de ta réponse.

 

J\'ai donc fait tout ce que tu m\'as dit, mais au reboot avec TDSKiller j\'ai du reboot avec la \"last known configuration that worked\", l\'oridnateur refusait de démarrer autrement

 

Rapport rkill:

This log file is located at C:\\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as AFP on 08/05/2010 at 11:18:46.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\\DOCUME~1\\AFP\\LOCALS~1\\Temp\\win32.exe

C:\\Documents and Settings\\AFP\\Desktop\\rkill.scr

 

 

Rkill completed on 08/05/2010 at 11:18:55.

 

Rapport MBAM :

 

Malwarebytes\' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4076

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

 

08/05/2010 12:48:14

mbam-log-2010-05-08 (12-48-14).txt

 

Type d\'examen: Examen complet (C:\\|D:\\|)

Elément(s) analysé(s): 309821

Temps écoulé: 1 heure(s), 22 minute(s), 40 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 24

Valeur(s) du Registre infectée(s): 7

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 9

Fichier(s) infecté(s): 13

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\\Documents and Settings\\AFP\\Local Settings\\Temp\\kvps2p.dll (Trojan.Ertfor) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\CLSID\\{d98ca81a-285e-4b57-b229-2b45d500787f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{d98ca81a-285e-4b57-b229-2b45d500787f} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\CLSID\\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\AppID\\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\AppID\\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\CLSID\\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\CLSID\\{ef3754c4-13db-89f7-6a0d-4a6839b6dbe9} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{ef3754c4-13db-89f7-6a0d-4a6839b6dbe9} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\Software\\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler\\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\uvwqbsty (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us'>http://www.cherche.us) Good: (http://www.google.com'>http://www.google.com) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\\Program Files\\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\\Program Files\\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.

C:\\Program Files\\Smart-Ads-Solutions\\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.

C:\\Program Files\\Smart-Ads-Solutions\\SmartAds\\1.5.5.0 (Adware.SmartAds) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Application Data\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Application Data\\ezLife\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\Program Files\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\Program Files\\ezLife\\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\Program Files\\ezLife\\ezLife\\1.5.5.0 (Adware.EzLife) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\\Documents and Settings\\AFP\\Local Settings\\Application Data\\kcaqkew_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Local Settings\\Application Data\\kcaqkew_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Local Settings\\Application Data\\kcaqkew.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Local Settings\\Temp\\kvps2p.dll (Trojan.Ertfor) -> Delete on reboot.

C:\\Documents and Settings\\AFP\\Local Settings\\Temp\\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\\WINDOWS\\system32\\pkznixsa.dll (Adware.EZlife) -> Quarantined and deleted successfully.

C:\\WINDOWS\\system32\\oijysnhrvgvltu.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\\WINDOWS\\system32\\drivers\\imsbap.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\\Program Files\\Smart-Ads-Solutions\\SmartAds\\1.5.5.0\\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Application Data\\ezLife\\ezLife\\log.xml (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\Program Files\\ezLife\\ezLife\\1.5.5.0\\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.

C:\\WINDOWS\\Tasks\\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\\Documents and Settings\\AFP\\Local Settings\\Temp\\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

J\'ai donc fait tout ce que tu m\'as dit, mais au reboot avec TDSKiller j\'ai du reboot avec la \"last known configuration that worked\", l\'oridnateur refusait de démarrer autrement

 

Et enfin le nouveau HJT :

 

// voir message suivant //

 

Il faut aussi savoir qu'au démarrage j'avais ça qui s'affichait :

http://gparted.sourceforge.net/larry/resiz...-livecd08-b.gif

 

Je l'ai annulé a chaque fois vu que j'ai peur que ca vienne du virus, mais après le reboot qui a suivi la correction MBAM il ne s'est pas affiché.

 

Sinon, meme s'il est surement encore présent, la seule chose apparente qui change a avant le virus est que je ne peux toujours pas faire de restauration systeme;

 

Encore merci,

Modifié le 8 mai 2010 par Lewled

[Lewled]

edit: j'ai un probleme avec le rapport HJT, ça me dit erreur de chargement de la page quand je le post

 

edit2: en fait ca a l'air de marcher quand je supprime les lignes O16, tu les veux en PM?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55:48, on 08/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-service.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Xobni\XobniService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Agence France-Presse (v1.0)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)

O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TvOutSwitch] C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\Paint.exe" -autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: AfpDico-Status.lnk = C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.chat-land.org

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A0FC8DE-11AC-43FE-B755-56B9B430EC23}: Domain = afp.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = afp.local,par.afp.com,afp.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = afp.local,par.afp.com,afp.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = afp.local,par.afp.com,afp.com

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = afp.local,par.afp.com,afp.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = afp.local,par.afp.com,afp.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: FJWSEL - C:\WINDOWS\SYSTEM32\FJWSWNP.dll

O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll

O23 - Service: Afp - Service local des données communes (AfpDico-Service) - Agence France-Presse - C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-service.exe

O23 - Service: Afp - Supervision des connexions réseau AFP (AfpNetwork-Service) - Agence France-Presse - C:\Program Files\Agence France-Presse\AfpNetwork-Service\afpnetwork-service.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - Unknown owner - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

 

--

End of file - 13293 bytes

Modifié le 8 mai 2010 par Lewled

[Apollo]

Re,

 

Télécharge Navilog1 (par IL-MAFIOSO) Enregistre-le sur ton bureau.

 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

 

Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, double-clique sur le raccourci Navilog1 présent sur le bureau.

 

Laisse-toi guider. Appuie sur une touche quand on te le demande.

Au menu principal, choisis 1 et valide.

 

< Ne fais pas le choix 2 >

 

Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.

Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.

 

Patiente jusqu'au message "Scan terminé le......"

Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.

Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.

 

PS : le rapport est aussi sauvegardé à la racine du disque dur C:\cleannavi.txt

 

---------------------

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
   
  Important :
  * Sous Vista : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
   
  * Sous Windows 7 : Il faut mettre le fichier RSIT.exe sur le bureau, faire un clic droit dessus et dans Propriétés, onglet Compatibilité, cocher la case "Exécuter ce programme en mode compatibilité pour" et dans le menu choisir Vista SP2 et la case dans Niveau de privilège.
  Valide par Appliquer.
   
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

 

@++

[Lewled]

Re,

 

rapport NAvilog :

 

Fix Navipromo version 4.0.8 commencé le 08/05/2010 13:10:41,93

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

 

Outil exécuté depuis C:\navilog1

 

Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T7700 @ 2.40GHz )

BIOS : Version 1.14

USER : AFP ( Administrator )

BOOT : Normal boot

 

Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)

 

 

C:\ (Local Disk) - NTFS - Total:36 Go (Free:3 Go)

D:\ (Local Disk) - NTFS - Total:87 Go (Free:12 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

 

Recherche executée en mode normal

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

 

 

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\AFP\locals~1\Temp effectué !

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

Certificat OOO-Favorit supprimé !

 

 

*** Scan terminé 08/05/2010 13:15:44,46 ***

 

 

RSIT :

 

log.txt

Logfile of random's system information tool 1.07 (written by random/random)

Run by AFP at 2010-05-08 13:18:17

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 3 GB (8%) free of 37 GB

Total RAM: 3326 MB (81% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Norton Security Scan for AFP.job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{A0FA75ED-A417-42B1-B6B3-DB8A1B18992E}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]

{7c5c0f58-e061-457d-9033-77307f5ed00c} - Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor0.dll [2010-02-25 2349080]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AirCardEnabler"= []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]

"nwiz"=nwiz.exe /install []

"TvOutSwitch"=C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe [2006-08-02 81920]

"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]

"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]

"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]

"WatcherHelper"=C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [2007-03-28 114688]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-12 16125440]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2005-05-09 1658080]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-03-12 69632]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

"mspaint"=C:\WINDOWS\system32\Paint.exe [2010-02-20 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87sdhfush87fsufhuie3fddf]

C:\DOCUME~1\AFP\LOCALS~1\Temp\rp1yfb025.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]

C:\Program Files\Livestream Procaster\Procaster.exe [2009-12-17 6477088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

C:\DOCUME~1\AFP\LOCALS~1\Temp\kvps2p.dll, RestoreWindows []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Program Files\Steam\Steam.exe -silent []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

C:\WINDOWS\INSTAL~1\{17613~1\ICON3E~1.ICO [2008-04-22 6144]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

AfpDico-Status.lnk - C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\FJWSEL]

C:\WINDOWS\system32\FJWSWNP.dll [2006-06-29 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSUTY]

C:\WINDOWS\system32\PSUWNP.dll [2006-06-02 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"Btn_Home"=0

"Btn_Fullscreen"=0

"Btn_Tools"=0

"Btn_Print"=0

"Btn_Edit"=0

"Btn_Cut"=0

"Btn_Copy"=0

"Btn_Paste"=0

"Btn_Encoding"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoMSAppLogo5ChannelNotify"=

"NoToolbarCustomize"=

"NoBandCustomize"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

""=""

"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"D:\Dragon Age\bin_ship\daorigins.exe"="D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu"

"D:\Dragon Age\DAOriginsLauncher.exe"="D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur"

"D:\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour"

"D:\PES 2010\pes2010.exe"="D:\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"

"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"

"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"

"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"

"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"

"D:\Opera\opera.exe"="D:\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"D:\opera.exe"="D:\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======File associations======

 

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2010-05-08 13:18:17 ----D---- C:\rsit

2010-05-08 13:10:41 ----A---- C:\cleannavi.txt

2010-05-08 13:10:03 ----D---- C:\Program Files\navilog1

2010-05-08 13:10:03 ----AD---- C:\Navilog1

2010-05-08 11:22:29 ----D---- C:\Documents and Settings\AFP\Application Data\Malwarebytes

2010-05-08 11:04:37 ----A---- C:\TDSSKiller.2.2.8.1_08.05.2010_11.04.37_log.txt

2010-05-08 01:25:11 ----D---- C:\Program Files\Trend Micro

2010-05-08 00:53:27 ----D---- C:\32788R22FWJFW

2010-05-08 00:50:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-05-08 00:50:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-05-08 00:40:53 ----A---- C:\WINDOWS\system32\jopshxixptorepugv.exe

2010-05-08 00:40:42 ----A---- C:\WINDOWS\Qsibua.exe

2010-05-06 10:55:03 ----D---- C:\Documents and Settings\AFP\Application Data\KVIrc

2010-05-03 01:06:14 ----A---- C:\WINDOWS\system32\qnnqsfgx.dll

2010-05-01 10:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever

2010-04-24 21:40:50 ----D---- C:\Documents and Settings\AFP\Application Data\Downloaded Installations

2010-04-24 20:43:53 ----D---- C:\Documents and Settings\AFP\Application Data\Ubisoft

2010-04-24 11:57:46 ----D---- C:\Program Files\Ubisoft

2010-04-20 22:10:44 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-04-16 16:21:52 ----D---- C:\Program Files\Common Files\DESIGNER

2010-04-15 15:29:43 ----D---- C:\Program Files\Perfect World France

2010-04-15 10:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB976323$

2010-04-15 10:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 10:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-15 10:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$

2010-04-15 10:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 10:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-15 10:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-15 10:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-12 18:52:15 ----A---- C:\Program Files\Exiferupdate.ini

2010-04-12 18:47:18 ----D---- C:\Program Files\Exifer

2010-04-10 22:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

 

======List of files/folders modified in the last 1 months======

 

2010-05-08 13:16:27 ----D---- C:\WINDOWS\Temp

2010-05-08 13:16:10 ----D---- C:\WINDOWS\Prefetch

2010-05-08 13:15:11 ----D---- C:\Program Files\Common Files\Akamai

2010-05-08 13:14:56 ----D---- C:\WINDOWS\system32\inetsrv

2010-05-08 13:12:56 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-08 13:10:03 ----D---- C:\Program Files

2010-05-08 12:55:56 ----D---- C:\WINDOWS\system32

2010-05-08 12:55:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-05-08 12:50:11 ----D---- C:\WINDOWS\system32\drivers

2010-05-08 12:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$

2010-05-08 12:48:14 ----SD---- C:\WINDOWS\Tasks

2010-05-08 11:14:33 ----D---- C:\WINDOWS

2010-05-08 11:03:46 ----D---- C:\Documents and Settings\AFP\Application Data\mIRC

2010-05-08 05:33:31 ----D---- C:\Program Files\Warcraft III

2010-05-08 04:34:12 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-08 04:23:57 ----D---- C:\Program Files\mIRC

2010-05-08 04:21:01 ----D---- C:\Documents and Settings\AFP\Application Data\vlc

2010-05-08 02:52:05 ----D---- C:\WINDOWS\Registration

2010-05-08 02:36:23 ----SHD---- C:\WINDOWS\Installer

2010-05-08 02:36:23 ----HD---- C:\Config.Msi

2010-05-08 02:36:20 ----D---- C:\WINDOWS\WinSxS

2010-05-08 02:28:48 ----A---- C:\WINDOWS\wininit.ini

2010-05-08 02:01:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-08 01:54:19 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-05-08 01:08:55 ----SHD---- C:\System Volume Information

2010-05-08 01:08:20 ----SHD---- C:\WINDOWS\CSC

2010-05-08 00:41:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-05-08 00:29:10 ----A---- C:\WINDOWS\NeroDigital.ini

2010-05-06 20:12:14 ----D---- C:\Program Files\CamStudio

2010-05-06 16:11:03 ----D---- C:\Program Files\Garena

2010-05-06 10:07:31 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

2010-05-06 10:07:28 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-05-04 23:31:00 ----D---- C:\Documents and Settings\AFP\Application Data\Skype

2010-05-04 22:08:21 ----D---- C:\Documents and Settings\AFP\Application Data\skypePM

2010-05-04 15:25:33 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

2010-05-02 13:37:00 ----D---- C:\Program Files\Heroes of Newerth

2010-05-01 10:34:29 ----D---- C:\WINDOWS\system32\DirectX

2010-05-01 10:34:28 ----RSD---- C:\WINDOWS\assembly

2010-05-01 02:31:24 ----D---- C:\Documents and Settings\AFP\Application Data\FileZilla

2010-04-24 12:09:15 ----HD---- C:\WINDOWS\inf

2010-04-24 11:57:46 ----HD---- C:\Program Files\InstallShield Installation Information

2010-04-24 00:11:10 ----D---- C:\WINDOWS\Debug

2010-04-16 19:34:16 ----D---- C:\Program Files\Google

2010-04-16 16:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-04-16 16:22:04 ----RSD---- C:\WINDOWS\Fonts

2010-04-16 16:22:01 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-04-16 16:21:52 ----D---- C:\Program Files\Common Files

2010-04-15 10:29:00 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-11 08:38:37 ----D---- C:\Program Files\Mozilla Firefox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-03-04 79424]

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-23 21393]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-24 281760]

R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-24 25888]

R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-09 130432]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-02-01 250776]

R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-07 22560]

R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-12 4486144]

R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-04-02 1952032]

R3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2007-02-07 66848]

R3 LVUVC;WebCam(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-07 1939360]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6345472]

R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2007-05-22 95616]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-09 193120]

R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 az98yo76;az98yo76; C:\WINDOWS\system32\drivers\az98yo76.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 Cpmt;Cisco Media Termination; C:\WINDOWS\System32\Drivers\Cpmt.sys []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]

S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\AFP\LOCALS~1\Temp\HMJC77.tmp []

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2007-05-22 95616]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swnc8u32.sys [2007-03-12 102272]

S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []

S3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swumx32.sys [2007-03-12 72576]

S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]

S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]

S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]

S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]

S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-24 41856]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]

S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]

S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AfpDico-Service;Afp - Service local des données communes; C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-service.exe [2007-01-05 409600]

R2 AfpNetwork-Service;Afp - Supervision des connexions réseau AFP; C:\Program Files\Agence France-Presse\AfpNetwork-Service\afpnetwork-service.exe [2007-01-09 39424]

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]

R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]

R2 O2Flash;O2Flash Memory Service; C:\WINDOWS\system32\o2flash.exe [2007-05-22 57344]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-12-08 55016]

S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]

S2 LvIBTSvr;Logitech IBT Service; C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-04-02 105248]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-09-27 69120]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-06-16 68096]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-19 3474384]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

info.txt:

 

info.txt logfile of random's system information tool 1.06 2010-05-08 13:18:23

 

======Uninstall list======

 

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

adsl TV-->C:\Program Files\adslTV\Uninstal.exe

Advanced WarCraft3 Configurator (remove only)-->"C:\Program Files\AWC\uninstall.exe"

AfpNetwork-Service - Ver 1.0.2-->"C:\Program Files\Agence France-Presse\AfpNetwork-Service\uninstall.exe"

Agere Systems HDA Modem-->agrsmdel

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe

Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe

ANIMATED MAHJONGG-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Girosoft\ANIMATED MAHJONGG\DeIsL1.isu" -c"C:\Program Files\Girosoft\ANIMATED MAHJONGG\_ISREG32.DLL"

ANNO 1404 (Demo)-->"C:\Program Files\InstallShield Installation Information\{712538AF-06AE-4F7F-B246-617034495FE6}\setup.exe" -runfromtemp -l0x040c -removeonly

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Argos-->MsiExec.exe /I{298EE468-5F5A-47F0-9C6B-1263030534DC}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe

Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"

CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"

Canon CanoScan Toolbox 5.0-->"C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini

Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini

Canon MX310 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x000c

Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CanoScan 8600F-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804 /L0x000c

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Cisco Systems VPN Client 4.8.02.0010-->MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}

Commandos, Beyond the Call of Duty-->MsiExec.exe /I{2D05C432-0B5A-4D4E-ADEC-E76242AB5667}

Console AFP - Ver 8.1.3-->"C:\Program Files\Agence France-Presse\Console AFP\uninstall.exe"

ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Enregistrement utilisateur de Canon MX310 series-->C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXE

Exifer-->"C:\Program Files\Exifer\unins000.exe"

FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Fraps-->"C:\Fraps\uninstall.exe"

Fujitsu Display Manager-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FCCDD334-D813-4FD7-B3F7-F5410EB90EB1}

Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{272979FC-6D4A-4C25-B71A-32DD4974A022}\setup.exe"

Fujitsu System Extension Utility-->C:\Program Files\InstallShield Installation Information\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}\setup.exe -runfromtemp -l0x0409

Fujitsu WebCam-->MsiExec.exe /X{36795A4D-7DC7-448A-BBF3-7F587E0331A8}

Garena-->C:\Program Files\Garena\uninst.exe

Gex: Enter The Gecko-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Crystal Dynamics\gex23dfx\Uninst.isu"

GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1064\Installer\setup.exe" --uninstall --system-level

Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}

Heroes of Newerth-->D:\Heroes Of Newerth\uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Holdem Indicator 1.8.5-->"C:\Program Files\Holdem Indicator\unins000.exe"

Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel® PRO Network Connections Drivers-->Prounstl.exe

Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe

IPTCExt 1.1 by Ben Peart-->"C:\WINDOWS\system32\unins000.exe"

Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

KVIrc-->"D:\KVIrc\uninstall.exe"

LaserTank-->C:\Program Files\LaserTank\uninstall.exe

League of Legends-->"C:\Program Files\League of Legends\unins000.exe"

Livestream Procaster-->MsiExec.exe /I{5A88C46B-C38D-48C6-BE6D-BBC92BC30DAA}

Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"

MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Project Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJSTD /dll OSETUP.DLL

Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL

Microsoft Office Visio Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISSTD /dll OSETUP.DLL

Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}

mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

Monster Trux Extreme - Offroad Edition-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{09F55~1\Setup.exe /remove /q0

Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe

Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{22563C5A-6C62-4AA6-9C62-E451153F69BE}_2_0_1\NSSSetup.exe" /X

Norton Security Scan-->MsiExec.exe /X{22563C5A-6C62-4AA6-9C62-E451153F69BE}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}

O2Micro Flash Memory Card Windows Driver-->C:\Program Files\InstallShield Installation Information\{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}\setup.exe -runfromtemp -l0x0409

O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8B993121-CF5C-43C0-9296-0C1B7F515B27} /l1033

Opera 10.53-->MsiExec.exe /X{70312451-0D00-4A84-B9B1-0D59B5180A4F}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

OZ711 SCR Driver V3.0.1.2-->C:\Program Files\InstallShield Installation Information\{E2BFAD76-5282-48EE-81B1-73AA08BDABDA}\setup.exe -runfromtemp -l0x0409

Performance Solution Hotrevenue-->C:\WINDOWS\system32\jopshxixptorepugv.exe

PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net

Power Saving Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{79821CAD-999C-443D-B420-96F914C84E27}

PowerDVD SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\CTOR.DLL,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}

ProjectX 0.90.4.00-->C:\Program Files\ProjectX_0.90.4.00\Uninstall.exe

RescuePRO™ 3.0-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO™\irunin.ini

ResEx 1.2-->"C:\Program Files\ResEx\unins000.exe"

Rollcage Stage II-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Psygnosis\Rollcage Stage II\Uninst.isu"

Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"

Savage 2 - A Tortured Soul-->D:\Savage 2\uninstall.exe

ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}

screensaver-->C:\WINDOWS\system32\screensaver.scr /u

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB939373)-->"C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"

Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB976323)-->"C:\WINDOWS\$NtUninstallKB976323$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Shock Sensor Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}

Sierra Wireless 3G Watcher-->MsiExec.exe /I{3A573687-96F9-41EA-9D57-CB631D6D50EE}

Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}

Spirit - Stallion of the Cimarron Screen Saver-->C:\WINDOWS\Spirit - Stallion of the Cimarron.scr /u

Spotify-->"C:\Program Files\Spotify\uninstall.exe"

StarCraft II bêta-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft II bêta (4)\Uninstall.exe

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Street Fighter IV-->"D:\Street Fighter IV\Uninstall\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"

TmNationsForever-->"D:\TmNationsForever\unins000.exe"

Tony Hawk's Pro Skater 3®-->C:\PROGRA~1\ACTIVI~1\Thps3\UNINST~1\UNWISE.EXE C:\PROGRA~1\ACTIVI~1\Thps3\UNINST~1\INSTALL.LOG

Torchlight-->C:\Program Files\Runic Games\Torchlight\uninstall.exe

TorrentMan Toolbar-->C:\PROGRA~1\TORREN~1\UNWISE.EXE C:\PROGRA~1\TORREN~1\INSTALL.LOG

TortoiseSVN 1.6.5.16974 (32 bit)-->MsiExec.exe /X{33BBE45C-6296-488A-B7D5-37E692E71B3F}

Tribes 2-->C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG

Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB923845)-->"C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"

Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"

Update for Windows XP (KB925877)-->"C:\WINDOWS\$NtUninstallKB925877$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

Wireless Selector-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BF91B0A2-52DC-4230-B44F-7C34FA861D41}

Wondershare Flash Gallery Factory 4.8.2.7-->"C:\Program Files\Wondershare\Flash Gallery Factory\unins000.exe"

World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

Wow Cartographe 1.10-->C:\Program Files\WowCartographe\uninst.exe

YouTUBE movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition (outdated)

 

======System event log======

 

Computer Name: LAP-YK8W009881

Event Code: 4201

Message: Le système a détecté que la carte réseau Intel®...Link 4965AGN - Packet Scheduler Miniport était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 60229

Source Name: Tcpip

Time Written: 20100325152414.000000+060

Event Type: Informations

User:

 

Computer Name: LAP-YK8W009881

Event Code: 4201

Message: Le système a détecté que la carte réseau Intel®...Link 4965AGN - Packet Scheduler Miniport était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 60228

Source Name: Tcpip

Time Written: 20100325152359.000000+060

Event Type: Informations

User:

 

Computer Name: LAP-YK8W009881

Event Code: 4201

Message: Le système a détecté que la carte réseau Intel®...Link 4965AGN - Packet Scheduler Miniport était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 60227

Source Name: Tcpip

Time Written: 20100325152349.000000+060

Event Type: Informations

User:

 

Computer Name: LAP-YK8W009881

Event Code: 4201

Message: Le système a détecté que la carte réseau Intel®...Link 4965AGN - Packet Scheduler Miniport était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 60226

Source Name: Tcpip

Time Written: 20100325152344.000000+060

Event Type: Informations

User:

 

Computer Name: LAP-YK8W009881

Event Code: 4201

Message: Le système a détecté que la carte réseau Intel®...Link 4965AGN - Packet Scheduler Miniport était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 60225

Source Name: Tcpip

Time Written: 20100325152329.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: LAP-YK8W009881

Event Code: 0

Message: Service stopped successfully.

 

Record Number: 43768

Source Name: idsvc

Time Written: 20100219195554.000000+060

Event Type: Informations

User:

 

Computer Name: LAP-YK8W009881

Event Code: 518

Message: The Windows CardSpace service has been idle for some time. It has been shut down to make resources available for other programs.

 

Record Number: 43767

Source Name: CardSpace 3.0.0.0

Time Written: 20100219195554.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: LAP-YK8W009881

Event Code: 32

Message:

Record Number: 43766

Source Name: Sophos Anti-Virus

Time Written: 20100219192733.000000+060

Event Type: Avertissement

User: AUTORITE NT\SERVICE LOCAL

 

Computer Name: LAP-YK8W009881

Event Code: 32

Message:

Record Number: 43765

Source Name: Sophos Anti-Virus

Time Written: 20100219192733.000000+060

Event Type: Avertissement

User: AUTORITE NT\SERVICE LOCAL

 

Computer Name: LAP-YK8W009881

Event Code: 32

Message:

Record Number: 43764

Source Name: Sophos Anti-Virus

Time Written: 20100219192716.000000+060

Event Type: Avertissement

User: AUTORITE NT\SERVICE LOCAL

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Agence France-Presse\Shared Dll;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0f0b

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

Sinon je sais que j'ai pas assez de place sur C:, mais j'ai téléchargé des vidéos recemment et je comptais refaire le ménage jusqua 5GO pour arriver a 10%+

Sinon ça m'a refait le coup du "file checking system on C:" au démarrage

Modifié le 8 mai 2010 par Lewled

[Apollo]

Ok mais je vais d'abord tenter de désinfecter ta machine; pour le reste on verra s'il s'agit d'autres problèmes d'ordre hard ou Software...

 

Télécharge Ad-Remover de C-XX et Enregistre-le sur le bureau.

 

Ferme toutes les applications ouvertes pour l'installer.

 

Sous Vista: Désactiver provisoirement l'UAC comme expliqué ICI

 

Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

Clique sur Scanner.

 

 

Le rapport se trouve aussi sous C:\Ad-Report.

Copie/colle-le dans ta réponse stp.

 

-----------------------------------------------------------------------------------------------

 

2) Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

Clique sur Nettoyer.

 

 

Le bureau va disparaitre, c'est normal!

 

Le rapport se trouve aussi sous C:\Ad-Report Clean.

Copie/colle-le dans ta réponse stp.

 

Réactiver l'UAC de Vista. (Si Vista bien sûr!).

 

La page d'accueil sera peut-être changée; il suffit de remettre sa page habituelle via les options internet.

 

++

[Lewled]

Ok, le report du scan :

 

.

======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 07/05/10 à 16:50

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Started: 13:37:40 le 08/05/2010 | Normal boot | Option: SCAN

Executed from: C:\Ad-Remover\ADR.exe

OS: Microsoft® Windows XP™ Service Pack 2 - X86

Computer name: LAP-YK8W009881

Current user: AFP

.

============== FOUND ELEMENTS ==============

.

.

C:\Documents and Settings\AFP\Application Data\Mozilla\FireFox\Profiles\6hveni3b.default\extensions\toolbar@ask.com

C:\Documents and Settings\AFP\Application Data\Mozilla\FireFox\Profiles\6hveni3b.default\searchplugins\cherche.xml

C:\Documents and Settings\AFP\Local Settings\Application Data\AskToolbar

C:\Program Files\Ask.com

C:\Program Files\Everest Poker

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\WINDOWS\system32\jopshxixptorepugv.exe

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

.

HKCU\Software\AppDataLow\AskToolbarInfo

HKCU\Software\AppDataLow\software\{8B587ED9-8F0D-26DA-8046-97DDB1F30C3F}

HKCU\Software\Ask.com

HKCU\Software\AskToolbar

HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\PartyGaming

HKCU\Software\PopCap

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jopshxixptorepugv

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll

.

.

============== ADDITIONNAL SCAN ==============

.

* Mozilla FireFox Version 3.6.3 (fr) *

.

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.download.dir: D:

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\AFP\\Desktop

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.defaultenginename: Web Search

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.selectedEngine: Web Search

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ig

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - keyword.URL: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=

C:\Documents and Settings\admintech\..\hsivbi6v.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.5

.

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.cbid", "NL");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.l", "dis");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1273310146892");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.locale", "en_FR");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.o", "14300");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.r", "2");

FOUND: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,toolbar@ask.com:3.3.1.313,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0,web@veoh.com:1.4,{5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3,pink-bee@loic.com:2.5.6");

.

* Internet Explorer Version 7.0.5730.13 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Default_Search_URL: hxxp://www.durable.com/recherche

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://www.google.com

Search Page: hxxp://www.durable.com/recherche

Show_ToolBar: yes

Start Page: hxxp://webmail.aliceadsl.fr/

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: %SystemRoot%\system32\blank.htm

Search Page: hxxp://www.durable.com/recherche

Start Page: hxxp://www.durable.com/recherche

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: hxxp://www.durable.com/recherche

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 0 Files

C:\Ad-Remover\Backup: 1 Files

.

C:\Ad-Report-SCAN[1].txt - 7305 Byte(s)

.

End at: 13:45:23, 08/05/2010

.

============== E.O.F - SCAN[1] ==============

 

Celui du clean :

 

.

======= LOGFILE OF AD-REMOVER 2.0.0.0,D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 07/05/10 à 16:50

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Started: 13:45:38 le 08/05/2010 | Normal boot | Option: CLEAN

Executed from: C:\Ad-Remover\ADR.exe

OS: Microsoft® Windows XP™ Service Pack 2 - X86

Computer name: LAP-YK8W009881

Current user: AFP

.

============== FIXED ELEMENTS ==============

.

.

C:\Documents and Settings\AFP\Application Data\Mozilla\FireFox\Profiles\6hveni3b.default\extensions\toolbar@ask.com

C:\Documents and Settings\AFP\Application Data\Mozilla\FireFox\Profiles\6hveni3b.default\searchplugins\cherche.xml

C:\Documents and Settings\AFP\Local Settings\Application Data\AskToolbar

C:\Program Files\Ask.com

C:\Program Files\Everest Poker

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\WINDOWS\system32\jopshxixptorepugv.exe

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

(!) -- Deleted temporary files.

.

HKCU\Software\AppDataLow\AskToolbarInfo

HKCU\Software\AppDataLow\software\{8B587ED9-8F0D-26DA-8046-97DDB1F30C3F}

HKCU\Software\Ask.com

HKCU\Software\AskToolbar

HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\PartyGaming

HKCU\Software\PopCap

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jopshxixptorepugv

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll

.

(Orphan) HKLM,Uninstall - screensaver - C:\WINDOWS\system32\screensaver.scr /u (File missing)

(Orphan) HKLM,Uninstall - Spirit - Stallion of the Cimarron - C:\WINDOWS\Spirit - Stallion of the Cimarron.scr /u (File missing)

.

============== ADDITIONNAL SCAN ==============

.

* Mozilla FireFox Version 3.6.3 (fr) *

.

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.download.dir: D:

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\AFP\\Desktop

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.defaultenginename: Web Search

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.search.selectedEngine: Web Search

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ig

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3

C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - keyword.URL: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=

C:\Documents and Settings\admintech\..\hsivbi6v.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.5

.

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.cbid", "NL");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.l", "dis");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1273310146892");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.locale", "en_FR");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.o", "14300");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.asktb.r", "2");

ERASED: C:\Documents and Settings\AFP\..\6hveni3b.default\prefs.js - user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,toolbar@ask.com:3.3.1.313,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0,web@veoh.com:1.4,{5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3,pink-bee@loic.com:2.5.6");

.

* Internet Explorer Version 7.0.5730.13 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: %SystemRoot%\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 3 Files

C:\Ad-Remover\Backup: 14 Files

.

C:\Ad-Report-CLEAN[1].txt - 7753 Byte(s)

C:\Ad-Report-SCAN[1].txt - 7429 Byte(s)

.

End at: 13:51:16, 08/05/2010

.

============== E.O.F - CLEAN[1] ==============

[Apollo]

Relance Ad-Remover et clique sur Désinstaller.

 

Fais un nouveau log RSIT stp.

 

@++

[Lewled]

Y'a pas eu de "info.txt" cette fois, donc, le log.txt :

 

Logfile of random's system information tool 1.07 (written by random/random)

Run by AFP at 2010-05-08 14:02:31

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 3 GB (8%) free of 37 GB

Total RAM: 3326 MB (75% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Norton Security Scan for AFP.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{A0FA75ED-A417-42B1-B6B3-DB8A1B18992E}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]

{7c5c0f58-e061-457d-9033-77307f5ed00c} - Bitlord Toolbar - C:\Program Files\TorrentMan\tbTor0.dll [2010-02-25 2349080]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AirCardEnabler"= []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]

"nwiz"=nwiz.exe /install []

"TvOutSwitch"=C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe [2006-08-02 81920]

"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]

"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]

"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]

"WatcherHelper"=C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [2007-03-28 114688]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-12 16125440]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2005-05-09 1658080]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-03-12 69632]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

"mspaint"=C:\WINDOWS\system32\Paint.exe [2010-02-20 86016]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87sdhfush87fsufhuie3fddf]

C:\DOCUME~1\AFP\LOCALS~1\Temp\rp1yfb025.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]

C:\Program Files\Livestream Procaster\Procaster.exe [2009-12-17 6477088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

C:\DOCUME~1\AFP\LOCALS~1\Temp\kvps2p.dll, RestoreWindows []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Program Files\Steam\Steam.exe -silent []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

C:\WINDOWS\INSTAL~1\{17613~1\ICON3E~1.ICO [2008-04-22 6144]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

AfpDico-Status.lnk - C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-status.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\FJWSEL]

C:\WINDOWS\system32\FJWSWNP.dll [2006-06-29 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSUTY]

C:\WINDOWS\system32\PSUWNP.dll [2006-06-02 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"Btn_Home"=0

"Btn_Fullscreen"=0

"Btn_Tools"=0

"Btn_Print"=0

"Btn_Edit"=0

"Btn_Cut"=0

"Btn_Copy"=0

"Btn_Paste"=0

"Btn_Encoding"=0

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoMSAppLogo5ChannelNotify"=

"NoToolbarCustomize"=

"NoBandCustomize"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

""=""

"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"D:\Dragon Age\bin_ship\daorigins.exe"="D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu"

"D:\Dragon Age\DAOriginsLauncher.exe"="D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur"

"D:\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour"

"D:\PES 2010\pes2010.exe"="D:\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"

"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"

"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"

"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"

"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"

"D:\Opera\opera.exe"="D:\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"D:\opera.exe"="D:\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

""=""

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======File associations======

 

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2010-05-08 13:18:17 ----D---- C:\rsit

2010-05-08 13:10:41 ----A---- C:\cleannavi.txt

2010-05-08 13:10:03 ----D---- C:\Program Files\navilog1

2010-05-08 13:10:03 ----AD---- C:\Navilog1

2010-05-08 11:22:29 ----D---- C:\Documents and Settings\AFP\Application Data\Malwarebytes

2010-05-08 11:04:37 ----A---- C:\TDSSKiller.2.2.8.1_08.05.2010_11.04.37_log.txt

2010-05-08 01:25:11 ----D---- C:\Program Files\Trend Micro

2010-05-08 00:53:27 ----D---- C:\32788R22FWJFW

2010-05-08 00:50:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-05-08 00:50:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-05-08 00:40:42 ----A---- C:\WINDOWS\Qsibua.exe

2010-05-06 10:55:03 ----D---- C:\Documents and Settings\AFP\Application Data\KVIrc

2010-05-03 01:06:14 ----A---- C:\WINDOWS\system32\qnnqsfgx.dll

2010-05-01 10:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever

2010-04-24 21:40:50 ----D---- C:\Documents and Settings\AFP\Application Data\Downloaded Installations

2010-04-24 20:43:53 ----D---- C:\Documents and Settings\AFP\Application Data\Ubisoft

2010-04-24 11:57:46 ----D---- C:\Program Files\Ubisoft

2010-04-20 22:10:44 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-04-16 16:21:52 ----D---- C:\Program Files\Common Files\DESIGNER

2010-04-15 15:29:43 ----D---- C:\Program Files\Perfect World France

2010-04-15 10:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB976323$

2010-04-15 10:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 10:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-15 10:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$

2010-04-15 10:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 10:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-15 10:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-15 10:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-12 18:52:15 ----A---- C:\Program Files\Exiferupdate.ini

2010-04-12 18:47:18 ----D---- C:\Program Files\Exifer

2010-04-10 22:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

 

======List of files/folders modified in the last 1 months======

 

2010-05-08 14:02:18 ----D---- C:\WINDOWS\system32

2010-05-08 14:02:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-05-08 14:02:01 ----D---- C:\WINDOWS\Temp

2010-05-08 14:01:53 ----D---- C:\WINDOWS\system32\inetsrv

2010-05-08 13:57:34 ----D---- C:\Program Files\Common Files\Akamai

2010-05-08 13:55:22 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-08 13:51:05 ----SHD---- C:\WINDOWS\Installer

2010-05-08 13:51:05 ----SD---- C:\WINDOWS\Tasks

2010-05-08 13:51:05 ----D---- C:\WINDOWS\Prefetch

2010-05-08 13:51:05 ----D---- C:\Program Files

2010-05-08 13:49:07 ----D---- C:\WINDOWS\Registration

2010-05-08 13:44:08 ----D---- C:\Program Files\Warcraft III

2010-05-08 13:26:44 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-08 12:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$

2010-05-08 12:50:11 ----D---- C:\WINDOWS\system32\drivers

2010-05-08 11:14:33 ----D---- C:\WINDOWS

2010-05-08 11:03:46 ----D---- C:\Documents and Settings\AFP\Application Data\mIRC

2010-05-08 04:23:57 ----D---- C:\Program Files\mIRC

2010-05-08 04:21:01 ----D---- C:\Documents and Settings\AFP\Application Data\vlc

2010-05-08 02:36:23 ----HD---- C:\Config.Msi

2010-05-08 02:36:20 ----D---- C:\WINDOWS\WinSxS

2010-05-08 02:28:48 ----A---- C:\WINDOWS\wininit.ini

2010-05-08 02:01:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-08 01:54:19 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-05-08 01:08:55 ----SHD---- C:\System Volume Information

2010-05-08 01:08:20 ----SHD---- C:\WINDOWS\CSC

2010-05-08 00:41:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-05-08 00:29:10 ----A---- C:\WINDOWS\NeroDigital.ini

2010-05-06 20:12:14 ----D---- C:\Program Files\CamStudio

2010-05-06 16:11:03 ----D---- C:\Program Files\Garena

2010-05-06 10:07:31 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

2010-05-06 10:07:28 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-05-04 23:31:00 ----D---- C:\Documents and Settings\AFP\Application Data\Skype

2010-05-04 22:08:21 ----D---- C:\Documents and Settings\AFP\Application Data\skypePM

2010-05-04 15:25:33 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

2010-05-02 13:37:00 ----D---- C:\Program Files\Heroes of Newerth

2010-05-01 10:34:29 ----D---- C:\WINDOWS\system32\DirectX

2010-05-01 10:34:28 ----RSD---- C:\WINDOWS\assembly

2010-05-01 02:31:24 ----D---- C:\Documents and Settings\AFP\Application Data\FileZilla

2010-04-24 12:09:15 ----HD---- C:\WINDOWS\inf

2010-04-24 11:57:46 ----HD---- C:\Program Files\InstallShield Installation Information

2010-04-24 00:11:10 ----D---- C:\WINDOWS\Debug

2010-04-16 19:34:16 ----D---- C:\Program Files\Google

2010-04-16 16:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-04-16 16:22:04 ----RSD---- C:\WINDOWS\Fonts

2010-04-16 16:22:01 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-04-16 16:21:52 ----D---- C:\Program Files\Common Files

2010-04-15 10:29:00 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-11 08:38:37 ----D---- C:\Program Files\Mozilla Firefox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-03-04 79424]

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-23 21393]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-24 281760]

R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-24 25888]

R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-09 130432]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-02-01 250776]

R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-07 22560]

R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-12 4486144]

R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-04-02 1952032]

R3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2007-02-07 66848]

R3 LVUVC;WebCam(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-07 1939360]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6345472]

R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2007-05-22 95616]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-09 193120]

R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 astjclsz;astjclsz; C:\WINDOWS\system32\drivers\astjclsz.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 Cpmt;Cisco Media Termination; C:\WINDOWS\System32\Drivers\Cpmt.sys []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]

S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\AFP\LOCALS~1\Temp\HMJC77.tmp []

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2007-05-22 95616]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swnc8u32.sys [2007-03-12 102272]

S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []

S3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swumx32.sys [2007-03-12 72576]

S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]

S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]

S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]

S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]

S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-24 41856]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]

S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]

S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AfpDico-Service;Afp - Service local des données communes; C:\Program Files\Agence France-Presse\AfpDico-Service\afpdico-service.exe [2007-01-05 409600]

R2 AfpNetwork-Service;Afp - Supervision des connexions réseau AFP; C:\Program Files\Agence France-Presse\AfpNetwork-Service\afpnetwork-service.exe [2007-01-09 39424]

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]

R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]

R2 O2Flash;O2Flash Memory Service; C:\WINDOWS\system32\o2flash.exe [2007-05-22 57344]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-12-08 55016]

S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]

S2 LvIBTSvr;Logitech IBT Service; C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-02 76576]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-04-02 105248]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-09-27 69120]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-06-16 68096]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-19 3474384]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------