> Tous les forums > Forum Sécurité
 msxml71.dll détecté par avast
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
cristofxx
  Posté le 27/10/2009 @ 19:43 
Aller en bas de la page 
Petit astucien

Salut !
Je viens de voir que plusieurs autres personnes ont eu ce problème, mais je crois que c'est assez "personnel", selon la machine etc
Donc je vais mettre un petit hijackthis, le temps d'expliquer que je venais de télecharger msvcrtd.dll via ddl-files.com et de le placer dans windows system32. J'ai presque eu instantanement le message d'erreur !
Donc je met le log hijackthis, et je remerci par avance quiconque m'aidera (

Salut !

Je viens de voir que plusieurs autres personnes ont eu ce problème, mais je crois que c'est assez "personnel", selon la machine etc

Donc je vais mettre un petit hijackthis, le temps d'expliquer que je venais de télecharger msvcrtd.dll via ddl-files.com et de le placer dans windows system32. J'ai presque eu instantanement le message d'erreur d'avast!

Donc je met le log hijackthis, et je remerci par avance quiconque m'aidera

PS: je viens de découvrir l'analyse automatique en ligne du log!! Tout est plutôt bon, sauf le fichier en question : nasty qui dit

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:35, on 27/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software-Avast4\ashServ.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\msa.exe

F:\Program Files\Digidesign\Drivers\MMERefresh.exe

F:\WINDOWS\system32\svchost.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe

F:\Program Files\Alwil Software-Avast4\ashWebSv.exe

F:\WINDOWS\System32\M-AudioTaskBarIcon.exe

F:\Program Files\Java\jre6\bin\jusched.exe

F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

F:\Program Files\Unlocker\UnlockerAssistant.exe

F:\PROGRA~1\ALWILS~1\ashDisp.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Program Files\uTorrent\uTorrent.exe

F:\Program Files\SuperCopier2\SuperCopier2.exe

F:\Program Files\OpenOffice.org 3\program\soffice.exe

F:\Program Files\OpenOffice.org 3\program\soffice.bin

F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\WINDOWS\System32\svchost.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Program Files\Windows NT\Accessories\wordpad.exe

F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - F:\WINDOWS\system32\msxml71.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] F:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DigidesignMMERefresh] F:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [WinsysMon] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi2E4.tmp\googletoolbar.exe

O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [ReCycle Patch] "Y:\install - uninstall\Propellerhead Recycle 2.1\ReCyclePatch.exe" -s

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [PopRock] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK

SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default

user')

O4 - Startup: OpenOffice.org 3.1.lnk = F:\Program Files\OpenOffice.org 3\program\quickstart.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program

Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: prio.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil

Software-Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashWebSv.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. -

F:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Pro

Tools\digiSPTIService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program

Files\Java\jre6\bin\jqs.exe

--

End of file - 7181 bytes

Publicité
Vrni
 Posté le 27/10/2009 à 20:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonsoir et bienvenu sur PCA.

PS: je viens de découvrir l'analyse automatique en ligne du log!! Tout est plutôt bon, sauf le fichier en question : nasty qui dit

Le moteur d'analyse d'Hijackthis n'est plus tenu à jour.
les nouvelles infections n'y sont pas répertoriées.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

  • Tu l'installes. Choisis les options par défaut.
  • A la fin de l'installation, il te sera demandé de mettre à jour MalwareBytes et de l'éxecuter . Accepte.

  • Après la mise à jour, le logiciel va s'ouvrir.
    • Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
    • Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur. Clique sur lancer l'examen.
    • A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
    • Si des infections sont trouvées, clique sur Supprimer la sélection.

    Note : Dans certains cas, le logiciel demande de redémarrer l'ordinateur pour supprimer les fichiers. Accepte.

    Tu postes le rapport dans ton prochain message .
    Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs . Il y est. Clique dessus et choisir ouvrir.


    A+

    cristofxx
     Posté le 27/10/2009 à 23:51 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Yop Vrni, merci pour le coup de main!
    Avant que tu me réponde, j'ai installé RegRun, qui a trouvé et effacé (apparement) le fichier msxml71.dll et quelques autres.
    Ensuite j'ai fait le scan malware bytes, je met le rapport. Il pointe beaucoup de logiciels dont je me sert pour ma formation et dont je suis sûr qu'ils ne sont pas dangereux, je les avait déjà installés sans problème. L'organisation des partition est F > XP d'où j'écris ce message et C > win7 que je n'arrive plus à booter pour l'instant.
    Voici voilà, merci encore:
    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 3043
    Windows 5.1.2600 Service Pack 3
    27/10/2009 23:38:54
    mbam-log-2009-10-27 (23-38-54).txt
    Type de recherche: Examen complet (C:\|D:\|F:\|Y:\|Z:\|)
    Eléments examinés: 365704
    Temps écoulé: 1 hour(s), 54 minute(s), 22 second(s)
    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 17
    Fichier(s) infecté(s): 60
    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)
    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)
    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    Dossier(s) infecté(s):
    F:\Program Files\save (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I0 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I3 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I4 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I5 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I0 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I3 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I4 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I5 (Adware.WhenU) -> Quarantined and deleted successfully.
    Fichier(s) infecté(s):
    C:\Program Files (x86)\AAS\Tassman 4.0\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Arturia\Moog Modular V 2\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    F:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\start.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    F:\Program Files\arturia\minimoog V\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    F:\Program Files\Native Instruments\Guitar Rig\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    F:\Program Files\Propellerhead\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    Y:\Program Files\Alwil Software\Avast4\DATA\moved\install.exe (Rootkit.Agent) -> Delete on reboot.
    Y:\Program Files\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    Y:\_Plug audio\Effets\Guitar Rig\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    Y:\_Plug audio\Instrument\daHornet\daHornet\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    Y:\install - uninstall\°°°°°Plug in\Dash Signature - daHornet v1.34\Poste de travail\daHornet\daHornet\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
    F:\Program Files\save\controlMidi (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\NomPreset (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\NomBanque (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I0\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I0\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I0\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I1\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I1\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I1\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I2\Patch3 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I3\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I3\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I3\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I4\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I4\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I4\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I5\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I5\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I5\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P0\B0\I5\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\NomPreset (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\NomBanque (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I0\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I0\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I0\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I1\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I1\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I1\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I2\Patch3 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I3\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I3\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I3\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I4\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I4\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I4\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I5\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I5\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I5\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Program Files\save\P1\B0\I5\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.
    F:\Documents and Settings\Administrator\Local Settings\Temp\hi.bat (Malware.Trace) -> Quarantined and deleted successfully.

    Yop Vrni, merci pour le coup de main!

    Avant que tu me réponde j'ai installé RegRun, qui a trouvé et effacé (apparement) le fichier msxml71.dll et quelques autres.

    Ensuite j'ai fait le scan malware bytes, je met le rapport. Il pointe beaucoup de logiciels dont je me sert pour ma formation et dont je suis sûr qu'ils ne sont pas dangereux, je les avait déjà installés sans problème. L'organisation des partition est F > XP d'où j'écris ce message et C > win7 que je n'arrive plus à booter pour l'instant.

    Voici voilà, merci encore:

    Malwarebytes' Anti-Malware 1.41

    Version de la base de données: 3043

    Windows 5.1.2600 Service Pack 3

    27/10/2009 23:38:54

    mbam-log-2009-10-27 (23-38-54).txt

    Type de recherche: Examen complet (C:\|D:\|F:\|Y:\|Z:\|)

    Eléments examinés: 365704

    Temps écoulé: 1 hour(s), 54 minute(s), 22 second(s)

    Processus mémoire infecté(s): 0

    Module(s) mémoire infecté(s): 0

    Clé(s) du Registre infectée(s): 9

    Valeur(s) du Registre infectée(s): 1

    Elément(s) de données du Registre infecté(s): 4

    Dossier(s) infecté(s): 17

    Fichier(s) infecté(s): 60

    Processus mémoire infecté(s):

    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):

    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):

    HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):

    F:\Program Files\save (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I0 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I3 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I4 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I5 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I0 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I3 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I4 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I5 (Adware.WhenU) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):

    C:\Program Files (x86)\AAS\Tassman 4.0\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    C:\Program Files (x86)\Arturia\Moog Modular V 2\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    C:\Program Files (x86)\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    F:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\start.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    F:\Program Files\arturia\minimoog V\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    F:\Program Files\Native Instruments\Guitar Rig\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    F:\Program Files\Propellerhead\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    Y:\Program Files\Alwil Software\Avast4\DATA\moved\install.exe (Rootkit.Agent) -> Delete on reboot.

    Y:\Program Files\Recycle\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    Y:\_Plug audio\Effets\Guitar Rig\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    Y:\_Plug audio\Instrument\daHornet\daHornet\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    Y:\install - uninstall\°°°°°Plug in\Dash Signature - daHornet v1.34\Poste de travail\daHornet\daHornet\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

    F:\Program Files\save\controlMidi (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\NomPreset (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\NomBanque (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I0\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I0\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I0\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I1\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I1\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I1\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I2\Patch3 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I3\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I3\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I3\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I4\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I4\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I4\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I5\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I5\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I5\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P0\B0\I5\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\NomPreset (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\NomBanque (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I0\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I0\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I0\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I1\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I1\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I1\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I2\Patch3 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I3\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I3\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I3\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I4\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I4\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I4\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I5\NomInstrument (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I5\Parametres (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I5\Patch1 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Program Files\save\P1\B0\I5\Patch2 (Adware.WhenU) -> Quarantined and deleted successfully.

    F:\Documents and Settings\Administrator\Local Settings\Temp\hi.bat (Malware.Trace) -> Quarantined and deleted successfully.

    Vrni
     Posté le 28/10/2009 à 00:04 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    OK, pour l'outil que tu as passé.
    Evite d'en passer d'autres sinon je ne vais pas pouvoir suivre tes faits et gestes.

    Pour XP et 7 , tu devras sans doute réinstaller/réparer 7 ou essayer de réparer le double boot.

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.

    • double-clique sur " RSIT.exe ".
    • dans la fenêtre qui va s'ouvrir choisis 1 month pour l'option "List files/folders created ..." ,
    • cliques ensuite sur " Continue " pour lancer l'analyse ...
    Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

    Attends jusqu'à la fin de l'analyse. Deux rapports vont être generés.

    • Poste le contenu de " log.txt ".
    • et celui de " info.txt " ( dans la barre de taches )

    Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

    A+

    cristofxx
     Posté le 29/10/2009 à 12:10 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Je test un plus petit message. J'ai erreur 500 interne au serveur depuis hier.

    cristofxx
     Posté le 29/10/2009 à 12:11 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Logfile of random's system information tool 1.06 (written by random/random)

    Run by Administrator at 2009-10-28 13:11:57

    Microsoft Windows XP Professional Service Pack 3

    System drive F: has 38 GB (77%) free of 50 GB

    Total RAM: 3070 MB (86% free)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:11:59, on 28/10/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Boot mode: Normal

    Running processes:

    F:\WINDOWS\System32\smss.exe

    F:\WINDOWS\system32\winlogon.exe

    F:\WINDOWS\system32\services.exe

    F:\WINDOWS\system32\lsass.exe

    F:\WINDOWS\system32\Ati2evxx.exe

    F:\WINDOWS\system32\svchost.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\system32\Ati2evxx.exe

    F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe

    F:\Program Files\Alwil Software-Avast4\ashServ.exe

    F:\WINDOWS\system32\spoolsv.exe

    F:\WINDOWS\Explorer.EXE

    F:\Program Files\Digidesign\Drivers\MMERefresh.exe

    F:\WINDOWS\system32\svchost.exe

    F:\Program Files\Java\jre6\bin\jqs.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\system32\svchost.exe

    F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe

    F:\Program Files\Alwil Software-Avast4\ashWebSv.exe

    F:\WINDOWS\System32\M-AudioTaskBarIcon.exe

    F:\Program Files\Java\jre6\bin\jusched.exe

    F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    F:\Program Files\Unlocker\UnlockerAssistant.exe

    F:\PROGRA~1\ALWILS~1\ashDisp.exe

    F:\WINDOWS\system32\ctfmon.exe

    F:\Program Files\uTorrent\uTorrent.exe

    F:\Program Files\SuperCopier2\SuperCopier2.exe

    F:\Program Files\OpenOffice.org 3\program\soffice.exe

    F:\Program Files\OpenOffice.org 3\program\soffice.bin

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\system32\deltapnl.exe

    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    F:\Program Files\Windows NT\Accessories\wordpad.exe

    F:\WINDOWS\system32\wuauclt.exe

    F:\Documents and Settings\Administrator\Desktop\RSIT.exe

    F:\Documents and Settings\Administrator\Desktop\Administrator.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] F:\WINDOWS\System32\M-AudioTaskBarIcon.exe

    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [DigidesignMMERefresh] F:\Program Files\Digidesign\Drivers\MMERefresh.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [WinsysMon] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi2E4.tmp\googletoolbar.exe

    O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"

    O4 - HKLM\..\Run: [ReCycle Patch] "Y:\install - uninstall\Propellerhead Recycle 2.1\ReCyclePatch.exe" -s

    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\ashDisp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe"

    O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

    O4 - Startup: OpenOffice.org 3.1.lnk = F:\Program Files\OpenOffice.org 3\program\quickstart.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

    O20 - AppInit_DLLs: prio.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software-Avast4\ashWebSv.exe

    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Drivers\MMERefresh.exe

    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

    --

    End of file - 6623 bytes

    ======Scheduled tasks folder======

    F:\WINDOWS\tasks\AppleSoftwareUpdate.job

    F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1326574676-682003330-500Core.job

    F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1326574676-682003330-500UA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

    Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "M-Audio Taskbar Icon"=F:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2007-01-25 154112]

    "QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

    "DigidesignMMERefresh"=F:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-31 77824]

    "Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

    "Adobe ARM"=F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

    "SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-10-26 149280]

    "VirtualCloneDrive"=F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]

    "WinsysMon"=F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi2E4.tmp\googletoolbar.exe []

    "UnlockerAssistant"=F:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]

    "ReCycle Patch"=Y:\install - uninstall\Propellerhead Recycle 2.1\ReCyclePatch.exe [2005-12-20 184320]

    "avast!"=F:\PROGRA~1\ALWILS~1\ashDisp.exe [2009-09-15 81000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360]

    "Google Update"=F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-25 133104]

    "uTorrent"=F:\Program Files\uTorrent\uTorrent.exe [2009-10-25 289072]

    "SuperCopier2.exe"=F:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]

    F:\Documents and Settings\Administrator\Start Menu\Programs\Startup

    OpenOffice.org 3.1.lnk - F:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLS"="prio.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    F:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{F552DDE6-2090-4bf4-B924-6141E87789A5}"= []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    "DisableCAD"=1

    "DisableStatusMessages"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=145

    "NoResolveTrack"=1

    "NoResolveSearch"=1

    "NoSMConfigurePrograms"=1

    "MemCheckBoxInRunDlg"=1

    "NoSharedDocuments"=1

    "NoActiveDesktop"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "MemCheckBoxInRunDlg"=

    "StartMenuFavorites"=

    "Start_ShowMyComputer"=

    "Start_ShowMyDocs"=

    "Start_ShowMyMusic"=

    "Start_ShowRun"=

    "Start_ShowSearch"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "F:\Program Files\uTorrent\uTorrent.exe"="F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    "F:\Program Files\SoulseekNS\slsk.exe"="F:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

    "F:\Program Files\Pando Networks\Pando\Pando.exe"="F:\Program Files\Pando Networks\Pando\Pando.exe:*:Enabled:Pando"

    "F:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="F:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

    "F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"

    "F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "F:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="F:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

    "F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="F:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"

    "F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="F:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

    shell\AutoRun\command - H:\Autorun.exe root.ini

    ======List of files/folders created in the last 1 months======

    2009-10-28 13:11:57 ----D---- F:\rsit

    2009-10-27 23:54:33 ----D---- F:\Documents and Settings\All Users\Application Data\Audio Damage

    2009-10-27 23:53:28 ----D---- F:\Documents and Settings\Administrator\Application Data\iZotope

    2009-10-27 20:57:01 ----D---- F:\Documents and Settings\Administrator\Application Data\Malwarebytes

    2009-10-27 20:56:56 ----D---- F:\Program Files\Malwarebytes' Anti-Malware

    2009-10-27 20:56:56 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes

    2009-10-27 20:36:24 ----D---- F:\WINDOWS\RestoreSafeDeleted

    2009-10-27 20:32:35 ----RASHOT---- F:\WINDOWS\winstart.bat

    2009-10-27 20:31:31 ----D---- F:\Program Files\RegRunSuite-Greatis

    2009-10-27 19:40:22 ----D---- F:\hijackThis

    2009-10-27 19:18:46 ----A---- F:\WINDOWS\system32\msvcrtd.dll

    2009-10-27 19:00:51 ----A---- F:\WINDOWS\system32\MSVCP60D.dll

    2009-10-27 18:07:54 ----A---- F:\WINDOWS\system32\aswBoot.exe

    2009-10-27 18:07:52 ----D---- F:\Program Files\Alwil Software-Avast4

    2009-10-27 17:57:01 ----A---- F:\WINDOWS\LOOP.exe

    2009-10-27 17:56:03 ----D---- F:\Documents and Settings\All Users\Application Data\Propellerhead Software

    2009-10-27 17:56:02 ----D---- F:\Documents and Settings\Administrator\Application Data\Propellerhead Software

    2009-10-27 17:55:29 ----D---- F:\Program Files\Propellerhead

    2009-10-27 17:50:30 ----D---- F:\Program Files\Steinberg

    2009-10-27 17:50:29 ----D---- F:\Program Files\BBE Sonic Maximizer Plugin

    2009-10-27 17:49:29 ----A---- F:\WINDOWS\system32\msvcr70d.dll

    2009-10-27 17:49:29 ----A---- F:\WINDOWS\system32\msvcp70d.dll

    2009-10-27 17:47:24 ----D---- F:\Program Files\Unlocker

    2009-10-27 17:37:57 ----D---- F:\Documents and Settings\Administrator\Application Data\Waves Audio

    2009-10-27 17:37:24 ----D---- F:\Program Files\Waves

    2009-10-27 17:36:40 ----D---- F:\Program Files\Sonalksis

    2009-10-27 17:36:40 ----A---- F:\WINDOWS\unins000.exe

    2009-10-27 17:35:27 ----D---- F:\Program Files\Common Files\Native Instruments

    2009-10-27 17:34:06 ----D---- F:\Program Files\iZotope

    2009-10-27 17:32:55 ----D---- F:\Program Files\Native Instruments

    2009-10-27 17:23:02 ----D---- F:\Documents and Settings\All Users\Application Data\Audio Ease

    2009-10-27 17:22:59 ----D---- F:\Program Files\Audio Ease

    2009-10-27 17:22:59 ----D---- F:\Documents and Settings\Administrator\Application Data\Audio Ease

    2009-10-27 17:19:34 ----D---- F:\Program Files\arturia

    2009-10-27 17:16:00 ----A---- F:\WINDOWS\unvise32.exe

    2009-10-27 17:09:29 ----A---- F:\WINDOWS\system32\msvcsv60.dll

    2009-10-27 17:09:01 ----D---- F:\Program Files\IK Multimedia

    2009-10-27 17:04:41 ----SH---- F:\Documents and Settings\Administrator\Application Data\install.config.exe

    2009-10-27 16:54:38 ----D---- F:\Documents and Settings\Administrator\Application Data\Publish Providers

    2009-10-27 16:50:37 ----D---- F:\Documents and Settings\Administrator\Application Data\Sony

    2009-10-27 16:49:58 ----D---- F:\Documents and Settings\All Users\Application Data\Sony

    2009-10-27 16:49:54 ----D---- F:\Program Files\Sony

    2009-10-27 16:48:34 ----RSD---- F:\WINDOWS\assembly

    2009-10-27 16:48:19 ----D---- F:\WINDOWS\Microsoft.NET

    2009-10-27 16:46:04 ----D---- F:\Documents and Settings\Administrator\Application Data\Sony Setup

    2009-10-27 16:37:51 ----D---- F:\Documents and Settings\Administrator\Application Data\OpenOffice.org

    2009-10-27 12:32:09 ----D---- F:\Program Files\TagRename

    2009-10-27 12:22:35 ----D---- F:\Program Files\AVSMedia

    2009-10-27 12:22:29 ----D---- F:\Program Files\Common Files\AVSMedia

    2009-10-27 12:22:29 ----A---- F:\WINDOWS\system32\xvidvfw.dll

    2009-10-27 12:22:29 ----A---- F:\WINDOWS\system32\xvidcore.dll

    2009-10-27 12:22:29 ----A---- F:\WINDOWS\system32\mpg4c32.dll

    2009-10-27 12:22:29 ----A---- F:\WINDOWS\system32\mcdvd_32.dll

    2009-10-27 12:22:29 ----A---- F:\WINDOWS\system32\divx.dll

    2009-10-27 12:22:28 ----D---- F:\Program Files\AVSMedia-DVDPlayer

    2009-10-27 12:22:28 ----A---- F:\WINDOWS\system32\msxml3a.dll

    2009-10-27 12:19:03 ----D---- F:\Documents and Settings\Administrator\Application Data\dvdcss

    2009-10-27 11:58:58 ----D---- F:\Program Files\SuperCopier2

    2009-10-27 11:45:31 ----D---- F:\Program Files\scn2

    2009-10-27 11:37:27 ----D---- F:\Documents and Settings\Administrator\Application Data\WinRAR

    2009-10-27 11:34:49 ----A---- F:\WINDOWS\system32\fftw3.dll

    2009-10-27 11:30:33 ----D---- F:\Program Files\Comic Reader

    2009-10-27 11:30:03 ----D---- F:\Program Files\WinRAR

    2009-10-27 00:50:15 ----D---- F:\Documents and Settings\Administrator\Application Data\vlc

    2009-10-27 00:49:51 ----D---- F:\Program Files\VideoLAN

    2009-10-26 19:35:57 ----D---- F:\Documents and Settings\All Users\Application Data\Ableton

    2009-10-26 19:35:56 ----D---- F:\Documents and Settings\Administrator\Application Data\Ableton

    2009-10-26 16:00:13 ----A---- F:\WINDOWS\system32\ReWire.dll

    2009-10-26 15:59:20 ----D---- F:\Program Files\Ableton

    2009-10-26 15:58:33 ----D---- F:\Program Files\Elaborate Bytes

    2009-10-26 13:35:05 ----RA---- F:\WINDOWS\system32\nvusmb.exe

    2009-10-26 13:35:04 ----D---- F:\WINDOWS\system32\ReinstallBackups

    2009-10-26 13:20:01 ----A---- F:\WINDOWS\system32\NVUNINST.EXE

    2009-10-26 01:56:27 ----A---- F:\WINDOWS\system32\hpz3l696.dll

    2009-10-26 01:55:10 ----A---- F:\WINDOWS\system32\hpzids01.dll

    2009-10-26 01:55:09 ----A---- F:\WINDOWS\system32\hppldcoi.dll

    2009-10-26 01:55:09 ----A---- F:\WINDOWS\system32\hposwia_p01a.dll

    2009-10-26 01:55:09 ----A---- F:\WINDOWS\system32\hpost_p01a.dll

    2009-10-26 01:55:09 ----A---- F:\WINDOWS\system32\hposc_p01a.dll

    2009-10-26 01:55:09 ----A---- F:\WINDOWS\system32\difxapi.dll

    2009-10-26 01:55:06 ----D---- F:\Program Files\Common Files\HP

    2009-10-26 01:55:05 ----D---- F:\Program Files\Hewlett-Packard

    2009-10-26 01:55:05 ----D---- F:\Program Files\Common Files\Hewlett-Packard

    2009-10-26 01:54:56 ----D---- F:\Program Files\HP

    2009-10-26 01:54:47 ----HD---- F:\Config.Msi

    2009-10-26 01:52:31 ----D---- F:\Program Files\JRE

    2009-10-26 01:52:28 ----D---- F:\Program Files\OpenOffice.org 3

    2009-10-26 01:52:22 ----A---- F:\WINDOWS\system32\javaws.exe

    2009-10-26 01:52:22 ----A---- F:\WINDOWS\system32\javaw.exe

    2009-10-26 01:52:22 ----A---- F:\WINDOWS\system32\java.exe

    2009-10-26 01:52:22 ----A---- F:\WINDOWS\system32\deploytk.dll

    2009-10-26 01:52:16 ----D---- F:\Program Files\Java

    2009-10-26 01:52:13 ----D---- F:\Documents and Settings\Administrator\Application Data\Sun

    2009-10-26 01:40:31 ----D---- F:\Documents and Settings\All Users\Application Data\Adobe

    2009-10-26 01:40:28 ----D---- F:\Program Files\Common Files\Adobe

    2009-10-26 01:40:28 ----D---- F:\Program Files\Adobe

    2009-10-26 00:19:07 ----D---- F:\Program Files\Pando Networks

    2009-10-25 18:18:46 ----D---- F:\Documents and Settings\All Users\Application Data\Soulseek

    2009-10-25 18:18:42 ----D---- F:\Program Files\SoulseekNS

    2009-10-25 18:06:14 ----D---- F:\Program Files\uTorrent

    2009-10-25 18:05:23 ----D---- F:\Documents and Settings\Administrator\Application Data\uTorrent

    2009-10-25 17:51:58 ----D---- F:\Documents and Settings\All Users\Application Data\Google

    2009-10-25 17:47:13 ----D---- F:\Documents and Settings\Administrator\Application Data\Mozilla

    2009-10-25 17:25:33 ----D---- F:\Program Files\FLAC

    2009-10-25 17:16:17 ----D---- F:\Documents and Settings\Administrator\Application Data\foobar2000

    2009-10-25 17:16:15 ----D---- F:\Program Files\foobar2000

    2009-10-25 16:40:19 ----D---- F:\Documents and Settings\Administrator\Application Data\Macromedia

    2009-10-25 16:03:51 ----D---- F:\Documents and Settings\Administrator\Application Data\Digidesign

    2009-10-25 16:03:46 ----D---- F:\Digidesign Databases

    2009-10-25 16:03:41 ----D---- F:\Program Files\Common Files\PACE Anti-Piracy

    2009-10-25 16:03:41 ----D---- F:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

    2009-10-25 16:03:41 ----D---- F:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy

    2009-10-25 16:00:49 ----D---- F:\Program Files\Common Files\Trillium Lane

    2009-10-25 15:53:01 ----D---- F:\Program Files\InterLok

    2009-10-25 15:53:00 ----D---- F:\WINDOWS\Downloaded Installations

    2009-10-25 15:52:35 ----N---- F:\WINDOWS\system32\REX Shared Library.dll

    2009-10-25 15:52:35 ----N---- F:\WINDOWS\system32\ilinet.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\qtmlClient.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\msvcr71.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\msvcr70.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\msvcp71.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\msvcp70.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71u.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71KOR.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71JPN.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71ITA.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71FRA.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71ESP.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71ENU.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71DEU.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71CHT.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\MFC71CHS.DLL

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\mfc71.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\mfc70.dll

    2009-10-25 15:52:35 ----A---- F:\WINDOWS\system32\atl71.dll

    2009-10-25 15:52:32 ----D---- F:\Program Files\Digidesign

    2009-10-25 15:52:32 ----D---- F:\Program Files\Common Files\Digidesign

    2009-10-25 15:52:32 ----A---- F:\WINDOWS\system32\WinMMFix.dll

    2009-10-25 15:52:32 ----A---- F:\WINDOWS\system32\DSI.dll

    2009-10-25 15:52:32 ----A---- F:\WINDOWS\system32\DirectIO.dll

    2009-10-25 15:52:32 ----A---- F:\WINDOWS\system32\DigiPlatformSupport.dll

    2009-10-25 15:52:32 ----A---- F:\WINDOWS\system32\digicoin.dll

    2009-10-25 15:51:31 ----A---- F:\WINDOWS\system32\ksuser.dll

    2009-10-25 15:41:14 ----D---- F:\Program Files\QuickTime

    2009-10-25 15:41:14 ----D---- F:\Documents and Settings\All Users\Application Data\Apple Computer

    2009-10-25 15:41:08 ----D---- F:\Program Files\Common Files\Apple

    2009-10-25 15:41:03 ----D---- F:\Program Files\Apple Software Update

    2009-10-25 15:41:03 ----D---- F:\Documents and Settings\All Users\Application Data\Apple

    2009-10-25 15:40:44 ----D---- F:\Program Files\NFO viewer

    2009-10-25 15:40:21 ----DC---- F:\WINDOWS\system32\DRVSTORE

    2009-10-25 15:40:20 ----D---- F:\Program Files\AMD

    2009-10-25 15:40:15 ----D---- F:\Documents and Settings\Administrator\Application Data\InstallShield

    2009-10-25 15:40:02 ----D---- F:\Program Files\M-Audio

    2009-10-25 15:40:02 ----A---- F:\WINDOWS\system32\pcifmdio.dll

    2009-10-25 15:40:02 ----A---- F:\WINDOWS\system32\M-AudioTaskBarIcon.exe

    2009-10-25 15:40:02 ----A---- F:\WINDOWS\system32\deltasio.dll

    2009-10-25 15:40:02 ----A---- F:\WINDOWS\system32\deltapnl.exe

    2009-10-25 15:40:02 ----A---- F:\WINDOWS\system32\deltapnl.dll

    2009-10-25 15:37:36 ----SHD---- F:\RECYCLER

    2009-10-25 15:33:05 ----D---- F:\Documents and Settings\Administrator\Application Data\Adobe

    2009-10-25 15:29:24 ----N---- F:\WINDOWS\system32\ati2sgag.exe

    2009-10-25 15:29:19 ----HD---- F:\Program Files\InstallShield Installation Information

    2009-10-25 15:29:05 ----D---- F:\ATI

    2009-10-25 15:28:47 ----D---- F:\Program Files\Marvell

    2009-10-25 15:15:12 ----D---- F:\Program Files\Common Files\InstallShield

    2009-10-25 14:36:44 ----HDC---- F:\WINDOWS\$NtUninstallKB941569$

    2009-10-25 14:36:36 ----A---- F:\WINDOWS\system32\MRT.exe

    2009-10-25 14:36:21 ----D---- F:\WINDOWS\system32\SoftwareDistribution

    2009-10-25 14:36:21 ----A---- F:\WINDOWS\system32\wups2.dll

    2009-10-25 14:36:21 ----A---- F:\WINDOWS\system32\wucltui.dll.mui

    2009-10-25 14:36:21 ----A---- F:\WINDOWS\system32\wuaueng.dll.mui

    2009-10-25 14:36:21 ----A---- F:\WINDOWS\system32\wuapi.dll.mui

    2009-10-25 14:36:04 ----D---- F:\WINDOWS\system32\LogFiles

    2009-10-25 14:36:03 ----N---- F:\WINDOWS\system32\spmsg.dll

    2009-10-25 14:36:02 ----HDC---- F:\WINDOWS\$NtUninstallWudf01000$

    2009-10-25 14:35:54 ----D---- F:\Program Files\Windows Media Connect 2

    2009-10-25 14:35:50 ----HDC---- F:\WINDOWS\$NtUninstallwmp11$

    2009-10-25 14:35:40 ----HDC---- F:\WINDOWS\$NtUninstallWMFDist11$

    2009-10-25 14:35:01 ----D---- F:\WINDOWS\WBEM

    2009-10-25 14:34:22 ----HDC---- F:\WINDOWS\ie7

    2009-10-25 14:34:16 ----HDC---- F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

    2009-10-25 14:34:09 ----A---- F:\WINDOWS\system32\spupdsvc.exe

    2009-10-25 14:34:08 ----HDC---- F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

    2009-10-25 14:34:03 ----HD---- F:\WINDOWS\$hf_mig$

    2009-10-25 14:33:45 ----A---- F:\WINDOWS\system32\prio.ini

    2009-10-25 14:33:45 ----A---- F:\WINDOWS\prio197uninstall.exe

    2009-10-25 14:33:23 ----D---- F:\Program Files\Opera

    2009-10-25 14:33:23 ----D---- F:\Program Files\Mozilla Firefox

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\sleep.exe

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\pskill.exe

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\MSSTDFMT.DLL

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\LAYOUT.DLL

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\lame_enc.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_36.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_35.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_34.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_33.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_32.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_31.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_30.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_29.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_28.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_27.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_26.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_25.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\d3dx9_24.dll

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\cmdow.exe

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\CHOICE.COM

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\CHNGTEXT.EXE

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\CDR.exe

    2009-10-25 14:33:23 ----A---- F:\WINDOWS\system32\cdimage.exe

    2009-10-25 14:33:03 ----D---- F:\Documents and Settings\Administrator\Application Data\Identities

    2009-10-25 14:33:02 ----HD---- F:\Program Files\Uninstall Information

    2009-10-25 14:32:53 ----ASH---- F:\Documents and Settings\Administrator\Application Data\desktop.ini

    2009-10-25 14:32:52 ----SD---- F:\Documents and Settings\Administrator\Application Data\Microsoft

    2009-10-25 14:32:50 ----D---- F:\WINDOWS\SoftwareDistribution

    2009-10-25 14:32:48 ----SD---- F:\WINDOWS\system32\Microsoft

    2009-10-25 14:32:48 ----D---- F:\WINDOWS\Prefetch

    2009-10-25 14:32:48 ----A---- F:\WINDOWS\SchedLgU.Txt

    2009-10-25 14:31:09 ----A---- F:\WINDOWS\control.ini

    2009-10-25 14:31:02 ----A---- F:\WINDOWS\OEWABLog.txt

    2009-10-25 14:30:59 ----D---- F:\WINDOWS\system32\dllcache

    2009-10-25 14:30:59 ----A---- F:\WINDOWS\system32\mapi32.dll

    2009-10-25 14:30:25 ----SD---- F:\WINDOWS\Downloaded Program Files

    2009-10-25 14:30:25 ----RD---- F:\WINDOWS\Offline Web Pages

    2009-10-25 14:30:25 ----RAH---- F:\WINDOWS\system32\logonui.exe.manifest

    2009-10-25 14:30:21 ----RAH---- F:\WINDOWS\system32\cdplayer.exe.manifest

    2009-10-25 14:30:19 ----AHD---- F:\Program Files\WindowsUpdate

    2009-10-25 14:29:59 ----D---- F:\WINDOWS\system32\DirectX

    2009-10-25 14:29:51 ----A---- F:\WINDOWS\system32\atrace.dll

    2009-10-25 14:29:47 ----A---- F:\WINDOWS\system32\desktop.ini

    2009-10-25 14:29:47 ----A---- F:\WINDOWS\desktop.ini

    2009-10-25 14:29:38 ----A---- F:\WINDOWS\system32\nmevtmsg.dll

    2009-10-25 14:29:37 ----A---- F:\WINDOWS\system32\acctres.dll

    2009-10-25 14:29:36 ----D---- F:\Program Files\Common Files\Services

    2009-10-25 14:29:32 ----SD---- F:\WINDOWS\Tasks

    2009-10-25 14:29:32 ----A---- F:\WINDOWS\system32\icfgnt5.dll

    2009-10-25 14:29:31 ----D---- F:\Program Files\Common Files\MSSoap

    2009-10-25 14:29:26 ----D---- F:\WINDOWS\srchasst

    2009-10-25 14:29:25 ----D---- F:\WINDOWS\system32\Macromed

    2009-10-25 14:29:21 ----A---- F:\WINDOWS\system32\wuweb.dll

    2009-10-25 14:29:21 ----A---- F:\WINDOWS\system32\wucltui.dll

    2009-10-25 14:29:21 ----A---- F:\WINDOWS\system32\wuauserv.dll

    2009-10-25 14:29:21 ----A---- F:\WINDOWS\system32\wuaueng1.dll

    2009-10-25 14:29:20 ----A---- F:\WINDOWS\system32\wups.dll

    2009-10-25 14:29:20 ----A---- F:\WINDOWS\system32\wuaueng.dll

    2009-10-25 14:29:20 ----A---- F:\WINDOWS\system32\wuauclt1.exe

    2009-10-25 14:29:20 ----A---- F:\WINDOWS\system32\wuauclt.exe

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\wuapi.dll

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\qmgrprxy.dll

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\qmgr.dll

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\bitsprx4.dll

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\bitsprx3.dll

    2009-10-25 14:29:19 ----A---- F:\WINDOWS\system32\bitsprx2.dll

    2009-10-25 14:29:14 ----D---- F:\Program Files\Movie Maker

    2009-10-25 14:28:49 ----A---- F:\WINDOWS\system32\safrslv.dll

    2009-10-25 14:28:49 ----A---- F:\WINDOWS\system32\safrdm.dll

    2009-10-25 14:28:49 ----A---- F:\WINDOWS\system32\safrcdlg.dll

    2009-10-25 14:28:49 ----A---- F:\WINDOWS\system32\racpldlg.dll

    2009-10-25 14:28:44 ----A---- F:\WINDOWS\system32\fltMc.exe

    2009-10-25 14:28:44 ----A---- F:\WINDOWS\system32\fltlib.dll

    2009-10-25 14:28:43 ----D---- F:\WINDOWS\system32\Restore

    2009-10-25 14:28:43 ----A---- F:\WINDOWS\system32\srsvc.dll

    2009-10-25 14:28:43 ----A---- F:\WINDOWS\system32\srrstr.dll

    2009-10-25 14:28:43 ----A---- F:\WINDOWS\system32\srclient.dll

    2009-10-25 14:28:42 ----A---- F:\WINDOWS\system32\nmmkcert.dll

    2009-10-25 14:28:42 ----A---- F:\WINDOWS\system32\mnmdd.dll

    2009-10-25 14:28:42 ----A---- F:\WINDOWS\system32\isrdbg32.dll

    2009-10-25 14:28:42 ----A---- F:\WINDOWS\system32\ils.dll

    2009-10-25 14:28:41 ----A---- F:\WINDOWS\system32\msconf.dll

    2009-10-25 14:28:41 ----A---- F:\WINDOWS\system32\mnmsrvc.exe

    2009-10-25 14:28:37 ----D---- F:\Program Files\NetMeeting

    2009-10-25 14:28:37 ----A---- F:\WINDOWS\system32\msoert2.dll

    2009-10-25 14:28:37 ----A---- F:\WINDOWS\system32\msoeacct.dll

    2009-10-25 14:28:36 ----A---- F:\WINDOWS\system32\inetres.dll

    2009-10-25 14:28:35 ----A---- F:\WINDOWS\system32\inetcomm.dll

    2009-10-25 14:28:32 ----D---- F:\Program Files\Outlook Express

    2009-10-25 14:28:32 ----A---- F:\WINDOWS\system32\schedsvc.dll

    2009-10-25 14:28:32 ----A---- F:\WINDOWS\system32\mstinit.exe

    2009-10-25 14:28:32 ----A---- F:\WINDOWS\system32\mstask.dll

    2009-10-25 14:28:31 ----A---- F:\WINDOWS\system32\isign32.dll

    2009-10-25 14:28:31 ----A---- F:\WINDOWS\system32\inetcfg.dll

    2009-10-25 14:28:31 ----A---- F:\WINDOWS\system32\icwphbk.dll

    2009-10-25 14:28:31 ----A---- F:\WINDOWS\system32\icwdial.dll

    2009-10-25 14:28:23 ----AD---- F:\Program Files\Common Files\System

    2009-10-25 14:28:22 ----D---- F:\Program Files\Internet Explorer

    2009-10-25 14:27:58 ----D---- F:\Program Files\ComPlus Applications

    2009-10-25 14:27:56 ----A---- F:\WINDOWS\vbaddin.ini

    2009-10-25 14:27:56 ----A---- F:\WINDOWS\vb.ini

    2009-10-25 14:27:53 ----D---- F:\WINDOWS\Registration

    2009-10-25 14:27:48 ----D---- F:\Program Files\Windows Media Player

    2009-10-25 14:27:48 ----D---- F:\Program Files\Online Services

    2009-10-25 14:27:42 ----D---- F:\Program Files\Messenger

    2009-10-25 14:27:38 ----D---- F:\Program Files\MSN Gaming Zone

    2009-10-25 14:27:38 ----A---- F:\WINDOWS\system32\write.exe

    2009-10-25 14:27:26 ----A---- F:\WINDOWS\system32\sndvol32.exe

    2009-10-25 14:27:26 ----A---- F:\WINDOWS\system32\hticons.dll

    2009-10-25 14:27:25 ----A---- F:\WINDOWS\system32\avwav.dll

    2009-10-25 14:27:25 ----A---- F:\WINDOWS\system32\avtapi.dll

    2009-10-25 14:27:25 ----A---- F:\WINDOWS\system32\avmeter.dll

    2009-10-25 14:27:24 ----A---- F:\WINDOWS\system32\winchat.exe

    2009-10-25 14:27:15 ----A---- F:\WINDOWS\system32\getuname.dll

    2009-10-25 14:27:14 ----A---- F:\WINDOWS\system32\sol.exe

    2009-10-25 14:27:14 ----A---- F:\WINDOWS\system32\charmap.exe

    2009-10-25 14:27:14 ----A---- F:\WINDOWS\system32\calc.exe

    2009-10-25 14:27:13 ----A---- F:\WINDOWS\system32\winmine.exe

    2009-10-25 14:27:13 ----A---- F:\WINDOWS\system32\mshearts.exe

    2009-10-25 14:27:13 ----A---- F:\WINDOWS\system32\freecell.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\usrlogon.cmd

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\tsshutdn.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\tslabels.ini

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\tskill.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\tsdiscon.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\tscon.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\shadow.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\rwinsta.exe

    2009-10-25 14:27:12 ----A---- F:\WINDOWS\system32\reset.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\regini.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\rdpcfgex.dll

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\qwinsta.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\qappsrv.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\msg.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\logoff.exe

    2009-10-25 14:27:11 ----A---- F:\WINDOWS\system32\cdmodem.dll

    2009-10-25 14:27:10 ----A---- F:\WINDOWS\system32\msdtcprf.ini

    2009-10-25 14:27:03 ----A---- F:\WINDOWS\system32\wmimgmt.msc

    2009-10-25 14:26:49 ----D---- F:\Program Files\MSN

    2009-10-25 14:26:48 ----A---- F:\WINDOWS\system32\sndrec32.exe

    2009-10-25 14:26:48 ----A---- F:\WINDOWS\system32\mplay32.exe

    2009-10-25 14:26:48 ----A---- F:\WINDOWS\system32\accwiz.exe

    2009-10-25 14:26:47 ----D---- F:\Program Files\Windows NT

    2009-10-25 14:26:47 ----A---- F:\WINDOWS\system32\hypertrm.dll

    2009-10-25 14:26:46 ----A---- F:\WINDOWS\system32\spider.exe

    2009-10-25 14:26:46 ----A---- F:\WINDOWS\system32\mspaint.exe

    2009-10-25 14:26:46 ----A---- F:\WINDOWS\system32\clipbrd.exe

    2009-10-25 14:26:45 ----D---- F:\WINDOWS\system32\en-US

    2009-10-25 14:26:44 ----A---- F:\WINDOWS\system32\tsgqec.dll

    2009-10-25 14:26:44 ----A---- F:\WINDOWS\system32\tscfgwmi.dll

    2009-10-25 14:26:44 ----A---- F:\WINDOWS\system32\rhttpaa.dll

    2009-10-25 14:26:43 ----A---- F:\WINDOWS\system32\aaclient.dll

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\sessmgr.exe

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\remotepg.dll

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\rdshost.exe

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\rdsaddin.exe

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\mstscax.dll

    2009-10-25 14:26:42 ----A---- F:\WINDOWS\system32\mstsc.exe

    2009-10-25 14:26:41 ----A---- F:\WINDOWS\system32\termsrv.dll

    2009-10-25 14:26:41 ----A---- F:\WINDOWS\system32\rdpwsx.dll

    2009-10-25 14:26:41 ----A---- F:\WINDOWS\system32\rdpsnd.dll

    2009-10-25 14:26:41 ----A---- F:\WINDOWS\system32\rdpclip.exe

    2009-10-25 14:26:41 ----A---- F:\WINDOWS\system32\rdchost.dll

    2009-10-25 14:26:40 ----D---- F:\WINDOWS\system32\MsDtc

    2009-10-25 14:26:40 ----A---- F:\WINDOWS\system32\qprocess.exe

    2009-10-25 14:26:40 ----A---- F:\WINDOWS\system32\mtxoci.dll

    2009-10-25 14:26:40 ----A---- F:\WINDOWS\system32\msdtcuiu.dll

    2009-10-25 14:26:40 ----A---- F:\WINDOWS\system32\icaapi.dll

    2009-10-25 14:26:40 ----A---- F:\WINDOWS\system32\cfgbkend.dll

    2009-10-25 14:26:39 ----A---- F:\WINDOWS\system32\msdtctm.dll

    2009-10-25 14:26:39 ----A---- F:\WINDOWS\system32\msdtcprx.dll

    2009-10-25 14:26:38 ----A---- F:\WINDOWS\system32\xolehlp.dll

    2009-10-25 14:26:38 ----A---- F:\WINDOWS\system32\msdtclog.dll

    2009-10-25 14:26:38 ----A---- F:\WINDOWS\system32\msdtc.exe

    2009-10-25 14:26:37 ----A---- F:\WINDOWS\system32\mtxlegih.dll

    2009-10-25 14:26:37 ----A---- F:\WINDOWS\system32\mtxex.dll

    2009-10-25 14:26:37 ----A---- F:\WINDOWS\system32\mtxdm.dll

    2009-10-25 14:26:37 ----A---- F:\WINDOWS\system32\dcomcnfg.exe

    2009-10-25 14:26:36 ----D---- F:\WINDOWS\system32\Com

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\stclient.dll

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\comrepl.dll

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\comaddin.dll

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\colbact.dll

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\clbcatex.dll

    2009-10-25 14:26:36 ----A---- F:\WINDOWS\system32\catsrvps.dll

    2009-10-25 14:26:35 ----A---- F:\WINDOWS\system32\catsrvut.dll

    2009-10-25 14:26:35 ----A---- F:\WINDOWS\system32\catsrv.dll

    2009-10-25 14:26:34 ----A---- F:\WINDOWS\system32\comuid.dll

    2009-10-25 14:26:34 ----A---- F:\WINDOWS\system32\comsvcs.dll

    2009-10-25 14:26:34 ----A---- F:\WINDOWS\system32\comsnap.dll

    2009-10-25 14:26:33 ----A---- F:\WINDOWS\system32\clbcatq.dll

    2009-10-25 14:26:22 ----A---- F:\WINDOWS\system32\servdeps.dll

    2009-10-25 14:26:22 ----A---- F:\WINDOWS\system32\mmfutil.dll

    2009-10-25 14:26:22 ----A---- F:\WINDOWS\system32\licwmi.dll

    2009-10-25 14:26:22 ----A---- F:\WINDOWS\system32\cmprops.dll

    2009-10-25 14:25:44 ----A---- F:\WINDOWS\system32\h323log.txt

    2009-10-25 14:24:27 ----A---- F:\WINDOWS\system32\usbui.dll

    2009-10-25 14:23:28 ----A---- F:\WINDOWS\imsins.BAK

    2009-10-25 14:23:26 ----SHD---- F:\WINDOWS\Installer

    2009-10-25 14:23:26 ----D---- F:\Program Files\Common Files\ODBC

    2009-10-25 14:23:26 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI

    2009-10-25 14:23:26 ----A---- F:\WINDOWS\ODBCINST.INI

    2009-10-25 14:23:23 ----D---- F:\Program Files\Common Files\SpeechEngines

    2009-10-25 14:23:22 ----RD---- F:\Program Files

    2009-10-25 14:23:22 ----D---- F:\Program Files\Common Files\Microsoft Shared

    2009-10-25 14:23:22 ----D---- F:\Program Files\Common Files

    2009-10-25 14:23:19 ----RA---- F:\WINDOWS\system32\kbdtuq.dll

    2009-10-25 14:23:19 ----RA---- F:\WINDOWS\system32\kbdtuf.dll

    2009-10-25 14:23:19 ----RA---- F:\WINDOWS\system32\kbdazel.dll

    2009-10-25 14:23:16 ----RA---- F:\WINDOWS\system32\kbdtat.dll

    2009-10-25 14:23:16 ----RA---- F:\WINDOWS\system32\kbdmon.dll

    2009-10-25 14:23:16 ----RA---- F:\WINDOWS\system32\kbdkyr.dll

    2009-10-25 14:23:15 ----RA---- F:\WINDOWS\system32\kbduzb.dll

    2009-10-25 14:23:15 ----RA---- F:\WINDOWS\system32\kbdaze.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdycc.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdur.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdru1.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdru.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdkaz.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdbu.dll

    2009-10-25 14:23:14 ----RA---- F:\WINDOWS\system32\kbdblr.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhept.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhela3.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhela2.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhe319.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhe220.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdhe.dll

    2009-10-25 14:23:12 ----RA---- F:\WINDOWS\system32\kbdgkl.dll

    2009-10-25 14:23:11 ----RA---- F:\WINDOWS\system32\kbdlv1.dll

    2009-10-25 14:23:11 ----RA---- F:\WINDOWS\system32\kbdlv.dll

    2009-10-25 14:23:11 ----RA---- F:\WINDOWS\system32\kbdlt1.dll

    2009-10-25 14:23:11 ----RA---- F:\WINDOWS\system32\kbdlt.dll

    2009-10-25 14:23:11 ----RA---- F:\WINDOWS\system32\kbdest.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdsl1.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdsl.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdro.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdpl1.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdpl.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdhu1.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdhu.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdcz2.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdcz1.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdcz.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\kbdcr.dll

    2009-10-25 14:23:08 ----RA---- F:\WINDOWS\system32\KBDAL.DLL

    2009-10-25 14:23:07 ----RA---- F:\WINDOWS\system32\kbdycl.dll

    2009-10-25 14:23:01 ----A---- F:\WINDOWS\system32\spxcoins.dll

    2009-10-25 14:23:01 ----A---- F:\WINDOWS\system32\irclass.dll

    2009-10-25 14:23:01 ----A---- F:\WINDOWS\system32\EqnClass.Dll

    2009-10-25 14:23:01 ----A---- F:\WINDOWS\system32\dgsetup.dll

    2009-10-25 14:23:01 ----A---- F:\WINDOWS\system32\dgrpsetu.dll

    2009-10-25 14:22:57 ----N---- F:\WINDOWS\system32\CONFIG.TMP

    2009-10-25 14:22:57 ----A---- F:\WINDOWS\TASKMAN.EXE

    2009-10-25 14:22:57 ----A---- F:\WINDOWS\system32\batt.dll

    2009-10-25 14:22:56 ----A---- F:\WINDOWS\system32\storprop.dll

    2009-10-25 14:22:56 ----A---- F:\WINDOWS\NOTEPAD.EXE

    2009-10-25 14:22:50 ----ASH---- F:\Documents and Settings\All Users\Application Data\desktop.ini

    2009-10-25 14:21:07 ----RA---- F:\WINDOWS\SET8.tmp

    2009-10-25 14:21:05 ----RA---- F:\WINDOWS\SET4.tmp

    2009-10-25 14:21:04 ----RA---- F:\WINDOWS\SET3.tmp

    2009-10-25 14:21:01 ----D---- F:\WINDOWS\system32\CatRoot2

    2009-10-25 14:21:01 ----D---- F:\WINDOWS\system32\CatRoot

    2009-10-25 14:20:55 ----ASD---- F:\Documents and Settings\All Users\Application Data\Microsoft

    2009-10-25 14:20:37 ----A---- F:\WINDOWS\setuplog.txt

    2009-10-25 14:19:59 ----SHD---- F:\System Volume Information

    2009-10-25 14:19:59 ----D---- F:\Documents and Settings

    2009-10-25 14:16:40 ----RSD---- F:\WINDOWS\Fonts

    2009-10-25 14:16:40 ----RD---- F:\WINDOWS\Web

    2009-10-25 14:16:40 ----HD---- F:\WINDOWS\inf

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\WinSxS

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\twain_32

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Temp

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\wins

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\wbem

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\usmt

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\spool

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\ShellExt

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\Setup

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\scripting

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\ras

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\oobe

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\npp

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\mui

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\inetsrv

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\IME

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\icsxml

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\ias

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\export

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\en

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\drivers

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\dhcp

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\config

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\3com_dmi

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\3076

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\2052

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1054

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1042

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1041

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1037

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1033

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1031

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1028

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32\1025

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system32

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\system

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\security

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Resources

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\repair

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Provisioning

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\PeerNet

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\pchealth

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Network Diagnostic

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\mui

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\msapps

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\msagent

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Media

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\L2Schemas

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\java

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\ime

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Help

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\ehome

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Driver Cache

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Debug

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Cursors

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Connection Wizard

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\Config

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\AppPatch

    2009-10-25 14:16:40 ----D---- F:\WINDOWS\addins

    2009-10-25 14:16:40 ----D---- F:\WINDOWS

    ======List of files/folders modified in the last 1 months======

    2009-10-25 14:35:57 ----A---- F:\WINDOWS\win.ini

    2009-10-25 14:23:22 ----A---- F:\WINDOWS\system.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; F:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]

    R1 AmdK8;AMD Processor Driver; F:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]

    R1 aswSP;avast! Self Protection; F:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]

    R1 aswTdi;avast! Network Shield Support; F:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]

    R1 ElbyCDIO;ElbyCDIO Driver; F:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]

    R2 aswFsBlk;aswFsBlk; F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

    R2 aswMon2;avast! Standard Shield Support; F:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]

    R3 aswRdr;aswRdr; F:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]

    R3 ati2mtag;ati2mtag; F:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]

    R3 DELTA;Service for Delta Driver (WDM); F:\WINDOWS\system32\DRIVERS\delta.sys [2007-01-25 302336]

    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-03 144384]

    R3 RegGuard;RegGuard; \??\F:\WINDOWS\system32\Drivers\regguard.sys []

    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-05-03 30208]

    R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-05-03 59520]

    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-05-03 17152]

    R3 VClone;VClone; F:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]

    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; F:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]

    S3 HPZid412;IEEE-1284.4 Driver HPZid412; F:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-24 49920]

    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; F:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-24 16496]

    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; F:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-24 21568]

    S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032]

    S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]

    S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]

    S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-20 15104]

    S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]

    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

    S4 sr;System Restore Filter Driver; F:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-03 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe [2009-09-15 18752]

    R2 Ati HotKey Poller;Ati HotKey Poller; F:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]

    R2 avast! Antivirus;avast! Antivirus; F:\Program Files\Alwil Software-Avast4\ashServ.exe [2009-09-15 138680]

    R2 DigiRefresh;Digidesign MME Refresh Service; F:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-31 77824]

    R2 HPSLPSVC;HP Network Devices Support; F:\WINDOWS\system32\svchost.exe [2008-05-03 14336]

    R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-10-26 153376]

    R2 Net Driver HPZ12;Net Driver HPZ12; F:\WINDOWS\System32\svchost.exe [2008-05-03 14336]

    R2 Pml Driver HPZ12;Pml Driver HPZ12; F:\WINDOWS\System32\svchost.exe [2008-05-03 14336]

    R3 avast! Mail Scanner;avast! Mail Scanner; F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe [2009-09-15 254040]

    R3 avast! Web Scanner;avast! Web Scanner; F:\Program Files\Alwil Software-Avast4\ashWebSv.exe [2009-09-15 352920]

    S2 ATI Smart;ATI Smart; F:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]

    S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

    S3 digiSPTIService;digiSPTIService; F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-31 159744]

    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-05-03 14336]

    -----------------EOF-----------------

    cristofxx
     Posté le 29/10/2009 à 12:12 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    info.txt logfile of random's system information tool 1.06 2009-10-28 13:12:02

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf

    µTorrent-->"F:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

    32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}

    Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

    Adobe Flash Player ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}

    AMD Processor Driver-->F:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly

    AmpliTube Jimi Hendrix-->F:\Program Files\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

    AmpliTube2-->F:\Program Files\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

    Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

    Arturia Arp2600 V VSTi RTAS v1.6-->"F:\Program Files\Arturia\Arp2600 V\Uninstall\unins000.exe"

    Arturia Minimoog V v1.0-->F:\PROGRA~1\arturia\MINIMO~1\UNWISE.EXE F:\PROGRA~1\arturia\MINIMO~1\INSTALL.LOG

    ATI Display Driver-->rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

    AudioEase Altiverb VST RTAS v6.12-->"F:\Program Files\Audio Ease\Altiverb 6\Uninstall\unins000.exe"

    avast! Antivirus-->F:\Program Files\Alwil Software-Avast4\aswRunDll.exe "F:\Program Files\Alwil Software-Avast4\Setup\setiface.dll",RunSetup

    AVS DVD Player version 2.4-->"F:\Program Files\AVSMedia-DVDPlayer\unins000.exe"

    BBE Sonic Maximizer Plugin v2.0-->F:\PROGRA~1\BBESON~1\BBESON~1\UNWISE.EXE F:\PROGRA~1\BBESON~1\BBESON~1\INSTALL.LOG

    BBE Sonic Maximizer Plugin-->"E:\UninstallerData\Uninstall BBE Sonic Maximizer Plugin.exe"

    Comic Reader-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{22D73BE1-54C5-48BC-B4D8-712963229350}\Setup.exe"

    cs80v beta1-->F:\WINDOWS\unvise32.exe f:\program files\uninstal.log

    Delta-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 -removeonly

    Digidesign Free Bomb Factory Plug-Ins 7.4-->F:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

    Digidesign Music Production Toolkit 7.4-->F:\Program Files\InstallShield Installation Information\{487807C8-1FE9-45D5-A1F2-593C78D2DFDD}\setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

    Digidesign Pro Tools M-Powered 7.4cs2-->F:\Program Files\InstallShield Installation Information\{14AA664E-9BFA-44C4-A083-83A2998679BA}\setup.exe -runfromtemp -l0x0009 -removeonly

    Digidesign Shared Plug-Ins 7.4-->F:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

    Fairchild Bundle-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7559BF48-E15E-4FEA-9E44-3B3580CA1851}\Setup.exe" -l0x9 FromUninstall

    FLAC 1.2.1b (remove only)-->F:\Program Files\FLAC\uninstall.exe

    foobar2000 v0.9.6.9-->"F:\Program Files\foobar2000\uninstall.exe" _?=F:\Program Files\foobar2000

    HijackThis 2.0.2-->"F:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall

    HP Photosmart C4500 All-In-One Driver 12.0 Rel .4-->F:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpzscr01.exe -datfile hposcr30.dat -onestop -forcereboot

    Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}

    iZotope Ozone 4-->"F:\Program Files\iZotope\Ozone 4\unins000.exe"

    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}

    Live 8.0.5-->F:\PROGRA~1\Ableton\LIVE80~1.5\Install\UNWISE.EXE F:\PROGRA~1\Ableton\LIVE80~1.5\Install\INSTALL.LOG

    Logiciel d'archivage WinRAR-->F:\Program Files\WinRAR\uninstall.exe

    Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}

    Microsoft .NET Framework 2.0-->F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

    Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

    Moog Modular V-->F:\WINDOWS\unvise32.exe f:\program files\arturia\uninstal.log

    Mozilla Firefox (3.5.3)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe

    Native Instruments FM8-->F:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE F:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG

    Native Instruments Guitar Rig v1.1.1-->F:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE F:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG

    NFO viewer v 2.1-->"F:\Program Files\NFO viewer\unins000.exe"

    OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}

    Pando-->F:\Program Files\Pando Networks\Pando\PandoUninst.exe

    Prio v1.9.7-->F:\WINDOWS\prio197uninstall.exe

    QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

    Reason 4.0-->"F:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"

    ReCycle v2.1-->F:\PROGRA~1\PROPEL~1\Recycle\UNWISE.EXE F:\PROGRA~1\PROPEL~1\Recycle\INSTALL.LOG

    Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Sonalksis FreeG Plug-Ins for Windows 1.08-->"F:\WINDOWS\unins000.exe"

    SoulSeek 157 NS 13e-->"F:\Program Files\SoulseekNS\uninstall.exe"

    Sound Forge Pro 10.0-->MsiExec.exe /X{3F9170C9-A7C2-408F-A4D8-EC77250040BF}

    SuperCopier2-->"F:\Program Files\SuperCopier2\SC2Uninst.exe"

    Tag&Rename 3.4-->"F:\Program Files\TagRename\unins000.exe"

    TL Space Native 7.4-->F:\Program Files\InstallShield Installation Information\{A09ABB28-33D6-4662-8282-C46D480BE863}\setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

    Unlocker 1.8.8-->F:\Program Files\Unlocker\uninst.exe

    VirtualCloneDrive-->"F:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="F:\Program Files\Elaborate Bytes\VirtualCloneDrive"

    VLC media player 1.0.2-->F:\Program Files\VideoLAN\VLC\uninstall.exe

    Voxengo Warmifier VST 1.5.1-->"Y:\_Plug audio\Effets\Voxengo Warmifier VST\uninstall.exe"

    Waves Mercury Bundle-->F:\PROGRA~1\Waves\Logs\WAVESM~1\UNWISE.EXE F:\PROGRA~1\Waves\Logs\WAVESM~1\INSTALL.LOG

    Waves SSL 4000 Collection 1.1-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6D9FC789-D02E-488C-B233-124AA80930A5}\Setup.exe" -l0x9

    Windows Internet Explorer 7-->"F:\WINDOWS\ie7\spuninst\spuninst.exe"

    Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

    Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

    ======Security center information======

    AV: avast! antivirus 4.8.1356 [VPS 091027-0]

    ======System event log======

    Computer Name: EXPERIEN-864B86

    Event Code: 11

    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 165

    Source Name: Disk

    Time Written: 20091025160415.000000+000

    Event Type: error

    User:

    Computer Name: EXPERIEN-864B86

    Event Code: 11

    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 164

    Source Name: Disk

    Time Written: 20091025160415.000000+000

    Event Type: error

    User:

    Computer Name: EXPERIEN-864B86

    Event Code: 11

    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 163

    Source Name: Disk

    Time Written: 20091025160414.000000+000

    Event Type: error

    User:

    Computer Name: EXPERIEN-864B86

    Event Code: 11

    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 162

    Source Name: Disk

    Time Written: 20091025160414.000000+000

    Event Type: error

    User:

    Computer Name: EXPERIEN-864B86

    Event Code: 11

    Message: The driver detected a controller error on \Device\Harddisk1\D.

    Record Number: 161

    Source Name: Disk

    Time Written: 20091025160413.000000+000

    Event Type: error

    User:

    =====Application event log=====

    Computer Name: EXPERIEN-864B86

    Event Code: 5603

    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 15

    Source Name: WinMgmt

    Time Written: 20091025142817.000000+000

    Event Type: warning

    User: NT AUTHORITY\SYSTEM

    Computer Name: EXPERIEN-864B86

    Event Code: 5603

    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 14

    Source Name: WinMgmt

    Time Written: 20091025142817.000000+000

    Event Type: warning

    User: NT AUTHORITY\SYSTEM

    Computer Name: EXPERIEN-864B86

    Event Code: 63

    Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 13

    Source Name: WinMgmt

    Time Written: 20091025142816.000000+000

    Event Type: warning

    User: NT AUTHORITY\SYSTEM

    Computer Name: EXPERIEN-864B86

    Event Code: 63

    Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 12

    Source Name: WinMgmt

    Time Written: 20091025142816.000000+000

    Event Type: warning

    User: NT AUTHORITY\SYSTEM

    Computer Name: EXPERIEN-864B86

    Event Code: 63

    Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 11

    Source Name: WinMgmt

    Time Written: 20091025142815.000000+000

    Event Type: warning

    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\QuickTime\QTSystem\;F:\Program Files\Common Files\iZotope\Runtimes

    "windir"=%SystemRoot%

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=15

    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD

    "PROCESSOR_REVISION"=4b02

    "NUMBER_OF_PROCESSORS"=2

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "DEVMGR_SHOW_DETAILS"=1

    "DEVMGR_SHOW_NONPRESENT_DEVICES"=1

    "CLASSPATH"=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip

    "QTJAVA"=F:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------

    cristofxx
     Posté le 29/10/2009 à 12:13 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Bon, j'ai finalement réussi à poster ce message! Je l'ai fait en plusieurs morceaux désolé!

    Ok pour les outils. J'ai désinstallé RegRun pour éviter qu'il se lance et fasse quoi que se soit. Pour Win7 j'ai essayé plusieures trucs qui m'amenait à plus rien pouvoir booter, donc j'ai abandonné pour l'instant

    Vrni
     Posté le 29/10/2009 à 17:15 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    Re,

    Une question : ta version de Xp : légitime ou pas ?

    1/ Analyse le fichier suivant sur VirusTotal :

    Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier
    http://www.virustotal.com/fr/

    • Copier le chemin indiqué ci-dessous et le coller dans la zone à analyser

    Chemin : F:\WINDOWS\winstart.bat

    • Tu cliques ensuite sur envoyer le fichier.
    • Après analyse, clique sur .
    • dans la fenêtre ouverte, sélectionne tout le texte ( CTRL+A ) puis copie-lr ( CTRL+C )

    Tu postes ensuite le rapport de l'analyse dans ton prochain message.

    Tuto : https://forum.pcastuces.com/scan_chez_virus_total-f31s15.htm

    2/ Fais un scan en ligne sur le site d'ESET :
    Suis le tuto suivant : https://forum.pcastuces.com/eset_online_scanner___tutoriel-f31s9.htm

    cristofxx
     Posté le 30/10/2009 à 16:03 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    euhh, j'ai quoi comme joker ?

    Si tu veux encore m'aider je te met les deux rapports, en te remerciant encore (j'ai l'impression que c'est pas mal):

    VIRUSTOTAL

    Fichier winstart.bat reçu le 2009.10.30 13:27:41 (UTC)
    Situation actuelle: terminé
    Résultat: 0/40 (0%)
    Formaté
    Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.41 2009.10.30 -
    AhnLab-V3 5.0.0.2 2009.10.30 -
    AntiVir 7.9.1.50 2009.10.30 -
    Antiy-AVL 2.0.3.7 2009.10.30 -
    Authentium 5.1.2.4 2009.10.30 -
    Avast 4.8.1351.0 2009.10.29 -
    AVG 8.5.0.423 2009.10.30 -
    BitDefender 7.2 2009.10.30 -
    CAT-QuickHeal 10.00 2009.10.30 -
    ClamAV 0.94.1 2009.10.30 -
    Comodo 2779 2009.10.30 -
    DrWeb 5.0.0.12182 2009.10.29 -
    eSafe 7.0.17.0 2009.10.29 -
    eTrust-Vet 35.1.7093 2009.10.30 -
    F-Prot 4.5.1.85 2009.10.30 -
    F-Secure 9.0.15370.0 2009.10.27 -
    Fortinet 3.120.0.0 2009.10.30 -
    GData 19 2009.10.30 -
    Ikarus T3.1.1.72.0 2009.10.30 -
    Jiangmin 11.0.800 2009.10.30 -
    K7AntiVirus 7.10.884 2009.10.30 -
    Kaspersky 7.0.0.125 2009.10.30 -
    McAfee 5786 2009.10.29 -
    McAfee+Artemis 5786 2009.10.29 -
    McAfee-GW-Edition 6.8.5 2009.10.30 -
    Microsoft 1.5202 2009.10.30 -
    NOD32 4558 2009.10.30 -
    Norman 6.03.02 2009.10.30 -
    nProtect 2009.1.8.0 2009.10.30 -
    Panda 10.0.2.2 2009.10.30 -
    Prevx 3.0 2009.10.30 -
    Rising 21.53.43.00 2009.10.30 -
    Sophos 4.47.0 2009.10.30 -
    Sunbelt 3.2.1858.2 2009.10.30 -
    Symantec 1.4.4.12 2009.10.30 -
    TheHacker 6.5.0.2.056 2009.10.28 -
    TrendMicro 8.950.0.1094 2009.10.30 -
    VBA32 3.12.10.11 2009.10.29 -
    ViRobot 2009.10.30.2013 2009.10.30 -
    VirusBuster 4.6.5.0 2009.10.29 -
    Information additionnelle
    File size: 2 bytes
    MD5...: 81051bcc2cf1bedf378224b0a93e2877
    SHA1..: ba8ab5a0280b953aa97435ff8946cbcbb2755a27
    SHA256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
    ssdeep: 3:y:y
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: file seems to be plain text/ASCII (0.0%)
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
    VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

    Fichier winstart.bat reçu le 2009.10.30 13:27:41 (UTC)

    Situation actuelle: terminé

    Résultat: 0/40 (0%)

    Formaté

    Impression des résultats

    Antivirus Version Dernière mise à jour Résultat

    a-squared 4.5.0.41 2009.10.30 -

    AhnLab-V3 5.0.0.2 2009.10.30 -

    AntiVir 7.9.1.50 2009.10.30 -

    Antiy-AVL 2.0.3.7 2009.10.30 -

    Authentium 5.1.2.4 2009.10.30 -

    Avast 4.8.1351.0 2009.10.29 -

    AVG 8.5.0.423 2009.10.30 -

    BitDefender 7.2 2009.10.30 -

    CAT-QuickHeal 10.00 2009.10.30 -

    ClamAV 0.94.1 2009.10.30 -

    Comodo 2779 2009.10.30 -

    DrWeb 5.0.0.12182 2009.10.29 -

    eSafe 7.0.17.0 2009.10.29 -

    eTrust-Vet 35.1.7093 2009.10.30 -

    F-Prot 4.5.1.85 2009.10.30 -

    F-Secure 9.0.15370.0 2009.10.27 -

    Fortinet 3.120.0.0 2009.10.30 -

    GData 19 2009.10.30 -

    Ikarus T3.1.1.72.0 2009.10.30 -

    Jiangmin 11.0.800 2009.10.30 -

    K7AntiVirus 7.10.884 2009.10.30 -

    Kaspersky 7.0.0.125 2009.10.30 -

    McAfee 5786 2009.10.29 -

    McAfee+Artemis 5786 2009.10.29 -

    McAfee-GW-Edition 6.8.5 2009.10.30 -

    Microsoft 1.5202 2009.10.30 -

    NOD32 4558 2009.10.30 -

    Norman 6.03.02 2009.10.30 -

    nProtect 2009.1.8.0 2009.10.30 -

    Panda 10.0.2.2 2009.10.30 -

    Prevx 3.0 2009.10.30 -

    Rising 21.53.43.00 2009.10.30 -

    Sophos 4.47.0 2009.10.30 -

    Sunbelt 3.2.1858.2 2009.10.30 -

    Symantec 1.4.4.12 2009.10.30 -

    TheHacker 6.5.0.2.056 2009.10.28 -

    TrendMicro 8.950.0.1094 2009.10.30 -

    VBA32 3.12.10.11 2009.10.29 -

    ViRobot 2009.10.30.2013 2009.10.30 -

    VirusBuster 4.6.5.0 2009.10.29 -

    Information additionnelle

    File size: 2 bytes

    MD5...: 81051bcc2cf1bedf378224b0a93e2877

    SHA1..: ba8ab5a0280b953aa97435ff8946cbcbb2755a27

    SHA256: 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

    ssdeep: 3:y:y

    PEiD..: -

    PEInfo: -

    RDS...: NSRL Reference Data Set

    -

    pdfid.: -

    trid..: file seems to be plain text/ASCII (0.0%)

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

    ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

    VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

    ESET ONLINE SCAN

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner.ocx - registred OK

    # version=7

    # iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)

    # OnlineScanner.ocx=1.0.0.6211

    # api_version=3.0.2

    # EOSSerial=de5cea650107194a8b4ac95faf0b98bb

    # end=finished

    # remove_checked=false

    # archives_checked=false

    # unwanted_checked=true

    # unsafe_checked=false

    # antistealth_checked=true

    # utc_time=2009-10-30 03:23:51

    # local_time=2009-10-30 03:23:51 (+0000, GMT Standard Time)

    # country="France"

    # lang=1033

    # osver=5.1.2600 NT Service Pack 3

    # compatibility_mode=512 16777215 100 0 0 0 0 0

    # compatibility_mode=769 16775125 100 98 14776 193191382 63570 0

    # compatibility_mode=8192 67108863 100 0 3781 3781 0 0

    # scanned=231969

    # found=8

    # cleaned=0

    # scan_time=2405

    F:\Documents and Settings\Administrator\Application Data\install.config.exe a variant of Win32/Kryptik.AXS trojan 00000000000000000000000000000000 I

    F:\WINDOWS\MSA.del a variant of Win32/Kryptik.AXS trojan 00000000000000000000000000000000 I

    Y:\install - uninstall\unlocker1.8.8.exe Win32/Adware.ADON application 00000000000000000000000000000000 I

    Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe Win32/TrojanDownloader.VB.ODV trojan 00000000000000000000000000000000 I

    Y:\install - uninstall\°°°°°Plug in\Bomb Factory Fairchild Bundle TDM RTAS AS v4.2\##PlugFixer\PlugFixer.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

    Y:\Mes docs Y\Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I

    Y:\xp instal\unlocker1.8.7.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I

    Z:\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

    Vrni
     Posté le 30/10/2009 à 18:14 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    Christofxx,

    euhh, j'ai quoi comme joker ?

    Tu viens de l'utiliser à mon avis.

    Pas sur qu'une prochaine fois tu ais plus de chance si tu ne changes pas de pratique de surf.
    En continuant à télécharger des cracks, tu risques tout bonnement d'endommager gravement ton PC.
    http://www.futura-sciences.com/fr/news/t/informatique/d/virutscribble-le-retour-dune-infection-redoutable_18310/

    - Tu dis que tu es sur des logiciels que tu utilises . ???
    - Et seven, c'est la même chose que XP ?

    1/ Télécharge OTMoveIT (de Old_Timer).
    http://oldtimer.geekstogo.com/OTM.exe
    Enregistre-le sur ton Bureau.

    • Double-clique sur OTM pour le lancer.
      note : Si tu es sous Vista, click droit sur l'icone d'OTMoveIt3 --> exécuter en tant qu'administrateur pour le lancer
    • Vérifie que l'option Unregister Dll's and Ocx's est cochée.
    • Copie la liste qui se trouve dans la zone code ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste instructions for Items to be Moved.

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=-

    :files
    F:\Documents and Settings\Administrator\Application Data\install.config.exe
    F:\WINDOWS\MSA.del
    Y:\install - uninstall\unlocker1.8.8.exe
    Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe
    Y:\install - uninstall\°°°°°Plug in\Bomb Factory Fairchild Bundle TDM RTAS AS v4.2\##PlugFixer\PlugFixer.exe
    Y:\Mes docs Y\Downloads\unlocker1.8.7.exe
    Y:\xp instal\unlocker1.8.7.exe
    Z:\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe

    :Commands
    [emptytemp]
    [Reboot]

    • Clique sur MoveIt! pour lancer la suppression. Le résultat apparaitra dans le cadre "Results".
    • Le PC va redémarrer pour supprimer les fichiers.
    • après le redémarrage, un rapport va s'ouvrir.
    • Copie/Colle le contenu du rapport dans ton prochain message.
    Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.


    2/ Télécharge UsbFix (de Chiquitine29 et C_XX ) sur ton Bureau :
    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
    • Double-clique sur UsbFix.exe sur ton Bureau.
    • Choisis l'option 1.
    Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

    A+

    cristofxx
     Posté le 01/11/2009 à 21:47 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Ok, désolé pour le delai je n'étais pas sur mon poste.

    Merci de continuer à m'aider malgré, c'est vrai, un ordi pas très sain. Je vais faire l'effort d'acheter windows, mais c'est vrai que j'utilise des logiciels pro alors que je ne suis qu'étudiant, mais il est plus ou mons indispensable de connaître ces outils pour justement apprendre le metier. Je veux pas lancer de débat ou quoi que ce soit, j'ai lu l'article et effectivement c'est pas très rassurant.

    Oui Win7 c'est la même chose, et je disais être sur des logiciels parce que je les avais installés avant de perdre une partition et que windows fonctionnait plutôt normalement. Peut être qu'il aurait pu mieux fonctionner.

    J'ai été surpris de voir unlocker parmi les fichier incriminés dans les précedents log. C'est un freeware assez connu je crois.

    Voici les rapports:

    OTMOVEIT

    Pendant le process, avast m'a signalé qu'il avait trouvé quelque chose: win32:malob-v, dans doc&setting/application data/install.config.exe. Je lui est demandé d'effacer le fichier.

    All processes killed
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F552DDE6-2090-4bf4-B924-6141E87789A5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F552DDE6-2090-4bf4-B924-6141E87789A5}\ not found.
    ========== FILES ==========
    F:\Documents and Settings\Administrator\Application Data\install.config.exe moved successfully.
    F:\WINDOWS\MSA.del moved successfully.
    Y:\install - uninstall\unlocker1.8.8.exe moved successfully.
    Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe moved successfully.
    Y:\install - uninstall\°°°°°Plug in\Bomb Factory Fairchild Bundle TDM RTAS AS v4.2\##PlugFixer\PlugFixer.exe moved successfully.
    Y:\Mes docs Y\Downloads\unlocker1.8.7.exe moved successfully.
    Y:\xp instal\unlocker1.8.7.exe moved successfully.
    Z:\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe moved successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 4395044 bytes
    ->Temporary Internet Files folder emptied: 12638118 bytes
    ->Java cache emptied: 25513601 bytes
    ->FireFox cache emptied: 90884975 bytes
    ->Google Chrome cache emptied: 347144699 bytes
    User: All Users
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    User: LocalService
    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 66016 bytes
    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2401591 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    File delete failed. F:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. F:\WINDOWS\temp\Perflib_Perfdata_600.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 27936 bytes
    RecycleBin emptied: 203747 bytes
    Total Files Cleaned = 460,99 mb
    OTM by OldTimer - Version 3.0.0.6 log created on 11012009_202744
    Files moved on Reboot...
    File F:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    File F:\WINDOWS\temp\Perflib_Perfdata_600.dat not found!
    Registry entries deleted on Reboot...

    All processes killed

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F552DDE6-2090-4bf4-B924-6141E87789A5} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F552DDE6-2090-4bf4-B924-6141E87789A5}\ not found.

    ========== FILES ==========

    F:\Documents and Settings\Administrator\Application Data\install.config.exe moved successfully.

    F:\WINDOWS\MSA.del moved successfully.

    Y:\install - uninstall\unlocker1.8.8.exe moved successfully.

    Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe moved successfully.

    Y:\install - uninstall\°°°°°Plug in\Bomb Factory Fairchild Bundle TDM RTAS AS v4.2\##PlugFixer\PlugFixer.exe moved successfully.

    Y:\Mes docs Y\Downloads\unlocker1.8.7.exe moved successfully.

    Y:\xp instal\unlocker1.8.7.exe moved successfully.

    Z:\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe moved successfully.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    ->Temp folder emptied: 4395044 bytes

    ->Temporary Internet Files folder emptied: 12638118 bytes

    ->Java cache emptied: 25513601 bytes

    ->FireFox cache emptied: 90884975 bytes

    ->Google Chrome cache emptied: 347144699 bytes

    User: All Users

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService

    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.

    ->Temp folder emptied: 66016 bytes

    File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    File delete failed. F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 2401591 bytes

    %systemroot%\System32 .tmp files removed: 2577 bytes

    File delete failed. F:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

    File delete failed. F:\WINDOWS\temp\Perflib_Perfdata_600.dat scheduled to be deleted on reboot.

    Windows Temp folder emptied: 27936 bytes

    RecycleBin emptied: 203747 bytes

    Total Files Cleaned = 460,99 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 11012009_202744

    Files moved on Reboot...

    File F:\WINDOWS\temp\_avast4_\Webshlock.txt not found!

    File F:\WINDOWS\temp\Perflib_Perfdata_600.dat not found!

    Registry entries deleted on Reboot...

    Et USBfixer:
    ############################## | UsbFix V6.046 |
    User : Administrator (Administrators) # EXPERIEN-864B86
    Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 8:32:31 PM | 11/1/2009
    Contact : FindyKill.Contact@gmail.com
    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1356 [VPS 091031-0] 4.8.1356 [ Enabled | Updated ]
    A:\ -> 3 1/2 Inch Floppy Drive
    C:\ -> Local Fixed Disk # 48.83 Go (27.39 Go free) [seven] # NTFS
    D:\ -> Local Fixed Disk # 113.6 Go (17.66 Go free) [Musique...] # NTFS
    E:\ -> CD-ROM Disc
    F:\ -> Local Fixed Disk # 48.82 Go (37.75 Go free) # NTFS
    G:\ -> Removable Disk
    H:\ -> CD-ROM Disc # 0 Mo (0 Mo free) [Audio CD] # CDFS
    I:\ -> Removable Disk # 3.76 Go (3.05 Go free) [POUET-POUET] # FAT32
    Y:\ -> Local Fixed Disk # 177.3 Go (34.14 Go free) [i] # NTFS
    Z:\ -> Local Fixed Disk # 195.31 Go (96.11 Go free) [ii] # NTFS
    ############################## | Processus actifs |
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\Program Files\Alwil Software-Avast4\ashServ.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\notepad.exe
    F:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    F:\Program Files\Java\jre6\bin\jusched.exe
    F:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    F:\Program Files\Unlocker\UnlockerAssistant.exe
    F:\PROGRA~1\ALWILS~1\ashDisp.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\uTorrent\uTorrent.exe
    F:\Program Files\SuperCopier2\SuperCopier2.exe
    F:\Program Files\OpenOffice.org 3\program\soffice.exe
    F:\Program Files\OpenOffice.org 3\program\soffice.bin
    F:\Program Files\Digidesign\Drivers\MMERefresh.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Java\jre6\bin\jqs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software-Avast4\ashWebSv.exe
    F:\WINDOWS\System32\alg.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\WINDOWS\system32\wbem\wmiprvse.exe
    F:\Program Files\Alwil Software-Avast4\setup\avast.setup
    ################## | Fichiers # Dossiers infectieux |
    ################## | Registre # Clés Run infectieuses |
    ################## | Registre # Mountpoints2 |
    HKCU\..\..\Explorer\MountPoints2\H
    Shell\AutoRun\command =H:\Autorun.exe root.ini
    ################## | Suspect | http://www.virustotal.com |
    ################## | Cracks / Keygens / Serials |
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\Setup.exe"
    11/08/2000 02:22 |Size 54272 |Crc32 15a22d1a |Md5 d765793f5d803673d1b4b5586e8fd66c
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\CHKDSK.EXE"
    30/03/2001 12:38 |Size 59471 |Crc32 4cabf4c7 |Md5 53545bed66d627e5403c6a34c090c6ed
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\EMM386.EXE"
    30/03/2001 12:38 |Size 179583 |Crc32 19be7158 |Md5 da5fd1ab76171ca857d76df1ccf748db
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\FLOPPY.EXE"
    30/03/2001 12:38 |Size 32768 |Crc32 796d1df6 |Md5 d4a997aca446bd7e58827002888587a5
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\FLOPPY9x.EXE"
    30/03/2001 12:38 |Size 57344 |Crc32 1e7d5e09 |Md5 09edb7b5c7961da474555e763d80529f
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\FLOPPYME.EXE"
    30/03/2001 12:38 |Size 57856 |Crc32 2eb70a00 |Md5 341b379b0508949603af82ea59bd821d
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\NWCDEX.EXE"
    30/03/2001 12:38 |Size 21756 |Crc32 1a99ba16 |Md5 c9c13316344a1c0645f21de0184ec1c7
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\PQBOOT.EXE"
    15/09/2002 23:18 |Size 90418 |Crc32 5ef45c93 |Md5 341398aebec50aa92061e975bb3c5e85
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\PTEDIT32.EXE"
    20/07/2001 13:27 |Size 501760 |Crc32 ccd983ed |Md5 27c4a902e350258d381ca6748a106862
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\restrmbr.exe"
    30/03/2001 12:39 |Size 41038 |Crc32 c1c40b4c |Md5 6e712a1b4ddb46918d9461a209e46db3
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Rescueme\DOSYSTEM\WRPROG.EXE"
    15/09/2002 23:19 |Size 66544 |Crc32 a39bc5e6 |Md5 45cef90de0316e86e757f795053dac0d
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Setup\instmsia.exe"
    11/03/2002 07:45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Setup\instmsiw.exe"
    11/03/2002 08:06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\BTMagic\Setup\setup.exe"
    16/09/2002 01:28 |Size 217088 |Crc32 0dbf293d |Md5 ff6e6e5ff0ba6c8f6444217e33d46538
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\DKeeper\instmsia.exe"
    11/03/2002 07:45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\DKeeper\instmsiw.exe"
    11/03/2002 08:06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\DKeeper\setup.exe"
    15/09/2002 21:01 |Size 217088 |Crc32 175c1856 |Md5 4bcbd459621a41ffbcdaa89a6fe881f5
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\Setup.exe"
    11/08/2000 02:22 |Size 54272 |Crc32 15a22d1a |Md5 d765793f5d803673d1b4b5586e8fd66c
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\CHKDSK.EXE"
    30/03/2001 12:38 |Size 59471 |Crc32 4cabf4c7 |Md5 53545bed66d627e5403c6a34c090c6ed
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\EMM386.EXE"
    30/03/2001 12:38 |Size 179583 |Crc32 19be7158 |Md5 da5fd1ab76171ca857d76df1ccf748db
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\FLOPPY.EXE"
    30/03/2001 12:38 |Size 32768 |Crc32 796d1df6 |Md5 d4a997aca446bd7e58827002888587a5
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\FLOPPY9x.EXE"
    30/03/2001 12:38 |Size 57344 |Crc32 1e7d5e09 |Md5 09edb7b5c7961da474555e763d80529f
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\FLOPPYME.EXE"
    30/03/2001 12:38 |Size 57856 |Crc32 2eb70a00 |Md5 341b379b0508949603af82ea59bd821d
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\NWCDEX.EXE"
    30/03/2001 12:38 |Size 21756 |Crc32 1a99ba16 |Md5 c9c13316344a1c0645f21de0184ec1c7
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\RESCUEME\DOSYSTEM\PTEDIT32.EXE"
    16/09/2002 00:24 |Size 503808 |Crc32 aa3e7496 |Md5 7f7f39b5b57971f17291dfd10f01207b
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\Setup\instmsia.exe"
    11/03/2002 07:45 |Size 1708856 |Crc32 3ccaccf9 |Md5 43f7305c2e5dd4a8f3c5abeb2ffe4833
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\Setup\instmsiw.exe"
    11/03/2002 08:06 |Size 1822520 |Crc32 be716ace |Md5 61a5fb191ae2ae876db31dcce75e4183
    "D:\Ma musique\emul incoming\(App) Partition Magic 8.0 + serial number\Setup\setup.exe"
    16/09/2002 16:40 |Size 217088 |Crc32 10871ada |Md5 a2b0c046755a6c4b050c7b2a48d83914
    "F:\_OTM\MovedFiles\11012009_202744\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe"
    21/10/2009 19:32 |Size 166860038 |Crc32 5832209b |Md5 1a2ff65edaf6e047fe7478f4b0d8f1d8
    "F:\_OTM\MovedFiles\11012009_202744\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe"
    16/02/2007 18:25 |Size 1270208 |Crc32 f8430237 |Md5 3e415c7cce8b88a3959de72742b66287
    "Y:\install - uninstall\ComicRackSetup09111.exe"
    27/10/2009 11:26 |Size 4177207 |Crc32 d509102e |Md5 37185367b17f8914597da1cdcd49b577
    "Y:\install - uninstall\Native Instruments Reaktor 5 1 1\Keygen.exe"
    09/09/2009 17:36 |Size 91136 |Crc32 2504db30 |Md5 59b290b672428a65e32ed0b5ed79fe41
    "Y:\install - uninstall\PropellerHeadReason4.0\KEYGEN.EXE"
    21/10/2009 19:14 |Size 164352 |Crc32 dae7a014 |Md5 ac271f7c2907076984144dda7db30c4a
    "Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\KEYGEN\Keygen.exe"
    21/10/2009 19:18 |Size 204800 |Crc32 b6030b58 |Md5 088b7e3f2180c9259c27164782acc882
    "Y:\install - uninstall\øøøøøPlug in\ARTURIA CS-80\Crack.exe"
    23/10/2009 11:18 |Size 5904 |Crc32 f233ced6 |Md5 256319ff3be3bd072bd5844713802718
    "Y:\install - uninstall\øøøøøPlug in\Arturia.Arp2600.V.VSTi.RTAS.v1.2.incl.Keygen-AiR\keygen.exe"
    03/05/2007 10:30 |Size 47616 |Crc32 2267e848 |Md5 b6ed7b4b52c881f0221c43c433b3f208
    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\Drumazon-1.0.25.exe"
    11/03/2007 20:25 |Size 7761920 |Crc32 36b3a9db |Md5 c4bf15b2a4d2a441ce447db98acd3027
    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\KeyGen.exe"
    12/03/2007 01:00 |Size 27648 |Crc32 1673fe8b |Md5 09cd538504da497ec1b25c8ae0415417
    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\keygen.exe"
    03/12/2006 16:04 |Size 46592 |Crc32 f47ff79d |Md5 beea41767e75f6161c6e4b3744526dc3
    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\Setup.exe"
    12/01/2007 13:46 |Size 4583424 |Crc32 b55d998b |Md5 733756c7a3131cc6241330bd5217a5ae
    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\iZotope_Ozone_Setup_v4_01.exe"
    30/01/2009 12:33 |Size 18908872 |Crc32 569e20af |Md5 c6c582e786c2064ebe3bd00b676f3685
    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\keygen.exe"
    17/03/2007 18:44 |Size 46592 |Crc32 41ae0ecf |Md5 9cc2c99eecc95d9344e903e442e48190
    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\KeyGen.exe"
    27/10/2005 13:01 |Size 24576 |Crc32 3819581e |Md5 f76e407ed4e58b52de300876a8ca4dcb
    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\VoxengoWarmifier_151_WinVST_setup.exe"
    05/07/2007 23:57 |Size 722065 |Crc32 d4d2520e |Md5 98ff75998e3cdfecad7e3cbd186074ae
    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Keygen.exe"
    04/04/2008 18:03 |Size 35328 |Crc32 50f4a2b7 |Md5 ec803bcc0edbb8628985aa626420e595
    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Setup.exe"
    04/04/2008 11:58 |Size 5103922 |Crc32 2d5204eb |Md5 04f50a5c77aa32e9631fd8d91916e7fb
    ################## | ! Fin du rapport # UsbFix V6.046 ! |
    En tout cas depuis ton intervention tout semble déjà bien fonctionner, donc merci !

    Vrni
     Posté le 01/11/2009 à 21:54 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    Re,

    C'est quoi le lecteur H: ?

    Il y a un fichier autorun.inf à la racine. Il est caché ( => faire apparaitre les fichiers/dossiers cachés )
    peux-tu l'éditer et copier le contenu dans ton prochain message ?

    EDIT : autant pour moi c'est un .exe

    Passe l'option USBFix option 2 et n'oublie pas de brancher tous tes supports amovibles.

    A+



    Modifié par Vrni le 01/11/2009 21:55
    cristofxx
     Posté le 01/11/2009 à 23:21 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Voici voilà:

    ############################## | UsbFix V6.046 |
    User : Administrator (Administrators) # EXPERIEN-864B86
    Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 10:15:03 PM | 11/1/2009
    Contact : FindyKill.Contact@gmail.com
    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1356 [VPS 091101-1] 4.8.1356 [ Enabled | Updated ]
    A:\ -> 3 1/2 Inch Floppy Drive
    C:\ -> Local Fixed Disk # 48.83 Go (27.39 Go free) [seven] # NTFS
    D:\ -> Local Fixed Disk # 113.6 Go (17.81 Go free) [Musique...] # NTFS
    E:\ -> CD-ROM Disc
    F:\ -> Local Fixed Disk # 48.82 Go (37.74 Go free) # NTFS
    G:\ -> Removable Disk
    H:\ -> CD-ROM Disc # 0 Mo (0 Mo free) [Audio CD] # CDFS
    I:\ -> Removable Disk # 3.76 Go (3.05 Go free) [POUET-POUET] # FAT32
    Y:\ -> Local Fixed Disk # 177.3 Go (34.14 Go free) [i] # NTFS
    Z:\ -> Local Fixed Disk # 195.31 Go (96.11 Go free) [ii] # NTFS
    ############################## | Processus actifs |
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\logonui.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software-Avast4\ashServ.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Alwil Software-Avast4\setup\avast.setup
    F:\WINDOWS\system32\userinit.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Digidesign\Drivers\MMERefresh.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Java\jre6\bin\jqs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software-Avast4\ashWebSv.exe
    F:\WINDOWS\System32\alg.exe
    F:\WINDOWS\system32\wbem\wmiprvse.exe
    ################## | Fichiers # Dossiers infectieux |
    ################## | Registre # Clés Run infectieuses |
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"
    ################## | Registre # Mountpoints2 |
    Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command
    ################## | Listing des fichiers présent |
    [25/10/2009 03:21|--a------|0] C:\AUTOEXEC.BAT
    [25/10/2009 15:42|--ahs----|220] C:\boot.ini
    [14/07/2009 01:38|--a------|383562] C:\bootmgr
    [25/10/2009 03:21|--a------|0] C:\CONFIG.SYS
    [24/10/2009 13:24|--ahs----|2414731264] C:\hiberfil.sys
    [25/10/2009 03:21|-rahs----|0] C:\IO.SYS
    [25/10/2009 03:21|-rahs----|0] C:\MSDOS.SYS
    [03/05/2008 12:00|-rahs----|47564] C:\NTDETECT.COM
    [03/05/2008 12:00|-rahs----|250048] C:\ntldr
    [19/03/2008 10:57|--a------|5525476] D:\03-freebidou-amicalement_votre.mp3
    [19/03/2008 10:58|--a------|2948307] D:\06.spark arrester - jazz pearl [blend remix].mp3
    [21/12/2008 22:14|--a------|815259] D:\DGenR8-VST-2.6.exe
    [03/11/2008 12:03|--a------|41393524] D:\ERPROT_610.exe
    [14/06/2008 18:42|--a------|56179982] D:\FACT Magazine presents The Count & Sinden .mp3
    [26/09/2009 10:00|--a------|580096] D:\lame.exe
    [03/11/2008 11:49|--a------|6113439] D:\pc-inspector_pc_inspector_4.0_francais_11048.exe
    [28/04/2006 05:41|--a------|97087488] D:\Symphony diagonale.avi
    [19/11/2007 21:09|--ahs----|5120] D:\Thumbs.db
    [15/01/2008 00:20|--a------|6157375] D:\Webern Symphony Op. 21 I.mp3
    [15/01/2008 00:28|--a------|2864274] D:\Webern Symphony Op. 21 II.mp3
    [27/08/2007 06:45|--a------|13130728] D:\Xenakis - Metastasis.mov
    [?|?|?] F:\pagefile.sys
    [01/11/2009 22:18|--a------|4030] F:\UsbFix.txt
    [01/01/1995 00:00|-r-------|44] H:\Track01.cda
    [01/01/1995 00:01|-r-------|44] H:\Track02.cda
    [01/01/1995 00:06|-r-------|44] H:\Track03.cda
    [01/01/1995 00:08|-r-------|44] H:\Track04.cda
    [01/01/1995 00:11|-r-------|44] H:\Track05.cda
    [01/01/1995 00:14|-r-------|44] H:\Track06.cda
    [01/01/1995 00:18|-r-------|44] H:\Track07.cda
    [01/01/1995 00:20|-r-------|44] H:\Track08.cda
    [01/01/1995 00:24|-r-------|44] H:\Track09.cda
    [01/01/1995 00:26|-r-------|44] H:\Track10.cda
    [01/01/1995 00:29|-r-------|44] H:\Track11.cda
    [01/01/1995 00:32|-r-------|44] H:\Track12.cda
    [01/01/1995 00:35|-r-------|44] H:\Track13.cda
    [01/01/1995 00:38|-r-------|44] H:\Track14.cda
    [01/01/1995 00:41|-r-------|44] H:\Track15.cda
    [07/10/2008 21:30|--a------|30720] I:\ONCLE ROY.doc
    [23/11/2008 14:28|--a------|58880] I:\rŠgle jeu pervasif.doc
    [05/10/2008 18:07|--a------|51712] I:\uncle roy.doc
    [25/08/2006 17:41|--a------|732730678] I:\Le.livre.de.la.jungle.fr.Xvid.by[GordTeam].teste.www.divxovore.com.avi
    [06/06/2009 03:27|--a------|26197] Y:\Breaking.Bad.S02.COMPLETE.VOSTFR.HDTV.XviD-PM5[www.kickasstorrents.com].torrent
    [14/06/2009 14:00|--a------|1598976] Y:\SteamInstall.msi
    [15/06/2009 13:40|--a------|132828] Y:\tapewriter.ttf
    [25/10/2009 16:25|--a------|1293] Y:\win7 depuis XP mais boot dans partoch7.rtf
    [08/12/2008 19:05|--a------|5188576] Z:\Earpro5setup.exe
    [21/11/2008 22:30|--a------|2140102656] Z:\Le cerveau en miroir - ARTE 2008-11-21 22-25-00.mpg
    [03/11/2008 11:58|--a------|187251699] Z:\ProdPack_RTAS.zip
    [30/10/2008 09:18|--ahs----|6144] Z:\Thumbs.db
    ################## | Vaccination |
    # C:\autorun.inf -> Dossier créé par UsbFix.
    # D:\autorun.inf -> Dossier créé par UsbFix.
    # F:\autorun.inf -> Dossier créé par UsbFix.
    # I:\autorun.inf -> Dossier créé par UsbFix.
    # Y:\autorun.inf -> Dossier créé par UsbFix.
    # Z:\autorun.inf -> Dossier créé par UsbFix.
    ################## | Suspect | http://www.virustotal.com |
    ################## | Cracks / Keygens / Serials |
    "F:\_OTM\MovedFiles\11012009_202744\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe"
    21/10/2009 19:32 |Size 166860038 |Crc32 5832209b |Md5 1a2ff65edaf6e047fe7478f4b0d8f1d8
    "F:\_OTM\MovedFiles\11012009_202744\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe"
    16/02/2007 18:25 |Size 1270208 |Crc32 f8430237 |Md5 3e415c7cce8b88a3959de72742b66287
    "Y:\install - uninstall\ComicRackSetup09111.exe"
    27/10/2009 11:26 |Size 4177207 |Crc32 d509102e |Md5 37185367b17f8914597da1cdcd49b577
    "Y:\install - uninstall\Native Instruments Reaktor 5 1 1\Keygen.exe"
    09/09/2009 17:36 |Size 91136 |Crc32 2504db30 |Md5 59b290b672428a65e32ed0b5ed79fe41
    "Y:\install - uninstall\PropellerHeadReason4.0\KEYGEN.EXE"
    21/10/2009 19:14 |Size 164352 |Crc32 dae7a014 |Md5 ac271f7c2907076984144dda7db30c4a
    "Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\KEYGEN\Keygen.exe"
    21/10/2009 19:18 |Size 204800 |Crc32 b6030b58 |Md5 088b7e3f2180c9259c27164782acc882
    "Y:\install - uninstall\øøøøøPlug in\ARTURIA CS-80\Crack.exe"
    23/10/2009 11:18 |Size 5904 |Crc32 f233ced6 |Md5 256319ff3be3bd072bd5844713802718
    "Y:\install - uninstall\øøøøøPlug in\Arturia.Arp2600.V.VSTi.RTAS.v1.2.incl.Keygen-AiR\keygen.exe"
    03/05/2007 10:30 |Size 47616 |Crc32 2267e848 |Md5 b6ed7b4b52c881f0221c43c433b3f208
    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\Drumazon-1.0.25.exe"
    11/03/2007 20:25 |Size 7761920 |Crc32 36b3a9db |Md5 c4bf15b2a4d2a441ce447db98acd3027
    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\KeyGen.exe"
    12/03/2007 01:00 |Size 27648 |Crc32 1673fe8b |Md5 09cd538504da497ec1b25c8ae0415417
    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\keygen.exe"
    03/12/2006 16:04 |Size 46592 |Crc32 f47ff79d |Md5 beea41767e75f6161c6e4b3744526dc3
    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\Setup.exe"
    12/01/2007 13:46 |Size 4583424 |Crc32 b55d998b |Md5 733756c7a3131cc6241330bd5217a5ae
    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\iZotope_Ozone_Setup_v4_01.exe"
    30/01/2009 12:33 |Size 18908872 |Crc32 569e20af |Md5 c6c582e786c2064ebe3bd00b676f3685
    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\keygen.exe"
    17/03/2007 18:44 |Size 46592 |Crc32 41ae0ecf |Md5 9cc2c99eecc95d9344e903e442e48190
    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\KeyGen.exe"
    27/10/2005 13:01 |Size 24576 |Crc32 3819581e |Md5 f76e407ed4e58b52de300876a8ca4dcb
    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\VoxengoWarmifier_151_WinVST_setup.exe"
    05/07/2007 23:57 |Size 722065 |Crc32 d4d2520e |Md5 98ff75998e3cdfecad7e3cbd186074ae
    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Keygen.exe"
    04/04/2008 18:03 |Size 35328 |Crc32 50f4a2b7 |Md5 ec803bcc0edbb8628985aa626420e595
    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Setup.exe"
    04/04/2008 11:58 |Size 5103922 |Crc32 2d5204eb |Md5 04f50a5c77aa32e9631fd8d91916e7fb
    ################## | ! Fin du rapport # UsbFix V6.046 ! |

    ############################## | UsbFix V6.046 |

    User : Administrator (Administrators) # EXPERIEN-864B86

    Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8

    Start at: 10:15:03 PM | 11/1/2009

    Website : http://pagesperso-orange.fr/NosTools/index.html

    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+

    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

    Internet Explorer 7.0.5730.13

    Windows Firewall Status : Enabled

    AV : avast! antivirus 4.8.1356 [VPS 091101-1] 4.8.1356 [ Enabled | Updated ]

    A:\ -> 3 1/2 Inch Floppy Drive

    C:\ -> Local Fixed Disk # 48.83 Go (27.39 Go free) [seven] # NTFS

    D:\ -> Local Fixed Disk # 113.6 Go (17.81 Go free) [Musique...] # NTFS

    E:\ -> CD-ROM Disc

    F:\ -> Local Fixed Disk # 48.82 Go (37.74 Go free) # NTFS

    G:\ -> Removable Disk

    H:\ -> CD-ROM Disc # 0 Mo (0 Mo free) [Audio CD] # CDFS

    I:\ -> Removable Disk # 3.76 Go (3.05 Go free) [POUET-POUET] # FAT32

    Y:\ -> Local Fixed Disk # 177.3 Go (34.14 Go free) [i] # NTFS

    Z:\ -> Local Fixed Disk # 195.31 Go (96.11 Go free) [ii] # NTFS

    ############################## | Processus actifs |

    F:\WINDOWS\System32\smss.exe

    F:\WINDOWS\system32\csrss.exe

    F:\WINDOWS\system32\winlogon.exe

    F:\WINDOWS\system32\services.exe

    F:\WINDOWS\system32\lsass.exe

    F:\WINDOWS\system32\Ati2evxx.exe

    F:\WINDOWS\system32\svchost.exe

    F:\WINDOWS\system32\svchost.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\system32\svchost.exe

    F:\WINDOWS\system32\svchost.exe

    F:\WINDOWS\system32\logonui.exe

    F:\WINDOWS\system32\Ati2evxx.exe

    F:\Program Files\Alwil Software-Avast4\aswUpdSv.exe

    F:\Program Files\Alwil Software-Avast4\ashServ.exe

    F:\WINDOWS\system32\spoolsv.exe

    F:\Program Files\Alwil Software-Avast4\setup\avast.setup

    F:\WINDOWS\system32\userinit.exe

    F:\WINDOWS\Explorer.EXE

    F:\Program Files\Digidesign\Drivers\MMERefresh.exe

    F:\WINDOWS\system32\svchost.exe

    F:\Program Files\Java\jre6\bin\jqs.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\System32\svchost.exe

    F:\WINDOWS\system32\svchost.exe

    F:\Program Files\Alwil Software-Avast4\ashMaiSv.exe

    F:\Program Files\Alwil Software-Avast4\ashWebSv.exe

    F:\WINDOWS\System32\alg.exe

    F:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    ################## | Registre # Clés Run infectieuses |

    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"

    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [25/10/2009 03:21|--a------|0] C:\AUTOEXEC.BAT

    [25/10/2009 15:42|--ahs----|220] C:\boot.ini

    [14/07/2009 01:38|--a------|383562] C:\bootmgr

    [25/10/2009 03:21|--a------|0] C:\CONFIG.SYS

    [24/10/2009 13:24|--ahs----|2414731264] C:\hiberfil.sys

    [25/10/2009 03:21|-rahs----|0] C:\IO.SYS

    [25/10/2009 03:21|-rahs----|0] C:\MSDOS.SYS

    [03/05/2008 12:00|-rahs----|47564] C:\NTDETECT.COM

    [03/05/2008 12:00|-rahs----|250048] C:\ntldr

    [19/03/2008 10:57|--a------|5525476] D:\03-freebidou-amicalement_votre.mp3

    [19/03/2008 10:58|--a------|2948307] D:\06.spark arrester - jazz pearl [blend remix].mp3

    [21/12/2008 22:14|--a------|815259] D:\DGenR8-VST-2.6.exe

    [03/11/2008 12:03|--a------|41393524] D:\ERPROT_610.exe

    [14/06/2008 18:42|--a------|56179982] D:\FACT Magazine presents The Count & Sinden .mp3

    [26/09/2009 10:00|--a------|580096] D:\lame.exe

    [03/11/2008 11:49|--a------|6113439] D:\pc-inspector_pc_inspector_4.0_francais_11048.exe

    [28/04/2006 05:41|--a------|97087488] D:\Symphony diagonale.avi

    [19/11/2007 21:09|--ahs----|5120] D:\Thumbs.db

    [15/01/2008 00:20|--a------|6157375] D:\Webern Symphony Op. 21 I.mp3

    [15/01/2008 00:28|--a------|2864274] D:\Webern Symphony Op. 21 II.mp3

    [27/08/2007 06:45|--a------|13130728] D:\Xenakis - Metastasis.mov

    [?|?|?] F:\pagefile.sys

    [01/11/2009 22:18|--a------|4030] F:\UsbFix.txt

    [01/01/1995 00:00|-r-------|44] H:\Track01.cda

    [01/01/1995 00:01|-r-------|44] H:\Track02.cda

    [01/01/1995 00:06|-r-------|44] H:\Track03.cda

    [01/01/1995 00:08|-r-------|44] H:\Track04.cda

    [01/01/1995 00:11|-r-------|44] H:\Track05.cda

    [01/01/1995 00:14|-r-------|44] H:\Track06.cda

    [01/01/1995 00:18|-r-------|44] H:\Track07.cda

    [01/01/1995 00:20|-r-------|44] H:\Track08.cda

    [01/01/1995 00:24|-r-------|44] H:\Track09.cda

    [01/01/1995 00:26|-r-------|44] H:\Track10.cda

    [01/01/1995 00:29|-r-------|44] H:\Track11.cda

    [01/01/1995 00:32|-r-------|44] H:\Track12.cda

    [01/01/1995 00:35|-r-------|44] H:\Track13.cda

    [01/01/1995 00:38|-r-------|44] H:\Track14.cda

    [01/01/1995 00:41|-r-------|44] H:\Track15.cda

    [07/10/2008 21:30|--a------|30720] I:\ONCLE ROY.doc

    [23/11/2008 14:28|--a------|58880] I:\rŠgle jeu pervasif.doc

    [05/10/2008 18:07|--a------|51712] I:\uncle roy.doc

    [25/08/2006 17:41|--a------|732730678] I:\Le.livre.de.la.jungle.fr.Xvid.by[GordTeam].teste.www.divxovore.com.avi

    [06/06/2009 03:27|--a------|26197] Y:\Breaking.Bad.S02.COMPLETE.VOSTFR.HDTV.XviD-PM5[www.kickasstorrents.com].torrent

    [14/06/2009 14:00|--a------|1598976] Y:\SteamInstall.msi

    [15/06/2009 13:40|--a------|132828] Y:\tapewriter.ttf

    [25/10/2009 16:25|--a------|1293] Y:\win7 depuis XP mais boot dans partoch7.rtf

    [08/12/2008 19:05|--a------|5188576] Z:\Earpro5setup.exe

    [21/11/2008 22:30|--a------|2140102656] Z:\Le cerveau en miroir - ARTE 2008-11-21 22-25-00.mpg

    [03/11/2008 11:58|--a------|187251699] Z:\ProdPack_RTAS.zip

    [30/10/2008 09:18|--ahs----|6144] Z:\Thumbs.db

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.

    # D:\autorun.inf -> Dossier créé par UsbFix.

    # F:\autorun.inf -> Dossier créé par UsbFix.

    # I:\autorun.inf -> Dossier créé par UsbFix.

    # Y:\autorun.inf -> Dossier créé par UsbFix.

    # Z:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Suspect | http://www.virustotal.com |

    ################## | Cracks / Keygens / Serials |

    "F:\_OTM\MovedFiles\11012009_202744\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\soundforgepro10.exe"

    21/10/2009 19:32 |Size 166860038 |Crc32 5832209b |Md5 1a2ff65edaf6e047fe7478f4b0d8f1d8

    "F:\_OTM\MovedFiles\11012009_202744\Rapidget DL\XLN Audio Addictive Drums DVDR HYBRID-AiRISO [RE-UP] add drum vsti\Addictive Drums VSTi\Keygen.exe"

    16/02/2007 18:25 |Size 1270208 |Crc32 f8430237 |Md5 3e415c7cce8b88a3959de72742b66287

    "Y:\install - uninstall\ComicRackSetup09111.exe"

    27/10/2009 11:26 |Size 4177207 |Crc32 d509102e |Md5 37185367b17f8914597da1cdcd49b577

    "Y:\install - uninstall\Native Instruments Reaktor 5 1 1\Keygen.exe"

    09/09/2009 17:36 |Size 91136 |Crc32 2504db30 |Md5 59b290b672428a65e32ed0b5ed79fe41

    "Y:\install - uninstall\PropellerHeadReason4.0\KEYGEN.EXE"

    21/10/2009 19:14 |Size 164352 |Crc32 dae7a014 |Md5 ac271f7c2907076984144dda7db30c4a

    "Y:\install - uninstall\Sony Sound Forge PRO 10.0 + KEYGEN\KEYGEN\Keygen.exe"

    21/10/2009 19:18 |Size 204800 |Crc32 b6030b58 |Md5 088b7e3f2180c9259c27164782acc882

    "Y:\install - uninstall\øøøøøPlug in\ARTURIA CS-80\Crack.exe"

    23/10/2009 11:18 |Size 5904 |Crc32 f233ced6 |Md5 256319ff3be3bd072bd5844713802718

    "Y:\install - uninstall\øøøøøPlug in\Arturia.Arp2600.V.VSTi.RTAS.v1.2.incl.Keygen-AiR\keygen.exe"

    03/05/2007 10:30 |Size 47616 |Crc32 2267e848 |Md5 b6ed7b4b52c881f0221c43c433b3f208

    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\Drumazon-1.0.25.exe"

    11/03/2007 20:25 |Size 7761920 |Crc32 36b3a9db |Md5 c4bf15b2a4d2a441ce447db98acd3027

    "Y:\install - uninstall\øøøøøPlug in\D16.Group.Drumazon.VSTi.v1.0.25.incl.KeyGen-BEAT\KeyGen.exe"

    12/03/2007 01:00 |Size 27648 |Crc32 1673fe8b |Md5 09cd538504da497ec1b25c8ae0415417

    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\keygen.exe"

    03/12/2006 16:04 |Size 46592 |Crc32 f47ff79d |Md5 beea41767e75f6161c6e4b3744526dc3

    "Y:\install - uninstall\øøøøøPlug in\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\Setup.exe"

    12/01/2007 13:46 |Size 4583424 |Crc32 b55d998b |Md5 733756c7a3131cc6241330bd5217a5ae

    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\iZotope_Ozone_Setup_v4_01.exe"

    30/01/2009 12:33 |Size 18908872 |Crc32 569e20af |Md5 c6c582e786c2064ebe3bd00b676f3685

    "Y:\install - uninstall\øøøøøPlug in\IZotope.Ozone.VST.DX.RTAS.HTDM.v4.01.Incl.Keygen\keygen.exe"

    17/03/2007 18:44 |Size 46592 |Crc32 41ae0ecf |Md5 9cc2c99eecc95d9344e903e442e48190

    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\KeyGen.exe"

    27/10/2005 13:01 |Size 24576 |Crc32 3819581e |Md5 f76e407ed4e58b52de300876a8ca4dcb

    "Y:\install - uninstall\øøøøøPlug in\voxengo.warmifier.vst.v1.5.1.incl.keygen-beat\VoxengoWarmifier_151_WinVST_setup.exe"

    05/07/2007 23:57 |Size 722065 |Crc32 d4d2520e |Md5 98ff75998e3cdfecad7e3cbd186074ae

    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Keygen.exe"

    04/04/2008 18:03 |Size 35328 |Crc32 50f4a2b7 |Md5 ec803bcc0edbb8628985aa626420e595

    "Z:\leechget dl\AR_BL_V2.1_AIR\AudioRealism.BassLine.VSTi.v2.1.0.Incl.Keygen-AiR\Setup.exe"

    04/04/2008 11:58 |Size 5103922 |Crc32 2d5204eb |Md5 04f50a5c77aa32e9631fd8d91916e7fb

    ################## | ! Fin du rapport # UsbFix V6.046 ! |

    Vrni
     Posté le 01/11/2009 à 23:38 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    Re,

    Connais-tu ce site ? Framasoft
    Je suis certain que tu trouveras l'équivalent de tous les logiciels que tu as téléchargé.
    C'est sur l'ergonomie sera mooins bonne mais bon à toi de voir.

    On termine.

    1) Télécharge OTCleanIT d'Old_Timer.
    http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Enregistre le fichier sur ton bureau.

    Double clique sut OTCleanit.exe pour l'exécuter.
    Clique sur CleanUp !.
    Le logiciel va te demander de commencer l'analyse. Accepte.

    Il te sera demandé le redémarrage de ton PC pour finir la suppression des fichiers et supprimer également OTCleanIT. Accepte.


    2) Télécharge ToolsCleaner .sur le bureau
    http://pc-system.fr/TC/ToolsCleaner2.exe

    Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
    Il est possible que ton bureau disparaisse.

    Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt


    3) Utilise CCleaner et les deux options nettoyeur et registre.


    4) je te conseille enfin de recréer un point de restauration propre pour pouvoir l'utiliser en cas de problème sur ton PC.

    - Création d'un nouveau point de restauration :

    Pour recréer un point de restauration :

    Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système

    Choisis "Créer un point de restauration". Suis les invites.

    Bonne continuation ( pour tes études, cela s'entend ).

    cristofxx
     Posté le 02/11/2009 à 13:02 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Merci!

    Le rapport:

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
    --> Recherche:
    F:\UsbFix.txt: trouvé !
    F:\HijackThis: trouvé !
    F:\UsbFix: trouvé !
    F:\Documents and Settings\Administrator\Desktop\HijackThis.exe: trouvé !
    F:\Documents and Settings\Administrator\Desktop\UsbFix.exe: trouvé !
    F:\hijackThis\hijackthis.log: trouvé !
    ---------------------------------
    --> Suppression:
    F:\Documents and Settings\Administrator\Desktop\HijackThis.exe: supprimé !
    F:\UsbFix.txt: supprimé !
    F:\Documents and Settings\Administrator\Desktop\UsbFix.exe: supprimé !
    F:\hijackThis\hijackthis.log: supprimé !
    F:\HijackThis: supprimé !
    F:\UsbFix: supprimé !

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    F:\UsbFix.txt: trouvé !

    F:\HijackThis: trouvé !

    F:\UsbFix: trouvé !

    F:\Documents and Settings\Administrator\Desktop\HijackThis.exe: trouvé !

    F:\Documents and Settings\Administrator\Desktop\UsbFix.exe: trouvé !

    F:\hijackThis\hijackthis.log: trouvé !

    ---------------------------------

    --> Suppression:

    F:\Documents and Settings\Administrator\Desktop\HijackThis.exe: supprimé !

    F:\UsbFix.txt: supprimé !

    F:\Documents and Settings\Administrator\Desktop\UsbFix.exe: supprimé !

    F:\hijackThis\hijackthis.log: supprimé !

    F:\HijackThis: supprimé !

    F:\UsbFix: supprimé !

    Par contre l'option de restauration fonctionne pas: l'option désactiver tous les disques est cochée, et en la décochant on me parle d'erreur et me propose de redemarer, ce qui ne change rien !
    J'ai un outil de restauration de registre sinon, qui se présente en un fichier .reg >> Full-Registry-Backup.reg
    C'est peut être la même chose?
    En tout cas un gros merci pour ton aide !

    Vrni
     Posté le 02/11/2009 à 13:21 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Astucien

    peut être que le fichier rstrui.exe n'est pas présent sur le PC ( en C:\WINDOWS\system32\Restore )

    Cela arrive avec ce genre de versions modifiées.

    @+

    cristofxx
     Posté le 02/11/2009 à 14:07 
    Aller en bas de la page Revenir au message précédent Revenir en haut de la page
    Petit astucien

    Ok,

    a+

    Page : [1] 
    Page 1 sur 1

    Vous devez être connecté pour participer à la discussion.
    Cliquez ici pour vous identifier.

    Vous n'avez pas de compte ? Créez-en un gratuitement !
    Recevoir PC Astuces par e-mail


    La Lettre quotidienne +226 000 inscrits
    Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

    Les bonnes affaires
    Une fois par semaine, un récap des meilleurs offres.

    Les fonds d'écran
    De jolies photos pour personnaliser votre bureau. Une fois par semaine.

    Les nouveaux Bons Plans
    Des notifications pour ne pas rater les bons plans publiés sur le site.

    Les bons plans du moment PC Astuces

    Tous les Bons Plans
    69,99 €Centrale vapeur Philips HI5910/99 2400W 4 bars à 69,99 €
    Valable jusqu'au 04 Février

    Cdiscount fait une vente flash sur la centrale vapeur Philips HI5910/99 2400W 4 bars qui passe à 69,99 €.  Effet pressing 180g - réservoir amovible de 1,1L - arrêt automatique - Détartrage intelligent - semelle céramique + Rase bouloche


    > Voir l'offre
    86,99 €Clavier sans-fil bluetooth Logitech MX Keys Plus à 86,99 €
    Valable jusqu'au 29 Janvier

    Fnac fait une belle promotion sur le clavier sans-fil bluetooth Logitech MX Keys Plus qui passe à 86,99 € alors qu'on le trouve ailleurs autour de 119 €. Profitez d'une frappe parfaitement fluide, naturelle et précise grâce aux touches concaves qui épousent la forme de vos doigts et leurs bords arrondis qui offrent un retour satisfaisant.  

    Le clavier Logitech MX Keys est équipé de la technologie Logitech Flow. Cette dernière, vous permet de taper du texte sur un ordinateur et de le finir sur un autre, d'effectuer des copier-coller de texte, d'une image ou encore d'un fichier d'une machine à une autre. Le Logitech MX Keys est aussi équipé de capteurs de proximité qui détectent vos mains et illuminent le clavier au moment où vos doigts approchent des touches. A l'inverse, les touches rétro-éclairées s'éteignent quand vous quittez le bureau pour économiser de l'énergie. Aussi, l'intensité du rétro-éclairage s'adapte aux conditions d'éclairage ou peut être définie manuellement.

    Cette version Plus est fournie avec un repose poignet anti dérapant.


    > Voir l'offre
    449,99 €Portable Dell Inspiron 15 3501 (15.6 pouces, FullHD, Core i3, 8Go, SSD 256Go) à 449,99 €
    Valable jusqu'au 31 Janvier

    RueDuCommerce fait une promotion sur l'ordinateur portable Dell Inspiron 15 3501 qui passe à 449,99 € alors qu'on le trouve ailleurs à partir de 529 €. Cet ordinateur possède un écran 15,6 pouces Full HD (1920x1080), un processeur Intel Core i3-1115G4 avec chip graphique Intel UHD intégré, 8 Go de RAM (extensibles à 16 Go) et un SSD NVMe de 256 Go. Le tout tourne sous Windows 10 qui peut être mis à jour pour Windows 11.


    > Voir l'offre

    Sujets relatifs
    Avast détecte des malwares à répétition
    avast détecte evo-gen (sup
    Win32:VB-MAN [Trj] détecté par Avast
    "Avast détecté une connexion sécurisée"....
    VIRUS NSIS:Adware-EO [PUP] DETECTE PAR AVAST
    avast:une menace à été détecté:adresse url bloquée
    Avast detecte win32: malware-gen
    Avast détecte Rootkit+autres impossible à supp
    probleme detecte par avast
    Vbs:Malware-gen détecté par avast
    Plus de sujets relatifs à msxml71.dll détecté par avast
     > Tous les forums > Forum Sécurité