A voir également:
- Mon ordi rame
- Mon ordi rame que faire - Guide
- Comment reinitialiser un ordi - Guide
- Ordi ecran noir - Guide
- Mon mac rame comment le nettoyer - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
49 réponses
Merci pour votre aide.
Voici le premier rapport :
Logfile of random's system information tool 1.06 (written by random/random)
Run by moi at 2009-11-08 08:14:37
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 95 GB (40%) free of 238 GB
Total RAM: 2046 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:38, on 08/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Users\moi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\moi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SEO Soft] C:\Users\moi\Desktop\stat\stat.exe 0 20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C015A03-EEF0-4697-9231-6B12575D8B67}: NameServer = 212.27.40.240,212.27.40.241
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Voici le premier rapport :
Logfile of random's system information tool 1.06 (written by random/random)
Run by moi at 2009-11-08 08:14:37
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 95 GB (40%) free of 238 GB
Total RAM: 2046 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:38, on 08/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Users\moi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\moi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SEO Soft] C:\Users\moi\Desktop\stat\stat.exe 0 20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C015A03-EEF0-4697-9231-6B12575D8B67}: NameServer = 212.27.40.240,212.27.40.241
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Darksus
Messages postés
129
Date d'inscription
mardi 27 octobre 2009
Statut
Membre
Dernière intervention
1 juillet 2015
6
8 nov. 2009 à 08:09
8 nov. 2009 à 08:09
Je ne vois rien qui pourait le faire ramer ? tu as des donées importante sur ton pc ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 08:13
8 nov. 2009 à 08:13
bonjour
personnellement je vois quelques bricoles et il serait bien d'examiner un peu plus en profondeur ces choses...
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
personnellement je vois quelques bricoles et il serait bien d'examiner un peu plus en profondeur ces choses...
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
Le second :
info.txt logfile of random's system information tool 1.06 2009-11-08 08:14:39
======Uninstall list======
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4-->"C:\Program Files\Adobe\Photoshop CS4\unins000.exe"
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Any Video Converter 2.7.6-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Camtasia Studio 6-->MsiExec.exe /I{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}
CaptEcran V 2.0.2-->"C:\Program Files\CaptEcran\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cFosSpeed v4.06-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe"
GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Flight Simulator X Service Pack 1-->c:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MozBackup 1.4.9-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RPG Maker VX 1.02-->"C:\Program Files\RPG Maker VX\unins000.exe"
Serious Sam : Second Contact-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x40c
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
UDPixel.exe-->"C:\Program Files\UDPixel\uninstall.exe"
Vehicle Simulator-->"C:\Program Files\Vehicle Simulator\unins000.exe"
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinSCP 4.2.3 beta-->"C:\Program Files\WinSCP\unins000.exe"
Yooda Map-->MsiExec.exe /I{633A27AE-C1C4-48E7-85D4-3C34994B5331}
======Security center information======
AV: AntiVir Desktop
AV: ESET NOD32 Antivirus 4.0 (outdated)
AS: ESET NOD32 Antivirus 4.0 (outdated)
AS: AntiVir Desktop
AS: Windows Defender (outdated)
======System event log======
Computer Name: moi-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 27229
Source Name: Tcpip
Time Written: 20091107214836.353613-000
Event Type: Warning
User:
Computer Name: moi-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 27235
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091107214920.423400-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 27251
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091108065420.665650-000
Event Type: Error
User:
Computer Name: moi-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Partizan
Record Number: 27329
Source Name: Service Control Manager
Time Written: 20091108065603.000000-000
Event Type: Error
User:
Computer Name: moi-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 27335
Source Name: Tcpip
Time Written: 20091108065610.896650-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 1012 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6550
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107195348.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000:
Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000
Process 1408 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000\Software
Process 1408 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000\Software\Policies
Record Number: 6578
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107202919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6579
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107202919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000
Record Number: 6601
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107214918.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6602
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107214919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14527
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.125350-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14528
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.142850-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14529
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.150350-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14530
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.162850-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14531
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.175350-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-11-08 08:14:39
======Uninstall list======
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4-->"C:\Program Files\Adobe\Photoshop CS4\unins000.exe"
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Any Video Converter 2.7.6-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Camtasia Studio 6-->MsiExec.exe /I{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}
CaptEcran V 2.0.2-->"C:\Program Files\CaptEcran\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cFosSpeed v4.06-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe"
GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Flight Simulator X Service Pack 1-->c:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MozBackup 1.4.9-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RPG Maker VX 1.02-->"C:\Program Files\RPG Maker VX\unins000.exe"
Serious Sam : Second Contact-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x40c
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
UDPixel.exe-->"C:\Program Files\UDPixel\uninstall.exe"
Vehicle Simulator-->"C:\Program Files\Vehicle Simulator\unins000.exe"
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinSCP 4.2.3 beta-->"C:\Program Files\WinSCP\unins000.exe"
Yooda Map-->MsiExec.exe /I{633A27AE-C1C4-48E7-85D4-3C34994B5331}
======Security center information======
AV: AntiVir Desktop
AV: ESET NOD32 Antivirus 4.0 (outdated)
AS: ESET NOD32 Antivirus 4.0 (outdated)
AS: AntiVir Desktop
AS: Windows Defender (outdated)
======System event log======
Computer Name: moi-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 27229
Source Name: Tcpip
Time Written: 20091107214836.353613-000
Event Type: Warning
User:
Computer Name: moi-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 27235
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091107214920.423400-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 27251
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091108065420.665650-000
Event Type: Error
User:
Computer Name: moi-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Partizan
Record Number: 27329
Source Name: Service Control Manager
Time Written: 20091108065603.000000-000
Event Type: Error
User:
Computer Name: moi-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 27335
Source Name: Tcpip
Time Written: 20091108065610.896650-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 1012 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6550
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107195348.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000:
Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000
Process 1408 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000\Software
Process 1408 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000\Software\Policies
Record Number: 6578
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107202919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 988 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6579
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107202919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000
Record Number: 6601
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107214918.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: moi-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-127182257-2607950328-4141922675-1000_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-127182257-2607950328-4141922675-1000_CLASSES
Record Number: 6602
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091107214919.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14527
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.125350-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14528
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.142850-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14529
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.150350-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14530
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.162850-000
Event Type: Audit Failure
User:
Computer Name: moi-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14531
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091108071438.175350-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 08:32
8 nov. 2009 à 08:32
es tu en désinfection ailleurs ?
ou as tu eu recemment des soucis de "bagle"
ou as tu eu recemment des soucis de "bagle"
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 08:38
8 nov. 2009 à 08:38
dans le doute et avant de faire autre chose, on va vérifier pour bagle
• Téléchargez FindyKill sur le Bureau.
http://pagesperso-orange.fr/NosTools/Chiquitine29/FindyKill.exe
Mirroir :
https://www.androidworld.fr/
• Double-cliquez sur FindyKill présent sur le Bureau.
• Choisissez l'option 1 (Recherche).
• Laissez travailler l'outil.
• Ensuite postez le rapport FindyKill.txt qui apparaîtra (si vous avez créé un sujet sur un forum pour vous faire aider).
• Note : Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt).
(CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/index.html
Note : l'UAC de Vista ne gêne plus FindyKill.
• Téléchargez FindyKill sur le Bureau.
http://pagesperso-orange.fr/NosTools/Chiquitine29/FindyKill.exe
Mirroir :
https://www.androidworld.fr/
• Double-cliquez sur FindyKill présent sur le Bureau.
• Choisissez l'option 1 (Recherche).
• Laissez travailler l'outil.
• Ensuite postez le rapport FindyKill.txt qui apparaîtra (si vous avez créé un sujet sur un forum pour vous faire aider).
• Note : Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt).
(CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/index.html
Note : l'UAC de Vista ne gêne plus FindyKill.
Merci encore une fois, voici le rapport :
############################## | FindyKill V5.017 |
# User : moi (Administrators) # moi-PC
# Update on 01/11/2009 by Chiquitine29
# Start at: 8:43:20 AM | 11/8/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
# Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 232.88 Go (92.68 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # CD-ROM Disc
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\moi\AppData\Roaming |
################## | Autres detections ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Présent ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"
Présent ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
"C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe"
16/10/2008 20:48 |Size 28672 |Crc32 3ca1cff9 |Md5 28d10f5ea6f3b1e5de4074aa5294ef92
################## | ! Fin du rapport # FindyKill V5.017 ! |
############################## | FindyKill V5.017 |
# User : moi (Administrators) # moi-PC
# Update on 01/11/2009 by Chiquitine29
# Start at: 8:43:20 AM | 11/8/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
# Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 232.88 Go (92.68 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # CD-ROM Disc
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\moi\AppData\Roaming |
################## | Autres detections ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Présent ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"
Présent ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
"C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe"
16/10/2008 20:48 |Size 28672 |Crc32 3ca1cff9 |Md5 28d10f5ea6f3b1e5de4074aa5294ef92
################## | ! Fin du rapport # FindyKill V5.017 ! |
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 08:54
8 nov. 2009 à 08:54
non à priori pas de bagle....
nèanmoins on va en profiter pour soigner quelques clés
/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uacer-l-uac
• Double clic sur le raccourci FindyKill présent sur ton bureau.
• Choisis l'option 2
• Laisse travailler l'outil.
• Ensuite post le rapport FindyKill.txt qui apparaîtra.
• Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:\FindyKill.txt)
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/index.html
nèanmoins on va en profiter pour soigner quelques clés
/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uacer-l-uac
• Double clic sur le raccourci FindyKill présent sur ton bureau.
• Choisis l'option 2
• Laisse travailler l'outil.
• Ensuite post le rapport FindyKill.txt qui apparaîtra.
• Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:\FindyKill.txt)
(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/index.html
Le rapport :
############################## | FindyKill V5.017 |
# User : moi (Administrators) # moi-PC
# Update on 01/11/2009 by Chiquitine29
# Start at: 8:55:54 AM | 11/8/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
# Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 232.88 Go (92.69 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # CD-ROM Disc
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\moi\AppData\Roaming |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
"C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe"
16/10/2008 20:48 |Size 28672 |Crc32 3ca1cff9 |Md5 28d10f5ea6f3b1e5de4074aa5294ef92
################## | ! Fin du rapport # FindyKill V5.017 ! |
############################## | FindyKill V5.017 |
# User : moi (Administrators) # moi-PC
# Update on 01/11/2009 by Chiquitine29
# Start at: 8:55:54 AM | 11/8/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
# Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 232.88 Go (92.69 Go free) # NTFS
# D:\ # CD-ROM Disc
# E:\ # CD-ROM Disc
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\Windows |
################## | C:\Windows\system32 |
################## | C:\Windows\system32\drivers |
################## | C:\Users\moi\AppData\Roaming |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Uac : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
"C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe"
16/10/2008 20:48 |Size 28672 |Crc32 3ca1cff9 |Md5 28d10f5ea6f3b1e5de4074aa5294ef92
################## | ! Fin du rapport # FindyKill V5.017 ! |
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 09:06
8 nov. 2009 à 09:06
plusieurs infections...
Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Le rapport de AD-Remover :
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 07.11.2009 à 16:37
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:07:29, 08/11/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Nom du PC: moi-PC | Utilisateur actuel: moi
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
HKLM\Software\Trymedia Systems
.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: xl0ce2bg.default (moi)
.
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultEngineName_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.SelectedEngine_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultUrl_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Startup.HomePage_list.dat
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
.
===================================
.
3514 Octet(s) - C:\Ad-Report-SCAN[1].log
.
3 Fichier(s) - C:\Users\moi\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:08:50 | 08/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 07.11.2009 à 16:37
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:07:29, 08/11/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Nom du PC: moi-PC | Utilisateur actuel: moi
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
HKLM\Software\Trymedia Systems
.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: xl0ce2bg.default (moi)
.
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultEngineName_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.SelectedEngine_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultUrl_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Startup.HomePage_list.dat
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
.
===================================
.
3514 Octet(s) - C:\Ad-Report-SCAN[1].log
.
3 Fichier(s) - C:\Users\moi\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:08:50 | 08/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 09:12
8 nov. 2009 à 09:12
Même outil
En mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Option L Lancer le nettoyage
En mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Option L Lancer le nettoyage
Le rapport :
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 07.11.2009 à 16:37
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:14:33, 08/11/2009 | Mode sans echec | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Nom du PC: moi-PC | Utilisateur actuel: moi
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
HKLM\Software\Trymedia Systems
.
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: xl0ce2bg.default (moi)
.
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultEngineName_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.SelectedEngine_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultUrl_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Startup.HomePage_list.dat
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
.
===================================
.
3840 Octet(s) - C:\Ad-Report-CLEAN[1].log
3839 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\Users\moi\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
21 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:15:51 | 08/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 07.11.2009 à 16:37
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:14:33, 08/11/2009 | Mode sans echec | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Nom du PC: moi-PC | Utilisateur actuel: moi
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
HKLM\Software\Trymedia Systems
.
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: xl0ce2bg.default (moi)
.
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultEngineName_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.SelectedEngine_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Search.DefaultUrl_list.dat
(Prefs.js) C:\Users\moi\AppData\Local\Temp\Prefs.js_Browser.Startup.HomePage_list.dat
.
.
* Internet Explorer Version 7.0.6001.18000 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\moi\Downloads\GrabIt Downloads\md-11\FSX PMDG MD-11\FSX PMDG MD-11\Crack\EnableButton.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-patch.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
.
===================================
.
3840 Octet(s) - C:\Ad-Report-CLEAN[1].log
3839 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\Users\moi\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
21 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:15:51 | 08/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 09:21
8 nov. 2009 à 09:21
Recherche
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe
Il ne nécessite pas d'installation
▶double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu sur un forum spécialisé
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe
Il ne nécessite pas d'installation
▶double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu sur un forum spécialisé
Le rapport :
List'em by g3n-h@ckm@n 1.0.5.2
Thx to Chiquitine29.....
User : moi (Administrators) # moi-PC
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 9:21:51 AM | 11/8/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk | 232.88 Go (92.62 Go free) | NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
C:\Windows\System32\smss.exe 468
C:\Windows\system32\csrss.exe 536
C:\Windows\system32\wininit.exe 592
C:\Windows\system32\csrss.exe 604
C:\Windows\system32\services.exe 636
C:\Windows\system32\lsass.exe 648
C:\Windows\system32\lsm.exe 656
C:\Windows\system32\svchost.exe 792
C:\Windows\system32\winlogon.exe 828
C:\Windows\system32\nvvsvc.exe 896
C:\Windows\system32\svchost.exe 924
C:\Windows\System32\svchost.exe 984
C:\Windows\System32\svchost.exe 1024
C:\Windows\System32\svchost.exe 1048
C:\Windows\system32\svchost.exe 1084
C:\Windows\system32\SLsvc.exe 1264
C:\Windows\system32\svchost.exe 1316
C:\Windows\system32\svchost.exe 1460
C:\Windows\system32\nvvsvc.exe 1584
C:\Windows\System32\spoolsv.exe 1840
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1872
C:\Windows\system32\taskeng.exe 1932
C:\Windows\system32\svchost.exe 1940
C:\Windows\system32\Dwm.exe 1976
C:\Windows\Explorer.EXE 340
C:\Program Files\Windows Defender\MSASCui.exe 1900
C:\Windows\system32\taskeng.exe 488
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 2104
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2116
C:\Program Files\iTunes\iTunesHelper.exe 2128
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2152
C:\Program Files\cFosSpeed\cfosspeed.exe 2172
C:\Program Files\Windows Sidebar\sidebar.exe 2184
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2208
C:\Program Files\uTorrent\uTorrent.exe 2216
C:\Program Files\DAEMON Tools Lite\daemon.exe 2232
C:\Windows\ehome\ehtray.exe 2268
C:\Users\moi\Desktop\stat\stat.exe 2364
C:\Windows\ehome\ehmsas.exe 2496
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2900
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2932
C:\Program Files\Bonjour\mDNSResponder.exe 3000
C:\Program Files\cFosSpeed\spd.exe 3012
C:\Windows\system32\svchost.exe 3124
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 3252
C:\Windows\system32\svchost.exe 3280
C:\Windows\System32\svchost.exe 3412
C:\Windows\system32\SearchIndexer.exe 3448
C:\Program Files\Mozilla Firefox\firefox.exe 2400
C:\Program Files\iPod\bin\iPodService.exe 2060
C:\Windows\system32\conime.exe 2984
C:\Users\moi\Desktop\List_Killem.exe 1632
C:\Windows\system32\cmd.exe 3464
C:\Windows\system32\wbem\wmiprvse.exe 1368
C:\Users\moi\AppData\Local\Temp\BF58.tmp\pv.exe 2780
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"uTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"SEO Soft"="C:\\Users\\moi\\Desktop\\stat\\stat.exe 0 20"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"RtHDVCpl"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"cFosSpeed"="C:\\Program Files\\cFosSpeed\\cFosSpeed.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
"UacDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
===============
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
===============
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
==========================
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\1.txt
C:\Program Files\DAEMON Tools Toolbar
C:\Windows\winstart.bat
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
7Z.EXE-47798AFA.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgGlUAD_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgRobust.db
ATTRIB.CFXXE-0EDF3074.pf
ATTRIB.CFXXE-750D77BE.pf
ATTRIB.CFXXE-958C1A93.pf
ATTRIB.EXE-C481CEC1.pf
AVCENTER.EXE-087DA68F.pf
AVNOTIFY.EXE-4291C867.pf
AVWSC.EXE-877F4F63.pf
BORDERLANDS.EXE-C41E4B2F.pf
BYPASS.EXE-F1668D4E.pf
CF13407.EXE-C17A196A.pf
CF23047.EXE-B04C4EA6.pf
CHCP.COM-950EAF32.pf
CLEANMGR.EXE-B508FB28.pf
CMD.CFXXE-07184B5C.pf
CMD.EXE-89305D47.pf
CONIME.EXE-B273009A.pf
CONTROL.EXE-9459D5A0.pf
CSCRIPT.EXE-E4C98DEB.pf
DLLHOST.EXE-71214090.pf
DLLHOST.EXE-C5C55E89.pf
DREAMWEAVER.EXE-467FD433.pf
DUMPHIVE.CFXXE-00D3E5F8.pf
ECHOX.EXE-DF8DF7F8.pf
ERUNT.CFXXE-1F3A5F43.pf
ERUNT.CFXXE-999CFB0C.pf
EXPLORER.EXE-7A3328DA.pf
FIND.EXE-162DFE58.pf
FINDSTR.CFXXE-CB2989C0.pf
FINDSTR.CFXXE-FDD98987.pf
FINDSTR.EXE-4176B665.pf
FINDYKILL.EXE-ABB719AD.pf
FIREFOX.EXE-E60C0AA7.pf
FNPLICENSINGSERVICE.EXE-8B3343A3.pf
FSUM.EXE-6F564D8C.pf
FTPXPERT3.EXE-A01CA168.pf
GREP.CFXXE-2B7FCE5C.pf
GREP.CFXXE-685F026B.pf
GREP.CFXXE-7F79FA46.pf
GREP.EXE-704EDE83.pf
GREP.EXE-A7D5AC83.pf
GRPCONV.EXE-CAFD68AE.pf
GSAR.CFXXE-AA54EBF7.pf
GSAR.CFXXE-E7342006.pf
GSAR.CFXXE-FE4F17E1.pf
HANDLE.CFXXE-5D9C77B2.pf
HANDLE.CFXXE-C3CABEFC.pf
HIDEC.EXE-372FE395.pf
HIDEC.EXE-7088B79B.pf
HIDEC.EXE-EA804742.pf
IEXPLORE.EXE-CD4B8CA4.pf
INFDEFAULTINSTALL.EXE-0005F860.pf
IPODSERVICE.EXE-FE1A6FF7.pf
KILLBAGLE.EXE-0E0F1E15.pf
Layout.ini
LOGONUI.EXE-1BEE4A84.pf
MENCODER.EXE-813B6BCD.pf
MOBSYNC.EXE-D8BC6ED2.pf
MODE.COM-0F3F3F6D.pf
MPLAYER.EXE-A6CB3416.pf
MSASCUI.EXE-6465DB72.pf
MSPAINT.EXE-89BB51A7.pf
N.PIF-E21D3C23.pf
NIRCMD.CFXXE-183617EF.pf
NIRCMD.CFXXE-7E645F39.pf
NIRCMD.CFXXE-9EE3020E.pf
NIRCMD.EXE-2B5D5516.pf
NIRCMDB.EXE-27E473A5.pf
NIRCMDB.EXE-AD81D7DC.pf
NIRCMDC.CFXXE-14876C10.pf
NIRCMDC.CFXXE-A70C3156.pf
NIRCMDC.CFXXE-D9BC311D.pf
NOTEPAD.EXE-EB1B961A.pf
NTOSBOOT-B00DFAAD.pf
PEV.CFXXE-0792E0FC.pf
PEV.CFXXE-54427D4F.pf
PEV.CFXXE-8D9B5155.pf
PEV.EXE-39460B44.pf
PEV.EXE-73C3F619.pf
PEV.EXE-9431D1B3.pf
PEV.EXE-FFB6E830.pf
PfSvPerfStats.bin
PHOTOSHOP.EXE-AEC178F6.pf
PING.EXE-B29F6629.pf
PV.CFXXE-7A7E6004.pf
PV.CFXXE-E0AEFD03.pf
PV.CFXXE-E5F9BA8E.pf
QUICKTIMEPLAYER.EXE-8A00152A.pf
ReadyBoot
REG.EXE-26976709.pf
REGEDIT.EXE-4748FE01.pf
REGT.CFXXE-52B9F328.pf
REGT.CFXXE-8F992737.pf
ROUTE.CFXXE-D030C639.pf
ROUTE.EXE-AA5DBD7E.pf
RUNONCE.EXE-E33ED995.pf
SC.EXE-BC6DAF49.pf
SED.CFXXE-01DF1A4A.pf
SED.CFXXE-7BD6A9F1.pf
SED.CFXXE-C8864644.pf
SED.EXE-603D9B89.pf
SETPATH.CFXXE-3301E9BB.pf
SETPATH.CFXXE-65B1E982.pf
SHUTDOWN.EXE-B918DC57.pf
SNDVOL.EXE-783DCB11.pf
SNIFFC.EXE-1082373A.pf
SORT.EXE-CDAF7663.pf
SVCHOST.EXE-E2D30E5C.pf
SWREG.CFXXE-14913645.pf
SWREG.CFXXE-8EF3D20E.pf
SWREG.CFXXE-A3C8A868.pf
SWREG.EXE-37022DDD.pf
SWREG.EXE-445AAA09.pf
SWREG.EXE-910A465C.pf
SWREG.EXE-CA631A62.pf
SWXCACLS.CFXXE-73D44A8E.pf
SWXCACLS.CFXXE-EBD15738.pf
TASKENG.EXE-5BAF290C.pf
TASKMGR.EXE-72398DC0.pf
THUNDERBIRD.EXE-EDED9AF7.pf
UPDATE.EXE-3FBE35E6.pf
VERCLSID.EXE-4D95F5A7.pf
VIDEOCONVERTER.EXE-E8019497.pf
VLC.EXE-CE8E9BE1.pf
WERMGR.EXE-2A1BCBC7.pf
WINRAR.EXE-6F42D4E7.pf
WLRMDR.EXE-DDA57653.pf
WMIADAP.EXE-369DF1CD.pf
WMIPRVSE.EXE-02B87232.pf
WMIPRVSE.EXE-43972D0F.pf
WMPNSCFG.EXE-DF1DD51A.pf
WUAUCLT.EXE-830BCC14.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.0.5.2
Thx to Chiquitine29.....
User : moi (Administrators) # moi-PC
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 9:21:51 AM | 11/8/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk | 232.88 Go (92.62 Go free) | NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
C:\Windows\System32\smss.exe 468
C:\Windows\system32\csrss.exe 536
C:\Windows\system32\wininit.exe 592
C:\Windows\system32\csrss.exe 604
C:\Windows\system32\services.exe 636
C:\Windows\system32\lsass.exe 648
C:\Windows\system32\lsm.exe 656
C:\Windows\system32\svchost.exe 792
C:\Windows\system32\winlogon.exe 828
C:\Windows\system32\nvvsvc.exe 896
C:\Windows\system32\svchost.exe 924
C:\Windows\System32\svchost.exe 984
C:\Windows\System32\svchost.exe 1024
C:\Windows\System32\svchost.exe 1048
C:\Windows\system32\svchost.exe 1084
C:\Windows\system32\SLsvc.exe 1264
C:\Windows\system32\svchost.exe 1316
C:\Windows\system32\svchost.exe 1460
C:\Windows\system32\nvvsvc.exe 1584
C:\Windows\System32\spoolsv.exe 1840
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1872
C:\Windows\system32\taskeng.exe 1932
C:\Windows\system32\svchost.exe 1940
C:\Windows\system32\Dwm.exe 1976
C:\Windows\Explorer.EXE 340
C:\Program Files\Windows Defender\MSASCui.exe 1900
C:\Windows\system32\taskeng.exe 488
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 2104
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2116
C:\Program Files\iTunes\iTunesHelper.exe 2128
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2152
C:\Program Files\cFosSpeed\cfosspeed.exe 2172
C:\Program Files\Windows Sidebar\sidebar.exe 2184
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2208
C:\Program Files\uTorrent\uTorrent.exe 2216
C:\Program Files\DAEMON Tools Lite\daemon.exe 2232
C:\Windows\ehome\ehtray.exe 2268
C:\Users\moi\Desktop\stat\stat.exe 2364
C:\Windows\ehome\ehmsas.exe 2496
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2900
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2932
C:\Program Files\Bonjour\mDNSResponder.exe 3000
C:\Program Files\cFosSpeed\spd.exe 3012
C:\Windows\system32\svchost.exe 3124
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 3252
C:\Windows\system32\svchost.exe 3280
C:\Windows\System32\svchost.exe 3412
C:\Windows\system32\SearchIndexer.exe 3448
C:\Program Files\Mozilla Firefox\firefox.exe 2400
C:\Program Files\iPod\bin\iPodService.exe 2060
C:\Windows\system32\conime.exe 2984
C:\Users\moi\Desktop\List_Killem.exe 1632
C:\Windows\system32\cmd.exe 3464
C:\Windows\system32\wbem\wmiprvse.exe 1368
C:\Users\moi\AppData\Local\Temp\BF58.tmp\pv.exe 2780
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"uTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"SEO Soft"="C:\\Users\\moi\\Desktop\\stat\\stat.exe 0 20"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"RtHDVCpl"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"cFosSpeed"="C:\\Program Files\\cFosSpeed\\cFosSpeed.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
"UacDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
===============
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
===============
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
==========================
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\1.txt
C:\Program Files\DAEMON Tools Toolbar
C:\Windows\winstart.bat
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
7Z.EXE-47798AFA.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgGlUAD_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgRobust.db
ATTRIB.CFXXE-0EDF3074.pf
ATTRIB.CFXXE-750D77BE.pf
ATTRIB.CFXXE-958C1A93.pf
ATTRIB.EXE-C481CEC1.pf
AVCENTER.EXE-087DA68F.pf
AVNOTIFY.EXE-4291C867.pf
AVWSC.EXE-877F4F63.pf
BORDERLANDS.EXE-C41E4B2F.pf
BYPASS.EXE-F1668D4E.pf
CF13407.EXE-C17A196A.pf
CF23047.EXE-B04C4EA6.pf
CHCP.COM-950EAF32.pf
CLEANMGR.EXE-B508FB28.pf
CMD.CFXXE-07184B5C.pf
CMD.EXE-89305D47.pf
CONIME.EXE-B273009A.pf
CONTROL.EXE-9459D5A0.pf
CSCRIPT.EXE-E4C98DEB.pf
DLLHOST.EXE-71214090.pf
DLLHOST.EXE-C5C55E89.pf
DREAMWEAVER.EXE-467FD433.pf
DUMPHIVE.CFXXE-00D3E5F8.pf
ECHOX.EXE-DF8DF7F8.pf
ERUNT.CFXXE-1F3A5F43.pf
ERUNT.CFXXE-999CFB0C.pf
EXPLORER.EXE-7A3328DA.pf
FIND.EXE-162DFE58.pf
FINDSTR.CFXXE-CB2989C0.pf
FINDSTR.CFXXE-FDD98987.pf
FINDSTR.EXE-4176B665.pf
FINDYKILL.EXE-ABB719AD.pf
FIREFOX.EXE-E60C0AA7.pf
FNPLICENSINGSERVICE.EXE-8B3343A3.pf
FSUM.EXE-6F564D8C.pf
FTPXPERT3.EXE-A01CA168.pf
GREP.CFXXE-2B7FCE5C.pf
GREP.CFXXE-685F026B.pf
GREP.CFXXE-7F79FA46.pf
GREP.EXE-704EDE83.pf
GREP.EXE-A7D5AC83.pf
GRPCONV.EXE-CAFD68AE.pf
GSAR.CFXXE-AA54EBF7.pf
GSAR.CFXXE-E7342006.pf
GSAR.CFXXE-FE4F17E1.pf
HANDLE.CFXXE-5D9C77B2.pf
HANDLE.CFXXE-C3CABEFC.pf
HIDEC.EXE-372FE395.pf
HIDEC.EXE-7088B79B.pf
HIDEC.EXE-EA804742.pf
IEXPLORE.EXE-CD4B8CA4.pf
INFDEFAULTINSTALL.EXE-0005F860.pf
IPODSERVICE.EXE-FE1A6FF7.pf
KILLBAGLE.EXE-0E0F1E15.pf
Layout.ini
LOGONUI.EXE-1BEE4A84.pf
MENCODER.EXE-813B6BCD.pf
MOBSYNC.EXE-D8BC6ED2.pf
MODE.COM-0F3F3F6D.pf
MPLAYER.EXE-A6CB3416.pf
MSASCUI.EXE-6465DB72.pf
MSPAINT.EXE-89BB51A7.pf
N.PIF-E21D3C23.pf
NIRCMD.CFXXE-183617EF.pf
NIRCMD.CFXXE-7E645F39.pf
NIRCMD.CFXXE-9EE3020E.pf
NIRCMD.EXE-2B5D5516.pf
NIRCMDB.EXE-27E473A5.pf
NIRCMDB.EXE-AD81D7DC.pf
NIRCMDC.CFXXE-14876C10.pf
NIRCMDC.CFXXE-A70C3156.pf
NIRCMDC.CFXXE-D9BC311D.pf
NOTEPAD.EXE-EB1B961A.pf
NTOSBOOT-B00DFAAD.pf
PEV.CFXXE-0792E0FC.pf
PEV.CFXXE-54427D4F.pf
PEV.CFXXE-8D9B5155.pf
PEV.EXE-39460B44.pf
PEV.EXE-73C3F619.pf
PEV.EXE-9431D1B3.pf
PEV.EXE-FFB6E830.pf
PfSvPerfStats.bin
PHOTOSHOP.EXE-AEC178F6.pf
PING.EXE-B29F6629.pf
PV.CFXXE-7A7E6004.pf
PV.CFXXE-E0AEFD03.pf
PV.CFXXE-E5F9BA8E.pf
QUICKTIMEPLAYER.EXE-8A00152A.pf
ReadyBoot
REG.EXE-26976709.pf
REGEDIT.EXE-4748FE01.pf
REGT.CFXXE-52B9F328.pf
REGT.CFXXE-8F992737.pf
ROUTE.CFXXE-D030C639.pf
ROUTE.EXE-AA5DBD7E.pf
RUNONCE.EXE-E33ED995.pf
SC.EXE-BC6DAF49.pf
SED.CFXXE-01DF1A4A.pf
SED.CFXXE-7BD6A9F1.pf
SED.CFXXE-C8864644.pf
SED.EXE-603D9B89.pf
SETPATH.CFXXE-3301E9BB.pf
SETPATH.CFXXE-65B1E982.pf
SHUTDOWN.EXE-B918DC57.pf
SNDVOL.EXE-783DCB11.pf
SNIFFC.EXE-1082373A.pf
SORT.EXE-CDAF7663.pf
SVCHOST.EXE-E2D30E5C.pf
SWREG.CFXXE-14913645.pf
SWREG.CFXXE-8EF3D20E.pf
SWREG.CFXXE-A3C8A868.pf
SWREG.EXE-37022DDD.pf
SWREG.EXE-445AAA09.pf
SWREG.EXE-910A465C.pf
SWREG.EXE-CA631A62.pf
SWXCACLS.CFXXE-73D44A8E.pf
SWXCACLS.CFXXE-EBD15738.pf
TASKENG.EXE-5BAF290C.pf
TASKMGR.EXE-72398DC0.pf
THUNDERBIRD.EXE-EDED9AF7.pf
UPDATE.EXE-3FBE35E6.pf
VERCLSID.EXE-4D95F5A7.pf
VIDEOCONVERTER.EXE-E8019497.pf
VLC.EXE-CE8E9BE1.pf
WERMGR.EXE-2A1BCBC7.pf
WINRAR.EXE-6F42D4E7.pf
WLRMDR.EXE-DDA57653.pf
WMIADAP.EXE-369DF1CD.pf
WMIPRVSE.EXE-02B87232.pf
WMIPRVSE.EXE-43972D0F.pf
WMPNSCFG.EXE-DF1DD51A.pf
WUAUCLT.EXE-830BCC14.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 272
8 nov. 2009 à 09:26
8 nov. 2009 à 09:26
Suppression
REDEMARRE EN MODE SANS ECHEC
▶ Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil
apres les verifications , un rapport va s'ouvrir.
▶ ferme-le.
un deuxieme rapport va s'ouvrir ,
▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal
REDEMARRE EN MODE SANS ECHEC
▶ Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil
apres les verifications , un rapport va s'ouvrir.
▶ ferme-le.
un deuxieme rapport va s'ouvrir ,
▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal
Le rapport :
Kill'em by g3n-h@ckm@n 1.0.5.2
User : moi (Administrators) # moi-PC
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 9:28:13 AM | 11/8/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk | 232.88 Go (92.74 Go free) | NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
C:\Windows\System32\smss.exe 388
C:\Windows\system32\csrss.exe 452
C:\Windows\system32\csrss.exe 492
C:\Windows\system32\wininit.exe 500
C:\Windows\system32\winlogon.exe 528
C:\Windows\system32\services.exe 576
C:\Windows\system32\lsass.exe 588
C:\Windows\system32\lsm.exe 596
C:\Windows\system32\svchost.exe 740
C:\Windows\system32\svchost.exe 796
C:\Windows\System32\svchost.exe 832
C:\Windows\System32\svchost.exe 924
C:\Windows\system32\svchost.exe 956
C:\Windows\System32\svchost.exe 1004
C:\Windows\system32\svchost.exe 1024
C:\Windows\system32\svchost.exe 1040
C:\Windows\system32\svchost.exe 1212
C:\Windows\Explorer.EXE 1372
C:\Windows\system32\svchost.exe 1452
C:\Users\moi\Desktop\List_Killem.exe 1972
C:\Windows\system32\cmd.exe 1996
C:\Windows\system32\wbem\wmiprvse.exe 312
C:\Users\moi\AppData\Local\Temp\2DB4.tmp\pv.exe 780
Fichiers analysés :
=================
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
"C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
C:\1.txt
"C:\Program Files\DAEMON Tools Toolbar"
"C:\Windows\winstart.bat"
¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :
Quarantaine :
1.txt.Kill'em
DAEMON Tools Toolbar.Kill'em
qmgr0.dat.Kill'em
qmgr1.dat.Kill'em
winstart.bat.Kill'em
===================================
tentative de correction du registre
===================================
¤¤¤¤¤¤¤¤¤¤ Verification :
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgGlUAD_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.0.5.2
User : moi (Administrators) # moi-PC
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 9:28:13 AM | 11/8/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Microsoft® Windows Vista™ Ultimate (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | (!) Outdated ]
A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk | 232.88 Go (92.74 Go free) | NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
C:\Windows\System32\smss.exe 388
C:\Windows\system32\csrss.exe 452
C:\Windows\system32\csrss.exe 492
C:\Windows\system32\wininit.exe 500
C:\Windows\system32\winlogon.exe 528
C:\Windows\system32\services.exe 576
C:\Windows\system32\lsass.exe 588
C:\Windows\system32\lsm.exe 596
C:\Windows\system32\svchost.exe 740
C:\Windows\system32\svchost.exe 796
C:\Windows\System32\svchost.exe 832
C:\Windows\System32\svchost.exe 924
C:\Windows\system32\svchost.exe 956
C:\Windows\System32\svchost.exe 1004
C:\Windows\system32\svchost.exe 1024
C:\Windows\system32\svchost.exe 1040
C:\Windows\system32\svchost.exe 1212
C:\Windows\Explorer.EXE 1372
C:\Windows\system32\svchost.exe 1452
C:\Users\moi\Desktop\List_Killem.exe 1972
C:\Windows\system32\cmd.exe 1996
C:\Windows\system32\wbem\wmiprvse.exe 312
C:\Users\moi\AppData\Local\Temp\2DB4.tmp\pv.exe 780
Fichiers analysés :
=================
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
"C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
C:\1.txt
"C:\Program Files\DAEMON Tools Toolbar"
"C:\Windows\winstart.bat"
¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :
Quarantaine :
1.txt.Kill'em
DAEMON Tools Toolbar.Kill'em
qmgr0.dat.Kill'em
qmgr1.dat.Kill'em
winstart.bat.Kill'em
===================================
tentative de correction du registre
===================================
¤¤¤¤¤¤¤¤¤¤ Verification :
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgGlUAD_S-1-5-21-127182257-2607950328-4141922675-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
