1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ntload.sys

Discussion in 'Malware and Virus Removal Archive' started by corto6938, 2008/02/10.

  1. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    I have the same problem. How can I remove it?

    The contents of main.txt are:

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\WINDOWS\system32\svcd\svchost.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: run= "C:\WINDOWS\system32\winupdate.exe "
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:eek:s_startup
    O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453526 14
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Security Service (MARD) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6946 bytes
     
    corto6938,
    #1
  2. 2008/02/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi corto6938
    Welcome to Windowsbbs.
    I have moved your post to a thread of it's own.
    Please make all replies to this thread to avoid confusion.

    Please do not alter the posts, color change or any deletions ect...

    Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

    Please post the “main.txt” log only for now.

    Please post the dss log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    Main.txt:


    Deckard's System Scanner v20071014.68
    Run by xxxx on 2008-02-10 18:00:43
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    27: 2008-02-10 17:00:49 UTC - RP220 - Deckard's System Scanner Restore Point
    26: 2008-02-10 16:53:42 UTC - RP219 - ComboFix created restore point
    25: 2008-02-10 10:11:01 UTC - RP218 - Point de vérification système
    24: 2008-02-05 19:03:03 UTC - RP217 - Point de vérification système
    23: 2008-02-03 18:51:07 UTC - RP216 - Point de vérification système


    -- First Restore Point --
    1: 2007-11-08 18:40:20 UTC - RP194 - Point de vérification système


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 85% (more than 75%).


    -- HijackThis (run as xxxx.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02, on 2008-02-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\WINDOWS\system32\svcd\svchost.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\xxxxt\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\xxxx.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:eek:s_startup
    O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453526 14
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Security Service (MARD) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6564 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 VFILT (Outpost Firewall Kernel Driver) - c:\program files\agnitum\outpost firewall 1.0\kernel\2000\filtnt.sys <Not Verified; Agnitum Ltd.; Virtual Firewall>

    S3 ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\adblock.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\arp.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 cel90xbe - c:\documents and settings\emile tillet\local settings\temp\cel90xbe.sys
    S3 CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\content.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\dnscache.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\ftpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\htmlfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\httpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\imapfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\mailfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
    S3 NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\nntpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 ntload (ntload v0.1) - c:\windows\system32\ntload.sys (file missing)
    S3 POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\pop3filt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\protect.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
    S3 SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - c:\program files\agnitum\outpost firewall 1.0\kernel\secret.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 MARD (Security Service) - c:\windows\system32\svcd\svchost.exe
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S4 OutpostFirewall (Outpost Firewall Service) - c:\progra~1\agnitum\outpos~1.0\outpost.exe /service <Not Verified; Agnitum Ltd.; Outpost Firewall>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-01-10 and 2008-02-10 -----------------------------

    2008-02-10 17:53:14 68096 --a------ C:\WINDOWS\system32\zip.exe
    2008-02-10 17:53:14 98816 --a------ C:\WINDOWS\system32\sed.exe
    2008-02-10 17:53:14 80412 --a------ C:\WINDOWS\system32\grep.exe
    2008-02-10 17:53:14 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-02-10 17:53:09 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
    2008-02-10 17:20:27 0 drahs---- C:\autorun.inf
    2008-02-10 17:09:32 0 d-------- C:\Program Files\Enigma Software Group
    2008-02-10 16:55:28 0 d-------- C:\Program Files\Trend Micro
    2008-02-08 22:21:00 87552 --a------ C:\WINDOWS\system32\winupdate.exe
    2008-02-08 22:20:14 87552 --a------ C:\WINDOWS\system32\TmpX.exe
    2008-02-07 22:30:57 114 --a------ C:\WINDOWS\system32\url3
    2008-02-07 22:30:57 102 --a------ C:\WINDOWS\system32\url2
    2008-02-07 22:30:57 102 --a------ C:\WINDOWS\system32\url1
    2008-02-07 22:30:57 8 --a------ C:\WINDOWS\system32\CID
    2008-02-07 22:30:54 4 --a------ C:\WINDOWS\system32\SvcNm
    2008-02-07 22:30:54 0 d-------- C:\WINDOWS\system32\svcd
    2008-02-07 22:30:49 34816 --a------ C:\info.exe
    2008-01-26 12:23:54 0 d-------- C:\Documents and Settings\Emile Tillet\Application Data\InterVideo


    -- Find3M Report ---------------------------------------------------------------

    2008-02-10 00:12:56 0 d-------- C:\Documents and Settings\xxxxx\Application Data\LimeWire


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan "= "SOUNDMAN.EXE" [2005-02-23 18:13 C:\WINDOWS\SOUNDMAN.EXE]
    "ATIPTA "= "C:\ATI-CPanel\atiptaxx.exe" [2005-01-19 20:40]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
    "BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
    "StandardInstall "=" " []
    "OutpostFeedBack "= "C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 12:05]
    "Workflow "= "D:\install\Workflow.exe" []
    "Motive SmartBridge "= "C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 12:27]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
    "fsc-reminder.exe "= "C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 16:10]
    "RealPlayer "= "C:\Program Files\Real\RealPlayer\realplay.exe" [2006-06-02 21:41]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2007-03-22 22:07:41]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-07-21 21:59:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "= C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
    @= "Service "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a00b32ae-bb14-11d9-865b-806d6172696f}]
    AutoRun\command- D:\eautorun.EXE
    install\command- D:\INSTALL\_SETUP.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d57169ca-d194-11db-b67b-000feaadea41}]
    Auto\command- E:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e




    -- End of Deckard's System Scanner: finished at 2008-02-10 18:04:02 ------------
     
    corto6938,
    #3
  5. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    extra.txt:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Édition familiale (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: AMD Sempron(tm) 3000+
    Percentage of Memory in Use: 87%
    Physical Memory (total/avail): 511.48 MiB / 63.38 MiB
    Pagefile Memory (total/avail): 1250.07 MiB / 826.39 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1924.64 MiB

    C: is Fixed (NTFS) - 149.05 GiB total, 128.52 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - WDC WD1600BB-55GUC0 - 149.05 GiB - 1 partition
    \PARTITION0 (bootable) - Système de fichiers installable - 149.05 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntivirusOverride is set.

    FW: Outpost Firewall Pro v3.5 (Agnitum) Disabled
    FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
    AV: avast! antivirus 4.7.1098 [VPS 080209-0] v4.7.1098 (ALWIL Software)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer "
    "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe:*:Disabled:RealPlayer "
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger "
    "C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\xxxx\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=TIL-D8F209EAF3A
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\xxxx
    LOGONSERVER=\\TIL-D8F209EAF3A
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI-CPanel; "C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier ";C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0a00
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\x~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\x~1\LOCALS~1\Temp
    tvdumpflags=8
    USERDOMAIN=TIL-D8F209EAF3A
    USERNAME=xxxx
    USERPROFILE=C:\Documents and Settings\xxxx
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    xxxx (admin)
    xxx (admin)
    xx (admin)
    x (admin)
    Administrateur (new local, admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\PROGRA~1\CLUB-I~1\LECOMP~1\Uninstall.exe TONLFR
    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adibou,Je lis, je calcule 5-6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5566EB65-F154-46C3-A4F9-CE4B7BF2069A}\Setup.exe" -l0x40c -removeonly
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.9 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
    Agnitum Outpost Firewall Pro --> C:\PROGRA~1\Agnitum\OUTPOS~1.0\uninst.exe
    ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
    ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c "C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b "CFD" -h "CFD" -a
    Clic d'Api N°20 --> C:\Program Files\Clic d'Api N°20\Uninstall.exe
    Configurateur Modem --> "C:\Program Files\Club-Internet\Assistance\uninstall.exe "
    Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
    Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    Correctif Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB883529 --> C:\WINDOWS\$NtUninstallKB883529$\spuninst\spuninst.exe
    Correctif Windows XP - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
    Correctif Windows XP - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
    Correctif Windows XP - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
    Correctif Windows XP - KB884883 --> C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe
    Correctif Windows XP - KB885222 --> C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe
    Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
    Correctif Windows XP - KB885887 --> C:\WINDOWS\$NtUninstallKB885887$\spuninst\spuninst.exe
    Correctif Windows XP - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Correctif Windows XP - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB888402 --> C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
    Correctif Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
    Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    Correctif Windows XP - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
    Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe "
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe "
    Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe "
    Dora l'exploratrice : Les animaux de la jungle --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF9FA161-78F2-11D8-95ED-000476379056}\setup.exe" -l0x40c -uninst
    High Definition Audio - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Lanceur Club Internet v6 --> "C:\Program Files\Club-Internet\Lanceur\uninstall.exe "
    Lapin Malin, Le globe magique --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D764362-8733-4D49-9FA2-0A03CF36AEFE}\setup.exe"
    LE COMPAGNON CLUB --> C:\WINDOWS\Motive\TONLFR\MCCUninst.exe
    Le pique nique --> C:\WINDOWS\unin040c.exe -f "C:\Program Files\Gallimard\Drôles de petites bêtes\DeIsL1.isu" -c "C:\Program Files\Gallimard\Drôles de petites bêtes\_ISREG32.DLL "
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft Office 2000 Standard --> MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
    Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
    Mise à jour pour Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe "
    Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
    Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express 3 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
    Nikon Message Center --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
    Nokia PC Suite --> MsiExec.exe /I{1B58C9D2-1925-413F-B29A-C4E7596C43F5}
    ours --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{2a6b0969-89d0-43ff-ae42-32a7551f9aa9}.sdb "
    PC Connectivity Solution --> MsiExec.exe /I{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}
    PictureProject --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL
    QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Smart Link 56K Modem --> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
    VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
    VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
    Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type2303 / Error
    Event Submitted/Written: 02/10/2008 05:41:39 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante winupdate.exe, version 0.0.0.0, module défaillant winupdate.exe, version 0.0.0.0, adresse de défaillance 0x0001b6bb.
    Traitement de l'événement propre au support pour [winupdate.exe!ws!]

    Event Record #/Type2300 / Error
    Event Submitted/Written: 02/10/2008 05:38:38 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d.
    Traitement de l'événement propre au support pour [drwtsn32.exe!ws!]

    Event Record #/Type2299 / Error
    Event Submitted/Written: 02/10/2008 05:38:33 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante explorer.exe, version 6.0.2900.3156, module défaillant shlwapi.dll, version 6.0.2900.3231, adresse de défaillance 0x00008340.
    Traitement de l'événement propre au support pour [explorer.exe!ws!]

    Event Record #/Type2297 / Error
    Event Submitted/Written: 02/10/2008 05:23:01 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante winupdate.exe, version 0.0.0.0, module défaillant winupdate.exe, version 0.0.0.0, adresse de défaillance 0x0001b6bb.
    Traitement de l'événement propre au support pour [winupdate.exe!ws!]

    Event Record #/Type2293 / Error
    Event Submitted/Written: 02/10/2008 04:35:36 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Application défaillante winupdate.exe, version 0.0.0.0, module défaillant winupdate.exe, version 0.0.0.0, adresse de défaillance 0x0001b6bb.
    Traitement de l'événement propre au support pour [winupdate.exe!ws!]



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type37468 / Error
    Event Submitted/Written: 02/10/2008 06:03:18 PM
    Event ID/Source: 7016 / Service Control Manager
    Event Description:
    Le service SmartLinkService a signalé un état actuel 0 non valide.

    Event Record #/Type37185 / Error
    Event Submitted/Written: 02/10/2008 03:33:40 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    Le service Explorateur d'ordinateur s'est arrêté avec l'erreur :
    %%1460

    Event Record #/Type36915 / Warning
    Event Submitted/Written: 02/09/2008 10:18:17 AM
    Event ID/Source: 1073 / USER32
    Event Description:
    Échec de la tentative de se mettre hors tension. TIL-D8F209EAF3A

    Event Record #/Type36876 / Warning
    Event Submitted/Written: 02/08/2008 10:44:41 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

    Event Record #/Type36875 / Warning
    Event Submitted/Written: 02/08/2008 10:26:37 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.



    -- End of Deckard's System Scanner: finished at 2008-02-10 18:04:02 ------------
     
    corto6938,
    #4
  6. 2008/02/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi corto6938
    Just so you know, any posts have to be reviewed that have a URL in them.

    You will not see them until reviewed and approved, so please only post them one time.

    I'll look you log over and post back.

    Thanks
    Geri
     
    Geri,
    #5
  7. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    Got it.
    Thank you for your reply Geri.
     
    corto6938,
    #6
  8. 2008/02/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please run any tools in the order given.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    Next do this.

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the SDFix log and the Combofix log.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    Before I do that I'd like to advise that I have uninstalled Limewire from my computer, restarted it, and it seems that the ntload.sys file is no longer there. I have no more message from avast saying that there's a virus.

    Should I do that anyway?
     
    corto6938,
    #8
  10. 2008/02/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Yes I see other problems in your logs.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2008/02/10
    corto6938

    corto6938 Inactive Thread Starter

    Joined:
    2008/02/10
    Messages:
    6
    Likes Received:
    0
    Are these problems big?
    In any case, I will come back to later to do that.
    Thank you for your help.
     
    corto6938,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...