Bonjour, au demarrage windows demande dll hal
Bonjour,
Télécharge PSV Carifred[/url] de [url=http://www.carifred.com/]Carifred.com.
Installe-le et double-clique sur PSV carifred 2.3 sur ton bureau. choisis l’option 10:Analyser le système et créer un rapport sur le bureau en tapant 10 puis Entrée puis choisis l’option 1:Rapport Express en tapant 1 puis Entrée. Ceci créera et ouvrira un rapport avec des infos sur ton système. Poste-le.
A+
Edité le 04/10/2010 à 09:36
Bonjour,
Mon ordinateur est infecté par Kubernesis. J’ai suivi la procédure décrite sur ce forum et je vous envoie le fichier UVKLog.txt - Merci d’avance de bien vouloir m’aider à résoudre mon problème.
=========================== UVK Scan log file ===========================
System Info:
UVK version: 2.3.3.0
Windows version: Microsoft windows XP X86 Build 2600 Service Pack 3
I.E. Version: 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Time & date: 11:30 28/09/2011
System drive: C: 124.61 GB free of 145.03 GB.
Processor: Intel(R) Celeron(R) CPU E1400 @ 2.00GHz
L2 Cache size: 512
Computer name: S-BAT1-S33. Logged on user: Administrateur. Number of users: 3.
Phisical memory: Total: 0.97 GB. Free: 468.95 MB.
Virtual memory: Total: 2 GB. Free: 1.96 GB.
Last boot up time: 09/28/2011 10:49:33. Boot type: Normal boot.
UVK scan mode: Verify file signatures, don't show Microsoft signed files.
========================= End of System Info. ========================
Searching for "autorun.inf" on HD partitions root...
Mode | autorun.inf | Destination file | Description | File signature
No autorun.inf was found on HD partitions root.
Executable file extensions state (Mode | Extension | Association | Command):
| .exe | exefile | “%1” %*
| .msi | Msi.Package | “%SystemRoot%\System32\msiexec.exe” /i “%1” %*
| .reg | regfile | regedit.exe “%1”
| .bat | batfile | “%1” %*
| .cmd | cmdfile | “%1” %*
| .com | comfile | “%1” %*
================= End of Executable file extensions state. =================
Running processes:
Format: Mode | Executable path | Description | File signature
| C:\WINDOWS\system32\ipfw.exe | No description | Unsigned : No publisher
| C:\WINDOWS\Eole\cliscribe\servscribe.exe | Client Scribe | Unsigned : No publisher
| C:\Program Files\Java\jre6\bin\jqs.exe | Java™ Quick Starter Service | Signed : Sun Microsystems, Inc.
| C:\Program Files\Lenovo\System Update\SUService.exe | ThinkVantage System Update Service | Unsigned : Lenovo Group Limited
| C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe | rrpservice Module | Unsigned : No publisher
| C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe | Rescue and Recovery Backup Service | Unsigned : Lenovo Group Limited
| C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe | Fast Restore Application | Unsigned : Lenovo Group Limited
| C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe | Trend Micro Common Client Real-time Scan Service (32-bit) | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe | Trend Micro Common Client Communication Service | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\BM\TMBMSRV.exe | Manages the Trend Micro unauthorized change prevention feature | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe | Trend Micro Proxy Service | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe | Trend Micro Personal Firewall Service | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe | Trend Micro OfficeScan Client Plug-in Service Manager | Signed : Trend Micro Inc.
| C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe | Trend Micro OfficeScan Monitor | Signed : Trend Micro Inc.
| C:\WINDOWS\system32\igfxtray.exe | igfxTray Module | Signed : Intel Corporation
| C:\WINDOWS\system32\hkcmd.exe | hkcmd Module | Signed : Intel Corporation
| C:\WINDOWS\system32\igfxpers.exe | persistence Module | Signed : Intel Corporation
| C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe | Trend Micro Common Client Process Management Service | Signed : Trend Micro Inc.
| C:\Program Files\UVK\UVK_en.exe | Ultra Virus Killer | Signed : Carifred
==================== End of Running processes list. ====================
Startup entries:
Format: Mode | Name | Destination file | Description | File signature
<HKLM…Run> | | File not found: | No description | No signature
<HKLM…Run> | winlogon.dll | C:\WINDOWS\winlogon.dll.vbe | No description | No signature
<HKLM…Run> | winlogon | C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe | No description | No signature
<HKLM…Run> | OfficeScanNT Monitor | C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe | Trend Micro OfficeScan Monitor | Signed : Trend Micro Inc.
<HKLM…Run> | IgfxTray | C:\WINDOWS\system32\igfxtray.exe | igfxTray Module | Signed : Intel Corporation
<HKLM…Run> | HotKeysCmds | C:\WINDOWS\system32\hkcmd.exe | hkcmd Module | Signed : Intel Corporation
<HKLM…Run> | Persistence | C:\WINDOWS\system32\igfxpers.exe | persistence Module | Signed : Intel Corporation
| winlogon.vbe | C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe | No description | No signature
======================= End of Startup entries list. ========================
IE, BHO and Shell execute hooks:
Format: Mode | Name | Destination file/url | Description | File signature
| Start Page | www.google.fr… | Main IE start page | No signature
| Start Page Redirect Cache | | IE Start Page Redirect Cache | No signature
| Local Page | C:\WINDOWS\system32\blank.htm | IE Local Page | No signature
================ End of IE, BHO and Shell execute hooks list. ===============
Image hijacks and Global context menus:
Format: Mode | Name | Destination file | Description | File signature
| Delete with UVK | C:\Program Files\UVK\UVK_en.exe | Ultra Virus Killer | Signed : Carifred
| OfficeScan NT | C:\Program Files\Trend Micro\OfficeScan Client\TmdShell.dll | libCNTTm Dynamic Link Library | Signed : Trend Micro Inc.
| Delete with UVK | C:\Program Files\UVK\UVK_en.exe | Ultra Virus Killer | Signed : Carifred
| AddToPlaylistVLC | C:\Program Files\VideoLAN\VLC\vlc.exe | No description | Unsigned : No publisher
| PlayWithVLC | C:\Program Files\VideoLAN\VLC\vlc.exe | No description | Unsigned : No publisher
| OfficeScan NT | C:\Program Files\Trend Micro\OfficeScan Client\TmdShell.dll | libCNTTm Dynamic Link Library | Signed : Trend Micro Inc.
============ End of Image hijacks and Global context menus list. =============
Services:
Format: Mode | Service name | Service file | Description | State | File signature
| ipfw | C:\WINDOWS\system32\ipfw.exe | ipfw_helper | Running | Unsigned : No publisher
| IviRegMgr | C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe | IviRegMgr | Stopped | Signed : InterVideo
| JavaQuickStarterService | C:\Program Files\Java\jre6\bin\jqs.exe | Java Quick Starter | Running | Signed : Sun Microsystems, Inc.
| maconfservice | C:\Program Files\ma-config.com\maconfservice.exe | Ma-Config Service | Stopped | Signed : CybelSoft
| ntrtscan | C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe | Scan en temps réel d’OfficeScanNT | Running | Signed : Trend Micro Inc.
| Power Manager DBC Service | C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE | Power Manager DBC Service | Stopped | Signed : No publisher
| servscribe | C:\WINDOWS\Eole\cliscribe\servscribe.exe | Service Scribe | Running | Unsigned : No publisher
| servupdate | C:\WINDOWS\Eole\updater\servupdate.exe | Service de MAJ du Client Scribe | Stopped | Unsigned : No publisher
| SUService | c:\program files\lenovo\system update\suservice.exe | System Update | Running | Unsigned : Lenovo Group Limited
| ThinkVantage Registry Monitor Service | c:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe | ThinkVantage Registry Monitor Service | Stopped | Signed : Lenovo Group Limited
| TMBMServer | C:\Program Files\Trend Micro\OfficeScan Client…\BM\TMBMSRV.exe | Trend Micro Unauthorized Change Prevention Service | Running | Signed : Trend Micro Inc.
| tmlisten | C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe | Service d’écoute d’OfficeScan NT | Running | Signed : Trend Micro Inc.
| TmPfw | C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe | OfficeScan NT Firewall | Running | Signed : Trend Micro Inc.
| TmProxy | C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe | OfficeScan NT Proxy Service | Running | Signed : Trend Micro Inc.
| TVT Backup Protection Service | C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe | TVT Backup Protection Service | Running | Unsigned : No publisher
| TVT Backup Service | C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe | TVT Backup Service | Running | Unsigned : Lenovo Group Limited
| TVT Scheduler | c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe | TVT Scheduler | Stopped | Unsigned : Lenovo Group Limited
| TVT_UpdateMonitor | C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe | TVT Windows Update Monitor | Running | Unsigned : Lenovo Group Limited
| WMConnectCDS | C:\Program Files\Windows Media Connect 2\wmccds.exe | Service Windows Media Connect | Stopped | Unsigned : Microsoft Corporation
======================= End of Services list. =======================
Drivers:
Format: Mode | Driver name | Driver file | Description | State | File signature
| Abiosdsk | No file (Advise removing) | No description | Stopped | No signature
| AliIde | C:\WINDOWS\system32\DRIVERS\aliide.sys | ALi mini IDE Driver | Stopped | Signed : Acer Laboratories Inc.
| amdagp | C:\WINDOWS\system32\DRIVERS\amdagp.sys | AMD Win2000 AGP Filter | Stopped | Signed : Advanced Micro Devices, Inc.
| asc | C:\WINDOWS\system32\DRIVERS\asc.sys | AdvanSys SCSI Controller Driver | Stopped | Signed : Advanced System Products, Inc.
| asc3550 | C:\WINDOWS\system32\DRIVERS\asc3550.sys | AdvanSys Ultra-Wide PCI SCSI Driver | Stopped | Signed : Advanced System Products, Inc.
| Atdisk | No file (Advise removing) | No description | Stopped | No signature
| Changer | No file (Advise removing) | No description | Stopped | No signature
| CmdIde | C:\WINDOWS\system32\DRIVERS\cmdide.sys | Pilote de bus PCI IDE CMD | Stopped | Signed : CMD Technology, Inc.
| cpudrv | C:\Program Files\SystemRequirementsLab\cpudrv.sys | No description | Stopped | Signed : No publisher
| dac2w2k | C:\WINDOWS\system32\DRIVERS\dac2w2k.sys | Mylex Disk Array Controller Driver | Stopped | Signed : Mylex Corporation
| driverhardwarev2 | C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys | Driver NT Ma-Config.com | Stopped | Signed : CybelSoft
| HDAudBus | C:\WINDOWS\system32\DRIVERS\HDAudBus.sys | High Definition Audio Bus Driver v1.0a | Stopped | Signed : Windows ® Server 2003 DDK provider
| ialm | C:\WINDOWS\system32\DRIVERS\igxpmp32.sys | Intel Graphics Miniport Driver | Stopped | Signed : Intel Corporation
| IntcAzAudAddService | C:\WINDOWS\system32\drivers\RtkHDAud.sys | Realtek® High Definition Audio Function Driver | Stopped | Signed : Realtek Semiconductor Corp.
| ip_fw | C:\WINDOWS\System32\DRIVERS\ip_fw.sys | WIPFW Kernel-Mode Driver | Stopped | Unsigned : WIPFW Project.
| lbrtfdc | No file (Advise removing) | No description | Stopped | No signature
| mraid35x | C:\WINDOWS\system32\DRIVERS\mraid35x.sys | MegaRAID RAID Controller Driver for Windows Whistler 32 | Stopped | Signed : American Megatrends Inc.
| NSCIRDA | C:\WINDOWS\system32\DRIVERS\nscirda.sys | NSC Fast Infrared Driver. | Stopped | Signed : National Semiconductor Corporation
| PCIDump | No file (Advise removing) | No description | Stopped | No signature
| PDCOMP | No file (Advise removing) | No description | Stopped | No signature
| PDFRAME | No file (Advise removing) | No description | Stopped | No signature
| PDRELI | No file (Advise removing) | No description | Stopped | No signature
| PDRFRAME | No file (Advise removing) | No description | Stopped | No signature
| pmem | C:\WINDOWS\System32\drivers\pmemnt.sys | Physical Memory Driver | Stopped | Unsigned : Microsoft Corporation
| psadd | C:\WINDOWS\system32\DRIVERS\psadd.sys | SMBIOS Driver | Stopped | Signed : Lenovo (United States) Inc.
| Ptilink | C:\WINDOWS\system32\DRIVERS\ptilink.sys | Parallel Technologies DirectParallel IO Library | Stopped | Signed : Parallel Technologies, Inc.
| PxHelp20 | C:\WINDOWS\system32\Drivers\PxHelp20.sys | Px Engine Device Driver for Windows 2000/XP | Stopped | Signed : Sonic Solutions
| ql1080 | C:\WINDOWS\system32\DRIVERS\ql1080.sys | Miniport Driver for QLogic ISP PCI Adapters | Stopped | Signed : QLogic Corporation
| ql12160 | C:\WINDOWS\system32\DRIVERS\ql12160.sys | Miniport Driver for QLogic ISP PCI Adapters | Stopped | Signed : QLogic Corporation
| ql1280 | C:\WINDOWS\system32\DRIVERS\ql1280.sys | Miniport Driver for QLogic ISP PCI Adapters | Stopped | Signed : QLogic Corporation
| Secdrv | C:\WINDOWS\system32\DRIVERS\secdrv.sys | Macrovision SECURITY Driver | Stopped | Signed : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
| Simbad | No file (Advise removing) | No description | Stopped | No signature
| sisagp | C:\WINDOWS\system32\DRIVERS\sisagp.sys | SiS NT AGP Filter | Stopped | Signed : Silicon Integrated Systems Corporation
| Sparrow | C:\WINDOWS\system32\DRIVERS\sparrow.sys | Adaptec AIC-6x60 series SCSI miniport | Stopped | Signed : Adaptec, Inc.
| SuperIO | C:\WINDOWS\system32\DRIVERS\spio.sys | No description | Stopped | Signed : No publisher
| symc810 | C:\WINDOWS\system32\DRIVERS\symc810.sys | Symbios Logic Inc. SCSI Miniport Driver | Stopped | Signed : Symbios Logic Inc.
| symc8xx | C:\WINDOWS\system32\DRIVERS\symc8xx.sys | Symbios 8XX SCSI Miniport Driver | Stopped | Signed : LSI Logic
| sym_hi | C:\WINDOWS\system32\DRIVERS\sym_hi.sys | Symbios Hi-Perf SCSI Miniport Driver | Stopped | Signed : LSI Logic
| sym_u3 | C:\WINDOWS\system32\DRIVERS\sym_u3.sys | Symbios Ultra3 SCSI Miniport Driver | Stopped | Signed : LSI Logic
| tmactmon | C:\WINDOWS\system32\drivers\tmactmon.sys | TrendMicro Activity Monitor Module | Stopped | Signed : Trend Micro Inc.
| tmcfw | C:\WINDOWS\system32\DRIVERS\TM_CFW.sys | Trend Micro NDIS 5.0 Intermedia Driver (i386-fre) | Stopped | Signed : Trend Micro Inc.
| tmcomm | C:\WINDOWS\system32\drivers\tmcomm.sys | TrendMicro Common Module | Stopped | Signed : Trend Micro Inc.
| tmevtmgr | C:\WINDOWS\system32\drivers\tmevtmgr.sys | TrendMicro Event Management Module | Stopped | Signed : Trend Micro Inc.
| TmFilter | C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys | Post Filter For XP | Stopped | Signed : Trend Micro Inc.
| TmPreFilter | C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys | Pre-Filter For XP | Stopped | Signed : Trend Micro Inc.
| tmtdi | C:\WINDOWS\system32\DRIVERS\tmtdi.sys | Trend Micro TDI Driver (i386-fre) | Stopped | Signed : Trend Micro Inc.
| tvtfilter | C:\WINDOWS\system32\DRIVERS\tvtfilter.sys | Rescue and Recovery filter driver | Stopped | Signed : Lenovo
| TVTI2C | C:\WINDOWS\system32\DRIVERS\Tvti2c.sys | SMBUS Driver | Stopped | Signed : Lenovo (United States) Inc.
| tvtumon | C:\WINDOWS\system32\DRIVERS\tvtumon.sys | Windows Update Monitor Driver | Stopped | Signed : Lenovo
| ultra | C:\WINDOWS\system32\DRIVERS\ultra.sys | Gestionnaire de miniport ULTRA66 de Promise | Stopped | Signed : Promise Technology, Inc.
| VSApiNt | C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys | VsapiNT | Stopped | Signed : Trend Micro Inc.
| WDICA | No file (Advise removing) | No description | Stopped | No signature
| yukonwxp | C:\WINDOWS\system32\DRIVERS\yk51x86.sys | NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller | Stopped | Signed : Marvell
======================== End of Drivers list. ========================
Scheduled tasks:
Format: Mode | Task name | Task file | Description | File signature
| PCDoctorBackgroundMonitorTask | C:\Program Files\PCDR5\pcdr5cuiw32.exe | Lenovo System Toolbox | Unsigned : PC-Doctor, Inc.
| PMTask | C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE | No description | No signature
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1116 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1139 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1140 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1141 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1144 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1145 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1150 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1155 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1172 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1186 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1188 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1196 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1197 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1203 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1204 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1320 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-1324 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-1287679827-4202775517-3476859530-3116 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-2772239772-2214900795-2792089572-24432 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-2772239772-2214900795-2792089572-24512 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeLogonTaskS-1-5-21-4294163656-461686906-482088093-500 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1116 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1139 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1140 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1141 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1144 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1145 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1150 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1155 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1172 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1186 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1188 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1196 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1197 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1203 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1204 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1320 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-1324 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-1287679827-4202775517-3476859530-3116 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-2772239772-2214900795-2792089572-24432 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-2772239772-2214900795-2792089572-24512 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| RealUpgradeScheduledTaskS-1-5-21-4294163656-461686906-482088093-500 | C:\Program Files\Real\RealUpgrade\realupgrade.exe | RealUpgrade Launcher | Signed : RealNetworks, Inc.
| Vérifier les mises à jour de Windows Live Toolbar | C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE | MSN Search Toolbar Scheduled Update Utility | No signature
==================== End of Scheduled tasks list. ====================
Uninstall list:
Format: Mode | Uninstall entry | Name | Publisher | Uninstall command
<HKLM…Uninstall> | Adobe Flash Player ActiveX | Adobe Flash Player 10 ActiveX | Adobe Systems Incorporated | C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe -maintain activex
<HKLM…Uninstall> | CCleaner | CCleaner | Piriform | “C:\Program Files\CCleaner\uninst.exe”
<HKLM…Uninstall> | CliScribe-updater_is1 | Client Scribe - Service de MAJ | Équipe Eole | “C:\WINDOWS\Eole\unins001.exe”
<HKLM…Uninstall> | CliScribe_is1 | Client Scribe-2.2 | Équipe Eole | “C:\WINDOWS\Eole\unins000.exe”
<HKLM…Uninstall> | DeviceManager | DeviceManager | eInstruction | “C:\Program Files\eInstruction\Device Manager\Uninstall\Uninstall_DeviceManager.exe”
<HKLM…Uninstall> | HijackThis | HijackThis 2.0.2 | TrendMicro | “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
<HKLM…Uninstall> | InstallShield_{9E3BC634-769E-4847-9530-E22433D13E45} | FanSpeedControl | Lenovo | “C:\Program Files\InstallShield Installation Information{9E3BC634-769E-4847-9530-E22433D13E45}\setup.exe” -runfromtemp -l0x0409 -removeonly
<HKLM…Uninstall> | InterwriteWorkspaceLanguagePack-French | InterwriteWorkspaceLanguagePack-French | eInstruction | “C:\Program Files\eInstruction\Workspace_Language_Pack\InterwriteWorkspaceLanguagePack-French\Uninstall\Uninstall_InterwriteWorkspaceLanguagePack-French.exe”
<HKLM…Uninstall> | Lenovo Registration | Lenovo Registration | Lenovo - Leader Technologies | C:\Program Files\Lenovo Registration\uninstall.exe
<HKLM…Uninstall> | M2416447 | Microsoft .NET Framework 1.1 Security Update (KB2416447) | No publisher | “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp”
<HKLM…Uninstall> | Marvell Miniport Driver | Marvell Miniport Driver | Marvell | C:\Program Files\Marvell\Miniport Driver\Uninst.exe
<HKLM…Uninstall> | MouseSuite98 | Mouse Suite | Primax Electronics Ltd. | PMUninst.exe MouseSuite98
<HKLM…Uninstall> | Mozilla Firefox (3.6.13) | Mozilla Firefox (3.6.13) | Mozilla | C:\Program Files\Mozilla Firefox\uninstall\helper.exe
<HKLM…Uninstall> | OfficeScanNT | Trend Micro OfficeScan Client | Trend Micro | “C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe”
<HKLM…Uninstall> | PC-Doctor for Windows | Lenovo System Toolbox | PC-Doctor, Inc. | C:\Program Files\PCDR5\uninst.exe
<HKLM…Uninstall> | RealPlayer 12.0 | RealPlayer | RealNetworks | C:\Program Files\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
<HKLM…Uninstall> | RegClean Pro_is1 | RegClean Pro | Systweak Inc | “C:\Program Files\RegClean Pro\unins000.exe” /silent
<HKLM…Uninstall> | UVK | UVK | Carifred | C:\Program Files\UVK\Uninstall.exe
<HKLM…Uninstall> | VLC media player | VLC media player 1.1.5 | VideoLAN | C:\Program Files\VideoLAN\VLC\uninstall.exe
<HKLM…Uninstall> | {1007F41F-7D69-468E-8017-3849A5A973C2} | ThinkVantage Technologies Welcome Message | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE” -l0x40c anything
<HKLM…Uninstall> | {26A24AE4-039D-4CA4-87B4-2F83216011FF} | Java™ 6 Update 26 | Sun Microsystems, Inc. | MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
<HKLM…Uninstall> | {28C2DED6-325B-4CC7-983A-1777C8F7FBAB} | RealUpgrade 1.1 | RealNetworks, Inc. | MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
<HKLM…Uninstall> | {44E9D4C2-946C-4378-9354-558803C47A68} | Client Security - Password Manager | Lenovo Group Limited | MsiExec.exe /I{44E9D4C2-946C-4378-9354-558803C47A68}
<HKLM…Uninstall> | {4A03706F-666A-4037-7777-5F2748764D10} | Java Auto Updater | Sun Microsystems, Inc. |
<HKLM…Uninstall> | {4C018129-1793-48D2-B82C-6FA71C96B476} | Online Data Backup | lenovo | MsiExec.exe /I{4C018129-1793-48D2-B82C-6FA71C96B476}
<HKLM…Uninstall> | {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} | RealNetworks - Microsoft Visual C++ 2008 Runtime | RealNetworks, Inc | MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
<HKLM…Uninstall> | {81BAF04C-52D6-44ED-A516-DA12E97886FB} | Interwrite Workspace Content | eInstruction | MsiExec.exe /X{81BAF04C-52D6-44ED-A516-DA12E97886FB}
<HKLM…Uninstall> | {8675339C-128C-44DD-83BF-0A5D6ABD8297} | System Update | Lenovo | MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
<HKLM…Uninstall> | {91810AFC-A4F8-4EBA-A5AA-B198BBC81144} | InterVideo WinDVD | InterVideo Inc. | “C:\Program Files\InstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe” REMOVEALL
<HKLM…Uninstall> | {986F64DC-FF15-449D-998F-EE3BCEC6666A} | Help Center | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe” -l0x40c -AddRemove
<HKLM…Uninstall> | {9E3BC634-769E-4847-9530-E22433D13E45} | FanSpeedControl | Lenovo | MsiExec.exe /I{9E3BC634-769E-4847-9530-E22433D13E45}
<HKLM…Uninstall> | {A0E64EBA-8BF0-49FB-90C0-BB3D781A2016} | Gestionnaire d’alimentation ThinkVantage | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE” -l0x40c -AddRemove
<HKLM…Uninstall> | {A4EF9D8B-E19B-45ED-BFAF-CB4364574FFF} | Ma-Config.com | Cybelsoft | MsiExec.exe /X{A4EF9D8B-E19B-45ED-BFAF-CB4364574FFF}
<HKLM…Uninstall> | {AB1380B3-5D8A-82E5-81AB-C910EA0033F7} | Response | eInstruction | MsiExec.exe /X{AB1380B3-5D8A-82E5-81AB-C910EA0033F7}
<HKLM…Uninstall> | {AC76BA86-7AD7-1036-7B44-A90000000001} | Adobe Reader 9 - Français | Adobe Systems Incorporated | MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
<HKLM…Uninstall> | {C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4} | XP Themes | Lenovo | MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
<HKLM…Uninstall> | {C6FA39A7-26B1-480A-BC74-6D17531AC222} | Access - Aide | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe” -l0x40c UNINSTALL
<HKLM…Uninstall> | {CD41B576-4787-4D5C-95EE-24A4ABD89CD3} | System Requirements Lab for Intel | Husdawg, LLC | MsiExec.exe /I{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}
<HKLM…Uninstall> | {CF5737AF-8550-4546-A69B-0EA9EF5A9B55} | ThinkVantage Productivity Center | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\Setup.exe” -l0x40c -AddRemove
<HKLM…Uninstall> | {D728E945-256D-4477-B377-6BBA693714AC} | Supplément à Productivity Center pour ThinkCentre | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE” -l0x40c -AddRemove
<HKLM…Uninstall> | {DB71210F-8314-4AE3-B7A7-EBAF85BD30E9} | Wallpapers | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe” -l0x40c UNINSTALL
<HKLM…Uninstall> | {E633D396-5188-4E9D-8F6B-BFB8BF3467E8} | Skype 5.0 | Skype Technologies S.A. | MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
<HKLM…Uninstall> | {E7E836B8-4BDD-454F-82E6-5FEA17C83AD4} | Message Center | InstallShield Software Corporation | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe” -l0x40c -AddRemove
<HKLM…Uninstall> | {ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} | Adobe Flash Player 10 Plugin | Adobe Systems, Inc. | MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
<HKLM…Uninstall> | {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} | Intel® Graphics Media Accelerator Driver | Intel Corporation | C:\Program Files\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
<HKLM…Uninstall> | {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} | Realtek High Definition Audio Driver | Realtek Semiconductor Corp. | RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -l0x40c -removeonly
<HKLM…Uninstall> | {F151F2B3-0C32-44D3-90E2-E639B8024622} | Rescue and Recovery | Lenovo Group Limited | MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
<HKLM…Uninstall> | {F18DB86D-BC16-4E01-BCCE-63F62B931D82} | InterVideo Register Manager | InterVideo Inc. |
<HKLM…Uninstall> | {FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A} | Message Center Plus | Lenovo Group Limited | MsiExec.exe /X{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}
<HKLM…Uninstall> | {FDDE9B30-6977-46A1-81AE-459ACB42ECAF} | Interwrite Workspace | eInstruction | MsiExec.exe /I{FDDE9B30-6977-46A1-81AE-459ACB42ECAF}
<HKLMW6432…Uninstall> | HOMESTUDENTR | | No publisher |
<HKLMW6432…Uninstall> | PROHYBRID2R | | No publisher |
<HKLMW6432…Uninstall> | PROHYBRIDR | | No publisher |
<HKLMW6432…Uninstall> | SMALLBUSINESSR | | No publisher |
======================= End of Uninstall list. =======================
Contents of C:
Format: Mode | Folder/File name | Size | Description | File signature
| 6965fa61bed5e0799170 | 6.09 MB | No description | Directory
| AUTOEXEC.BAT | 0 Bytes | No description | No signature
| autorun.inf | 98 Bytes | No description | No signature
| Books | 2.08 MB | No description | Directory
| boot.ini | 212 Bytes | No description | No signature
| bootfont.bin | 4.84 KB | No description | No signature
| CONFIG.SYS | 0 Bytes | No description | Unsigned : No publisher
| Documents and Settings | 2.1 GB | No description | Directory
| drivers | 2.05 MB | No description | Directory
| GSapps_l | 715.7 KB | No description | Directory
| hiberfil.sys | 0.97 GB | No description | Unsigned : No publisher
| I386 | 521.44 MB | No description | Directory
| Icons | 1.24 KB | No description | Directory
| Intel | 1 MB | No description | Directory
| IO.SYS | 0 Bytes | No description | Unsigned : No publisher
| MFGFLOW | 0 Bytes | No description | Directory
| MSDOS.SYS | 0 Bytes | No description | Unsigned : No publisher
| NTDETECT.COM | 46.45 KB | No description | Signed : No publisher
| NTLDR | 246.33 KB | No description | No signature
| pagefile.sys | 1.45 GB | No description | Unsigned : No publisher
| Program Files | 2.8 GB | No description | Directory
| RECYCLER | 2.13 MB | No description | Directory
| RHDSetup.log | 726 Bytes | No description | No signature
| RRbackups | -1 Bytes | No description | Directory
| rsit | 60.62 KB | No description | Directory
| SUPPORT | 13.04 MB | No description | Directory
| SWSHARE | 1.46 MB | No description | Directory
| SWTOOLS | 1.13 GB | No description | Directory
| sysiclog.txt | 1.37 MB | No description | No signature
| System Volume Information | 0 Bytes | No description | Directory
| Temp | 2.56 MB | No description | Directory
| tmuninst.ini | 21 Bytes | No description | No signature
| VALUEADD | 10.44 MB | No description | Directory
| WebInstall.log | 100.69 KB | No description | No signature
| WINDOWS | 9.38 GB | No description | Directory
| winlogon.vbe | 7.42 KB | No description | No signature
| YukonInstall.log | 328 Bytes | No description | No signature
======================= End of Contents of C:. =======================
Contents of Application Data:
Format: Mode | Folder/File name | Size | Description | File signature
| Adobe | 656.92 KB | No description | Directory
| Delivery | 0 Bytes | No description | Directory
| desktop.ini | 62 Bytes | No description | No signature
| DesktopPwrMgr | 154 Bytes | No description | Directory
| Downloaded Installations | 2.98 MB | No description | Directory
| dvdcss | 199 Bytes | No description | Directory
| eInstruction | 6 KB | No description | Directory
| GTCO CalComp | 41 Bytes | No description | Directory
| Identities | 0 Bytes | No description | Directory
| InstallShield | 0 Bytes | No description | Directory
| InterVideo | 0 Bytes | No description | Directory
| Lenovo | 36 Bytes | No description | Directory
| Macromedia | 941 Bytes | No description | Directory
| Microsoft | 0.99 MB | No description | Directory
| Mozilla | 1.64 MB | No description | Directory
| Real | 947.72 KB | No description | Directory
| Sun | 21.92 MB | No description | Directory
| vlc | 0.96 MB | No description | Directory
=================== End of Contents of Application Data. ===================
Contents of Local Application Data:
Format: Mode | Folder/File name | Size | Description | File signature
| Adobe | 45.48 MB | No description | Directory
| ApplicationHistory | 9.36 KB | No description | Directory
| Downloaded Installations | 458.34 KB | No description | Directory
| fusioncache.dat | 137 Bytes | No description | No signature
| GDIPFONTCACHEV1.DAT | 66.38 KB | No description | No signature
| IconCache.db | 4.1 MB | No description | No signature
| Microsoft | 2.54 MB | No description | Directory
| Microsoft Help | 0 Bytes | No description | Directory
| Mozilla | 41.88 MB | No description | Directory
================= End of Contents of Local Application Data. =================
Contents of Common Application Data:
Format: Mode | Folder/File name | Size | Description | File signature
| Adobe | 763 Bytes | No description | Directory
| desktop.ini | 62 Bytes | No description | No signature
| ezsidmv.dat | 56 Bytes | No description | No signature
| Lenovo | 1.26 MB | No description | Directory
| ma-config.com | 1.18 MB | No description | Directory
| McAfee | 7.15 KB | No description | Directory
| Microsoft | 1.56 MB | No description | Directory
| Microsoft Help | 61.43 KB | No description | Directory
| PC-Doctor | 1.38 KB | No description | Directory
| PCDr | 136 KB | No description | Directory
| Real | 1.07 MB | No description | Directory
| SBT | 8.46 MB | No description | Directory
| Skype | 532.32 KB | No description | Directory
| Sun | 190 Bytes | No description | Directory
| SuperIO | 112 Bytes | No description | Directory
| Windows Genuine Advantage | 3.03 KB | No description | Directory
================ End of Contents of Common Application Data. ================
Contents of Program Files:
Format: Mode | Folder/File name | Size | Description | File signature
| Adobe | 225.51 MB | No description | Directory
| CCleaner | 3.06 MB | No description | Directory
| ComPlus Applications | 0 Bytes | No description | Directory
| eInstruction | 0.94 GB | No description | Directory
| Fichiers communs | 138.1 MB | No description | Directory
| InstallShield Installation Information | 28.05 MB | No description | Directory
| Intel | 3.66 MB | No description | Directory
| Internet Explorer | 4.41 MB | No description | Directory
| InterVideo | 36.69 MB | No description | Directory
| Java | 86.53 MB | No description | Directory
| Lenovo | 203.02 MB | No description | Directory
| Lenovo Registration | 826.46 KB | No description | Directory
| ma-config.com | 6.21 MB | No description | Directory
| Marvell | 3.76 MB | No description | Directory
| Messenger | 2.05 MB | No description | Directory
| microsoft frontpage | 0 Bytes | No description | Directory
| Microsoft Office | 197.48 MB | No description | Directory
| Microsoft SQL Server | 72.7 MB | No description | Directory
| Movie Maker | 9.89 MB | No description | Directory
| Mozilla Firefox | 29.13 MB | No description | Directory
| MSBuild | 25.15 KB | No description | Directory
| MSN | 18.39 MB | No description | Directory
| MSN Gaming Zone | 8.34 MB | No description | Directory
| MSXML 4.0 | 0 Bytes | No description | Directory
| MSXML 6.0 | 16.93 KB | No description | Directory
| NetMeeting | 3.13 MB | No description | Directory
| Online Services | 1.76 KB | No description | Directory
| Outlook Express | 4.18 MB | No description | Directory
| PCDR5 | 106.17 MB | No description | Directory
| Real | 87.39 MB | No description | Directory
| Realtek | 55.72 MB | No description | Directory
| Reference Assemblies | 34.71 MB | No description | Directory
| RegClean Pro | 12.54 MB | No description | Directory
| Services en ligne | 1 KB | No description | Directory
| Snapshot Viewer | 135.09 KB | No description | Directory
| SystemRequirementsLab | 776.13 KB | No description | Directory
| ThinkCentre | 899.44 KB | No description | Directory
| ThinkPad | 16.63 MB | No description | Directory
| ThinkVantage | 14.69 MB | No description | Directory
| Trend Micro | 390.53 MB | No description | Directory
| Uninstall Information | 0 Bytes | No description | Directory
| UVK | 5.61 MB | No description | Directory
| VideoLAN | 76.8 MB | No description | Directory
| Windows Live Toolbar | 4.38 MB | No description | Directory
| Windows Media Connect 2 | 1.53 MB | No description | Directory
| Windows Media Player | 4.47 MB | No description | Directory
| Windows NT | 3.76 MB | No description | Directory
| WindowsUpdate | 0 Bytes | No description | Directory
| xerox | 0 Bytes | No description | Directory
| Zero G Registry | 5.45 KB | No description | Directory
====================== End of Contents of Program Files. ======================
Lsa providers:
Format: Mode | Name | Image path | Description | File signature
======================= End of Lsa providers list. =======================
Blocked hosts:
Format: Mode | Domain | Line | Description
| SCRIBE | 10.175.58.5 SCRIBE | Redirected domain(s) in the hosts file
======================= End of Blocked hosts list. =======================
Recent files search:
Format: Mode | Creation date | Path | Description | File signature
File name pattern to search: .exe|.dll|.com|.vbs|.cmd|.bat|.reg|.sys Max file age: 30 days.
| 2011-09-28 | C:\hiberfil.sys | No description | Unsigned : No publisher
| 2011-09-28 | C:\pagefile.sys | No description | Unsigned : No publisher
| 2011-09-28 | C:\Documents and Settings\admin\Local Settings\Temp\abt69419\BTCheckMS.dll | No description | Unsigned : No publisher
| 2011-09-28 | C:\Documents and Settings\Administrateur\Local Settings\Temp\abt70471\BTCheckMS.dll | No description | Unsigned : No publisher
| 2011-09-28 | C:\Documents and Settings\Administrateur\Mes documents\cc_20110928_091235.reg | No description | No signature
| 2011-09-23 | C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\avira_antivir_personal_fr.exe | No description | Signed : No publisher
| 2011-09-28 | C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\HJTInstall.exe | HijackThis | Signed : Trend Micro Inc.
| 2011-09-28 | C:\Documents and Settings\All Users\Application Data\ma-config.com | No description | Directory
| 2011-09-28 | C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com | No description | Directory
| 2011-09-21 | C:\Documents and Settings\anne.schindler\Local Settings\Temp\abt88814\BTCheckMS.dll | No description | Unsigned : No publisher
| 2011-09-23 | C:\Documents and Settings\hanina.oumakhlouf\Local Settings\Temp\abt71287\BTCheckMS.dll | No description | Unsigned : No publisher
| 2011-09-28 | C:\Program Files\ma-config.com | No description | Directory
| 2011-08-30 | C:\Program Files\Lenovo\System Update\default\default.reg | No description | No signature
| 2011-09-28 | C:\Program Files\Trend Micro\Administrateur.exe | HijackThis | Unsigned : Trend Micro Inc.
| 2011-09-28 | C:\Program Files\Trend Micro\hijackthis.exe | HijackThis | Unsigned : Trend Micro Inc.
| 2011-09-28 | C:\Program Files\Trend Micro\HijackThis\HijackThis.exe | HijackThis | Unsigned : Trend Micro Inc.
| 2011-09-23 | C:\Program Files\UVK\AutoUpdate.exe | Auto updater for UVK | Signed : Carifred
| 2011-09-23 | C:\Program Files\UVK\Log analyzer.exe | UVK log analyzer and script creator | Signed : Carifred
| 2011-09-23 | C:\Program Files\UVK\RebootExec.exe | UVK reboot command parser | Signed : Carifred
| 2011-09-23 | C:\Program Files\UVK\Uninstall.exe | UVK uninstaller | Signed : Carifred
| 2011-09-23 | C:\Program Files\UVK\UVK_en.exe | Ultra Virus Killer | Signed : Carifred
| 2011-09-28 | C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll | .NET FX OpenType/CFF Rasterizer | Unsigned : Adobe Systems Incorporated
| 2011-09-18 | C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe | Adobe® Flash® Player Installer/Uninstaller 10.3 r183 | Signed : Adobe Systems, Inc.
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\accicons.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\bindico.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\fpicon.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\misc.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\outicon.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\PEicons.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\pptico.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\wordicon.exe | No description | Unsigned : No publisher
| 2011-09-20 | C:\WINDOWS\Installer{0001040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe | No description | Unsigned : No publisher
| 2011-08-30 | C:\WINDOWS\Installer{8675339C-128C-44DD-83BF-0A5D6ABD8297}\ARPPRODUCTICON.exe | InstallShield | Unsigned : Macrovision Corporation
| 2011-08-30 | C:\WINDOWS\Installer{8675339C-128C-44DD-83BF-0A5D6ABD8297}\tvsu.exe2_8675339C128C44DD83BF0A5D6ABD8297.exe | InstallShield | Unsigned : Macrovision Corporation
| 2011-08-30 | C:\WINDOWS\Installer{8675339C-128C-44DD-83BF-0A5D6ABD8297}\tvsu.exe3_8675339C128C44DD83BF0A5D6ABD8297.exe | InstallShield | Unsigned : Macrovision Corporation
| 2011-09-28 | C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll | Adobe Flash Player Helper 10.3 r183 | Signed : Adobe Systems, Inc.
| 2011-09-28 | C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe | Adobe® Flash® Player Installer/Uninstaller 10.3 r183 | Signed : Adobe Systems, Inc.
88046 files searched. 37 files matched.
======================= End of Recent files list. =======================
####################### End of UVK scan log file. #######################:hello:
Je vois par le nombre d’outils que tu as installé, que tu as déjà essayé d’autres méthodes pour supprimer ce malware.
Si tu est en train de suivre une procédure dans un autre forum, tu dois la continuer. Sinon, voici la méthode à suivre:
==> Relance UVK.
==> Clique sur Run UVK Scripts.
==> Colle le code en gras ci-dessous dans la boite de commandes d’UVK:
[b] | winlogon.vbe | C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe | No description | No signature
| winlogon.vbe | 7.42 KB | No description | No signature
| 2011-08-30 | C:\WINDOWS\Installer{8675339C-128C-44DD-83BF-0A5D6ABD8297}\tvsu.exe2_8675339C128C44DD83BF0A5D6ABD8297.exe | InstallShield | Unsigned : Macrovision Corporation
| 2011-08-30 | C:\WINDOWS\Installer{8675339C-128C-44DD-83BF-0A5D6ABD8297}\tvsu.exe3_8675339C128C44DD83BF0A5D6ABD8297.exe | InstallShield | Unsigned : Macrovision Corporation
C:\WINDOWS\winlogon.dll.vbe[/b]
==> Clique sur Run/Fix listed et confirme l’éxécution des commandes.
Note que l’ordinateur va redémarrer après l’éxécution des commandes. Après le redémarrage tu auras un nouveau fichier texte sur le bureau nommé UVKFixLog. Poste son contenu et vérifie si l’ordi mache normalement.
A + 