S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
210 utilisateurs connectés
Forum de 01net / Sécurité / Alerte rouge !

Alerte rouge !

flech53 le 28 novembre 2008 à 07h36
Bonjour tous le monde ,

Bon je viens poster un message ici car depuis un moment exatement le 30/10/08 j'ai windows update qui fonctionne plus :/
aussi j'ai téléchargé hier une démo du jeux Alerte Rouge sur ce site " 01.net " j'ai mon pc qui fonctionne de moins en
moins bien genre la fonction
restauration ne se termine pas juste moyen de récupérrer ma connection internet qui s'arrete ?; :??:

Et bien entendu impossible de faire marcher le jeu que j' ai éffacer par la suite en étant obliger de glacer certains programmes avec windows manager!
Niveau protection j'ai Spybot,Commodo et Antivir
Aussi je ne veut pas faire de mauvaise pub ici car je trouve le site vraiment
complet et super,aussi je doute qu'il y est une faille dans certains téléchargements mais cela est possible ou alors cela viendrait d'imcomptabilité
ou d'une mauvaise manipulation de mes programmes ou alors la suite de mon 1er problème...
Si quelqun pe m'aider, Merci :hello:
répondre
Curson le 28 novembre 2008 à 18h02
Bonsoir,

Nous allons vérifier si un programme malveillant est responsable de tes problèmes.

[...]étant obliger de glacer certains programmes avec windows manager!
Que veux-tu dire par là ?


Marche à suivre :

- Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis
répondre
flech53 le 30 novembre 2008 à 18h39
Bonsoir,

Voila le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:48, on 30/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min / nosplash
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6536 bytes
"..]étant obliger de glacer certains programmes avec windows manager!"
Je voulais dire par la en utilisant la fonction 'Task Manager'
Aussi j' ai réussi a télécharger une mise a jour avec "windows update"" mais
celle ci concerne juste mon imprimante et j'ai 8 nouvelles en attente impossible a installer :??:

Voila merci pour l'aide, ;)
répondre
Curson le 30 novembre 2008 à 22h23
Bonsoir,

1) Analyse ton système avec le Kaspersky Online Scanner. Tutorial
Poste le résultat de l'analyse ici.


2) J'aimerais que tu scannes le fichier suivant sur VirusTotal ; Tutorial : http://forum.malekal.com/viewtopic.php?f=59&t=9828
C:\Windows\system32\cssdll32.dll

Poste le rapport de scan ici.


3) Télécharge OTViewIt de OldTimer sur ton bureau.

- Fermes toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

Si le bloc note ne s'ouvre pas, tu les trouveras ton bureau : OTViewIt.txt et Extras.txt


A plus tard.

répondre
flech53 le 03 décembre 2008 à 00h05
Bonsoir Curson, :hello:

Bon voila j'ai fait ce que tu m'a dit et voici les rapports:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 2, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 02, 2008 02:36:19
Records in database: 1430824
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 95171
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:35:39

No malware has been detected. The scan area is clean.
The selected area was scanned.

_Virus total_
Fichier cssdll32.dll reçu le 2008.12.02 05:53:27 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.2.0 2008.12.02 -
AntiVir 7.9.0.36 2008.12.01 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 -
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 -
eTrust-Vet 31.6.6236 2008.12.01 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 -
Ikarus T3.1.1.45.0 2008.12.01 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 -
NOD32 3656 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.02 -
Rising 21.06.02.00 2008.12.01 -
SecureWeb-Gateway 6.7.6 2008.12.01 -
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1495 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Information additionnelle
File size: 249592 bytes
MD5...: 19699febe71ed8919d9a3169a107265a
SHA1..: e7fa62051b4299c294a65d16bc29a1f604d6b0b9
SHA256: 55bb3124fbea8a6a3363e4028d1b05b52a5b1346df983e8d2c4dcd4577e5fabb
SHA512: c0f71e7ec77b4c724ceb43b7d45ab94f4134147a6ea057215ddc22bcc9772d80<br>6d5d86f5fc9707f36e6d912c47381b160b14940bd1f898c8a83651bc86dac237<br>
ssdeep: 3072:SgcgCrw4xQ7sgWOeiCx3tQqAJMVeAk77AG1vP7c+LZGk5kF4OqXF40Mi0Lg<br>jgGsI:rtCrw4wbJMHknA471Gk581h7o1<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000290c<br>timedatestamp.....: 0x483ed63f (Thu May 29 16:13:51 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9c37 0xa000 6.53 181fac4c1bc3ba7bb9de89409d41a26b<br>.rdata 0xb000 0x3ff4 0x4000 5.43 37b2a910ea59f40b855cc69494508707<br>.data 0xf000 0x1cdc 0x1000 2.28 709418b1cf5d0a3c7389200f8e8d3df6<br>.rsrc 0x11000 0x29454 0x2a000 7.08 c630efd593c3248935f388cba840322e<br>.reloc 0x3b000 0x1ec0 0x2000 4.77 2227d2617cfad5a5655acf5aff9cc2cd<br><br>( 7 imports ) <br>> ntdll.dll: RtlUnwind, ZwOpenKey, RtlImageNtHeader, ZwClose, ZwQueryValueKey, wcsstr, RtlImageDirectoryEntryToData, _wcslwr, RtlInitUnicodeString<br>> SHLWAPI.dll: PathFindFileNameA, wnsprintfA<br>> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>> KERNEL32.dll: LCMapStringA, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, ExitProcess, GetCurrentThread, VirtualFree, GetModuleFileNameW, VirtualAlloc, LoadLibraryA, GetModuleFileNameA, GetModuleHandleA, GetCurrentThreadId, CloseHandle, GetCurrentProcessId, CreateThread, VirtualQuery, LCMapStringW, InterlockedCompareExchange, ResumeThread, FlushInstructionCache, GetCurrentProcess, GetThreadContext, SetThreadContext, GetLastError, SuspendThread, SetLastError, MultiByteToWideChar, HeapSize, GetOEMCP, GetACP, GetCPInfo, WriteFile, InitializeCriticalSection, RaiseException, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, VirtualProtect, HeapFree, GetEnvironmentStringsW, WideCharToMultiByte, FreeEnvironmentStringsW, GetCommandLineA, GetVersionExA, HeapAlloc, GetProcessHeap, HeapDestroy, HeapCreate, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, Sleep, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings<br>> USER32.dll: PostQuitMessage, SendMessageA, SetWindowLongA, MessageBoxA, SetCursor, GetDlgItem, PostMessageA, SetWindowTextA, LoadImageA, CallWindowProcA, LoadCursorA, GetWindowLongA, DialogBoxParamA<br>> GDI32.dll: CreateFontA, SetBkMode, GetStockObject, SetTextColor<br>> SHELL32.dll: SHGetFileInfoA<br><br>( 0 exports ) <br>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=19699febe71ed8919d9a3169a107265a' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=19699febe71ed8919d9a3169a107265a</a>

Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;2008.12.2.0;2008.12.02;-
AntiVir;7.9.0.36;2008.12.01;-
Authentium;5.1.0.4;2008.12.02;-
Avast;4.8.1281.0;2008.12.01;-
AVG;8.0.0.199;2008.12.02;-
BitDefender;7.2;2008.12.02;-
CAT-QuickHeal;10.00;2008.12.02;-
ClamAV;0.94.1;2008.12.02;-
DrWeb;4.44.0.09170;2008.12.02;-
eSafe;7.0.17.0;2008.11.30;-
eTrust-Vet;31.6.6236;2008.12.01;-
Ewido;4.0;2008.12.01;-
F-Prot;4.4.4.56;2008.12.01;-
F-Secure;8.0.14332.0;2008.12.02;-
Fortinet;3.117.0.0;2008.12.02;-
GData;19;2008.12.02;-
Ikarus;T3.1.1.45.0;2008.12.01;-
K7AntiVirus;7.10.539;2008.12.01;-
Kaspersky;7.0.0.125;2008.12.02;-
McAfee;5451;2008.12.01;-
McAfee+Artemis;5451;2008.12.01;-
Microsoft;1.4104;2008.12.02;-
NOD32;3656;2008.12.02;-
Norman;5.80.02;2008.12.01;-
Panda;9.0.0.4;2008.12.02;-
PCTools;4.4.2.0;2008.12.01;-
Prevx1;V2;2008.12.02;-
Rising;21.06.02.00;2008.12.01;-
SecureWeb-Gateway;6.7.6;2008.12.01;-
Sophos;4.36.0;2008.12.02;-
Sunbelt;3.1.1832.2;2008.12.01;-
Symantec;10;2008.12.02;-
TheHacker;6.3.1.2.171;2008.12.02;-
TrendMicro;8.700.0.1004;2008.12.02;-
VBA32;3.12.8.9;2008.12.01;-
ViRobot;2008.12.2.1495;2008.12.02;-
VirusBuster;4.5.11.0;2008.12.01;-

Information additionnelle
File size: 249592 bytes
MD5...: 19699febe71ed8919d9a3169a107265a
SHA1..: e7fa62051b4299c294a65d16bc29a1f604d6b0b9
SHA256: 55bb3124fbea8a6a3363e4028d1b05b52a5b1346df983e8d2c4dcd4577e5fabb
SHA512: c0f71e7ec77b4c724ceb43b7d45ab94f4134147a6ea057215ddc22bcc9772d80<br>6d5d86f5fc9707f36e6d912c47381b160b14940bd1f898c8a83651bc86dac237<br>
ssdeep: 3072:SgcgCrw4xQ7sgWOeiCx3tQqAJMVeAk77AG1vP7c+LZGk5kF4OqXF40Mi0Lg<br>jgGsI:rtCrw4wbJMHknA471Gk581h7o1<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000290c<br>timedatestamp.....: 0x483ed63f (Thu May 29 16:13:51 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x9c37 0xa000 6.53 181fac4c1bc3ba7bb9de89409d41a26b<br>.rdata 0xb000 0x3ff4 0x4000 5.43 37b2a910ea59f40b855cc69494508707<br>.data 0xf000 0x1cdc 0x1000 2.28 709418b1cf5d0a3c7389200f8e8d3df6<br>.rsrc 0x11000 0x29454 0x2a000 7.08 c630efd593c3248935f388cba840322e<br>.reloc 0x3b000 0x1ec0 0x2000 4.77 2227d2617cfad5a5655acf5aff9cc2cd<br><br>( 7 imports ) <br>> ntdll.dll: RtlUnwind, ZwOpenKey, RtlImageNtHeader, ZwClose, ZwQueryValueKey, wcsstr, RtlImageDirectoryEntryToData, _wcslwr, RtlInitUnicodeString<br>> SHLWAPI.dll: PathFindFileNameA, wnsprintfA<br>> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA<br>> KERNEL32.dll: LCMapStringA, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, ExitProcess, GetCurrentThread, VirtualFree, GetModuleFileNameW, VirtualAlloc, LoadLibraryA, GetModuleFileNameA, GetModuleHandleA, GetCurrentThreadId, CloseHandle, GetCurrentProcessId, CreateThread, VirtualQuery, LCMapStringW, InterlockedCompareExchange, ResumeThread, FlushInstructionCache, GetCurrentProcess, GetThreadContext, SetThreadContext, GetLastError, SuspendThread, SetLastError, MultiByteToWideChar, HeapSize, GetOEMCP, GetACP, GetCPInfo, WriteFile, InitializeCriticalSection, RaiseException, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, VirtualProtect, HeapFree, GetEnvironmentStringsW, WideCharToMultiByte, FreeEnvironmentStringsW, GetCommandLineA, GetVersionExA, HeapAlloc, GetProcessHeap, HeapDestroy, HeapCreate, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, Sleep, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings<br>> USER32.dll: PostQuitMessage, SendMessageA, SetWindowLongA, MessageBoxA, SetCursor, GetDlgItem, PostMessageA, SetWindowTextA, LoadImageA, CallWindowProcA, LoadCursorA, GetWindowLongA, DialogBoxParamA<br>> GDI32.dll: CreateFontA, SetBkMode, GetStockObject, SetTextColor<br>> SHELL32.dll: SHGetFileInfoA<br><br>( 0 exports ) <br>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=19699febe71ed8919d9a3169a107265a' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=19699febe71ed8919d9a3169a107265a</a>


_et celui de 'OTViewIT' :_

OTViewIt Extras logfile created on: 02/12/2008 23:06:52 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Christophe\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,13% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 82,73 Gb Free Space | 60,40% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,74 Gb Free Space | 47,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,65 Gb Total Space | 311,75 Gb Free Space | 66,95% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTOPHE-PC
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/07/30 16:17:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2007/10/23 11:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java(TM) 6 Update 10
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=Panneau de configuration MobileMe
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{90AF040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint Viewer 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}"=Hama Double Action Air Grip
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}"=XTREMEIT
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistant de connexion Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A}"=OpenOffice.org 2.4
"{BA524348-59A6-437A-A4FB-25080BDEFCD6}"=VP-EYE
"{BADF6744-3787-48F6-B8C9-4C4995401D65}"=Windows Live Messenger
"{C514C594-23AA-4F13-A070-DB8BDB27594F}"=Windows Live Mail
"{C711E88C-9DC2-4254-A989-D6E017844DDF}"=Frontlines: Fuel of War
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus(R) for Adobe
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}"=Windows Live installer
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"adsl TV"=adsl TV
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"CCleaner"=CCleaner (remove only)
"COMODO Firewall Pro"=COMODO Firewall Pro
"COMODO SafeSurf"=COMODO SafeSurf
"Dell Photo AIO Printer 922"=Dell Photo AIO Printer 922
"HijackThis"=HijackThis 2.0.2
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"VLC media player"=VideoLAN VLC media player 0.8.6h
"VoipStunt_is1"=VoipStunt

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/12/2008 03:09:45 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 01/12/2008 03:10:14 | Computer Name = Christophe-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, time stamp 0x49094c66,
faulting module js3250.dll, version 4.0.0.0, time stamp 0x49094cc6, exception code
0xc0000005, fault offset 0x00020a53, process id 0x100c, application start time 0x01c953818da656a8.

Error - 01/12/2008 03:10:52 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 01/12/2008 03:10:52 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/12/2008 00:10:36 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/12/2008 00:10:47 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/12/2008 00:22:38 | Computer Name = Christophe-PC | Source = Windows Backup | ID = 4103
Description =

Error - 02/12/2008 03:20:48 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/12/2008 03:20:55 | Computer Name = Christophe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/12/2008 03:38:23 | Computer Name = Christophe-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 10/11/2008 22:02:06 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2008 22:02:06 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2008 22:02:07 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2008 22:02:07 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2008 22:02:07 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2008 22:02:07 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2008 22:02:07 | Computer Name = Christophe-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/11/2008 00:51:56 | Computer Name = Christophe-PC | Source = DCOM | ID = 10010
Description =

Error - 11/11/2008 00:52:50 | Computer Name = Christophe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/11/2008 00:52:50 | Computer Name = Christophe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

+ un autre rapport de 'OTViewIT'_:
OTViewIt logfile created on: 02/12/2008 23:06:52 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Christophe\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,13% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 82,73 Gb Free Space | 60,40% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,74 Gb Free Space | 47,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,65 Gb Total Space | 311,75 Gb Free Space | 66,95% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTOPHE-PC
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 08:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/10/26 17:25:08 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/26 17:25:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/19 07:37:22 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2007/06/07 01:50:14 | 00,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/28 10:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2008/01/19 08:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 08:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 08:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/07/26 11:59:21 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/18 20:12:03 | 00,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
[2008/11/19 07:37:24 | 01,796,856 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2006/11/03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/12/01 08:11:09 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/01/19 08:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/01/28 10:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/01/19 08:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/10/18 10:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/05/29 21:27:44 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
[2008/05/29 21:27:44 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/19 06:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/11/15 05:36:56 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/05/27 06:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 06:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/12/02 23:04:45 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Christophe\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/26 17:25:08 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/26 17:25:05 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/05 12:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/19 07:37:22 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/19 08:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/06/07 01:50:14 | 00,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device [Auto | Running])
[2008/01/19 08:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/05 12:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/08/29 10:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
[2008/01/19 08:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/30 21:52:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/05 12:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/01/19 08:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/28 10:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2008/01/19 08:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/01/19 08:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2008/01/19 08:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/22 15:57:00 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/22 15:57:00 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/03/14 18:04:28 | 02,427,392 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/06/19 17:45:51 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/11/26 03:02:43 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2006/11/02 08:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2008/01/19 06:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2008/06/18 15:39:39 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/19 06:53:44 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008/06/18 15:39:39 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/06/18 15:39:39 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 08:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/11/19 07:37:32 | 00,097,808 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/11/19 07:37:32 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2006/11/22 15:57:00 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 06:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/02 02:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 08:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 06:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 08:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 06:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2008/01/19 05:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Running])
[2006/11/02 08:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Running])
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/11/04 23:25:54 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 08:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/19 06:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/01/19 06:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 06:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/19 06:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 06:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/05/08 20:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 06:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/22 15:57:00 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 08:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 08:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 03:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 08:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])
[2007/09/26 07:12:00 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 06:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/09/19 08:27:50 | 00,458,112 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302 [On_Demand | Stopped])
[2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/05 02:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 06:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007/03/14 18:04:28 | 02,427,392 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008/01/19 06:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 07:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 06:53:39 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2005/11/16 19:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/12/22 16:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2006/11/14 16:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2008/01/19 06:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/19 06:32:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 06:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 06:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 08:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/19 06:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 06:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 06:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 06:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/19 07:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/19 06:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 06:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 06:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/22 15:57:00 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 08:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 08:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 08:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 08:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf [On_Demand | Running])
[2008/01/19 06:32:47 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/19 06:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263675 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
9145 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min / nosplash (Avira GmbH)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" (Lexmark International, Inc.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" /AUTO (Piriform Ltd)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/01/28 10:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -- CKAVWebScan Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{4AA39F9C-FF20-4247-9E97-B6E7FE5030FE} (Servers: | Description: )
{B1C9D363-854C-4DFF-A167-5A477AD03AB0} (Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
{BF8548B5-40C7-4499-9E81-C9E82F487C9F} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
>[2008/11/19 07:37:32 | 00,143,096 | ---- | M] () -- C:\Windows\System32\guard32.dll
>[2008/06/18 20:12:03 | 00,249,592 | ---- | M] (COMODO) -- C:\Windows\System32\cssdll32.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 08:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 08:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/12/02 23:05:36 | 00,000,555 | ---- | C] () -- C:\Users\Christophe\Desktop\OTViewIt - Shortcut.lnk
[2008/12/02 08:20:56 | 00,002,666 | ---- | C] () -- C:\Users\Christophe\Desktop\scan 2 eme ksp.html
[2008/12/01 13:27:21 | 00,002,651 | ---- | C] () -- C:\Users\Christophe\Documents\report kaspersky.html
[2008/12/01 07:37:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab
[2008/11/30 18:21:33 | 00,001,874 | ---- | C] () -- C:\Users\Christophe\Desktop\HijackThis.lnk
[2008/11/30 18:21:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/28 08:14:58 | 00,004,128 | ---- | C] () -- C:\Users\Christophe\Documents\cc_20081128_081445.reg
[2008/11/25 15:22:52 | 00,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/11/25 14:53:08 | 00,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2008/11/25 14:53:08 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2008/11/25 14:53:08 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2008/11/25 14:53:08 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBThcp.dll
[2008/11/25 14:53:08 | 00,274,432 | ---- | C] () -- C:\Windows\System32\DLBTinst.dll
[2008/11/25 14:53:08 | 00,012,314 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2008/11/25 14:53:07 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dlbtgf.dll
[2008/11/25 14:53:07 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2008/11/25 14:53:07 | 00,256,516 | ---- | C] () -- C:\Windows\System32\dlbthelp.chm
[2008/11/25 14:53:07 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2008/11/25 14:53:07 | 00,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2008/11/25 14:53:07 | 00,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2008/11/25 14:53:07 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2008/11/25 14:53:06 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2008/11/25 14:53:06 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2008/11/25 14:53:06 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2008/11/25 14:17:15 | 00,000,000 | ---D | C] -- C:\Dell922
[2008/11/25 10:24:59 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2008/11/25 10:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/25 10:24:39 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/25 10:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/25 10:22:50 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/24 06:47:44 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2008/11/22 18:42:51 | 00,003,712 | ---- | C] () -- C:\Users\Christophe\Documents\cc_20081122_184242.reg
[2008/11/19 12:07:38 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur
[2008/11/19 07:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Photo AIO Printer 922
[2008/11/19 07:13:42 | 00,126,059 | ---- | C] () -- C:\Windows\System32\dlbtceip.chm
[2008/11/19 07:13:42 | 00,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2008/11/19 07:13:42 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
[2008/11/19 07:13:41 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2008/11/19 07:13:41 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2008/11/19 07:13:41 | 00,000,000 | ---D | C] -- C:\dell
[2008/11/19 06:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\dl_Cats
[2008/11/15 07:57:16 | 03,313,262 | -H-- | C] () -- C:\Users\Christophe\AppData\Local\IconCache.db
[2008/11/06 17:41:22 | 21,458,49344 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/06 17:40:36 | 00,000,366 | ---- | C] () -- C:\Users\Christophe\Documents\Music - Shortcut.lnk
[2008/11/05 19:33:06 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2008/11/05 19:33:06 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml

========== Files - Modified Within 30 Days ==========

répondre
flech53 le 03 décembre 2008 à 00h31
Rapport suite,

========== Files - Modified Within 30 Days ==========

[2008/12/02 23:05:36 | 00,000,555 | ---- | M] () -- C:\Users\Christophe\Desktop\OTViewIt - Shortcut.lnk
[2008/12/02 22:06:16 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/12/02 22:06:16 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/12/02 22:06:16 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/12/02 22:04:21 | 00,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CBA6944B-E9B9-48F3-A220-3D643ADF59F1}.job
[2008/12/02 21:59:27 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/12/02 21:59:27 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/12/02 21:59:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/12/02 21:59:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/12/02 21:58:58 | 21,458,49344 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/02 08:38:41 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/12/02 08:38:09 | 03,313,262 | -H-- | M] () -- C:\Users\Christophe\AppData\Local\IconCache.db
[2008/12/02 08:20:56 | 00,002,666 | ---- | M] () -- C:\Users\Christophe\Desktop\scan 2 eme ksp.html
[2008/12/01 13:27:21 | 00,002,651 | ---- | M] () -- C:\Users\Christophe\Documents\report kaspersky.html
[2008/11/30 18:50:45 | 00,001,874 | ---- | M] () -- C:\Users\Christophe\Desktop\HijackThis.lnk
[2008/11/28 08:15:03 | 00,004,128 | ---- | M] () -- C:\Users\Christophe\Documents\cc_20081128_081445.reg
[2008/11/28 08:01:32 | 00,008,268 | ---- | M] () -- C:\Users\Christophe\AppData\Local\d3d9caps.dat
[2008/11/27 17:59:47 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2008/11/27 17:59:47 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2008/11/26 03:02:43 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2008/11/25 15:22:52 | 00,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/11/25 15:21:11 | 00,012,314 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2008/11/25 14:49:31 | 00,000,505 | ---- | M] () -- C:\Windows\win.ini
[2008/11/25 10:24:59 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2008/11/25 10:19:50 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2008/11/22 18:42:56 | 00,003,712 | ---- | M] () -- C:\Users\Christophe\Documents\cc_20081122_184242.reg
[2008/11/19 07:37:32 | 00,143,096 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2008/11/19 07:37:32 | 00,097,808 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/11/19 07:37:32 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/11/18 23:30:49 | 00,921,632 | ---- | M] () -- C:\PA7302.DAT
[2008/11/06 17:40:36 | 00,000,366 | ---- | M] () -- C:\Users\Christophe\Documents\Music - Shortcut.lnk
[2008/11/06 17:23:10 | 00,263,675 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008/11/06 17:23:05 | 00,263,675 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20081106-172310.backup
[2008/11/04 23:25:54 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/11/04 06:34:42 | 00,057,856 | ---- | M] () -- C:\Users\Christophe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >

Voila dis moi ce que t'en pense
a la prochaine ,merci
répondre
Curson le 04 décembre 2008 à 00h04
Bonsoir,

1) Télécharge OTMoveIt3 de OldTimer :

- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

:Processes
explorer.exe

:Files
C:\Windows\tasks\User_Feed_Synchronization-{CBA6944B-E9B9-48F3-A220-3D643ADF59F1}.job
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\bthservsdp.dat
C:\Users\Christophe\AppData\Local\d3d9caps.dat
C:\Users\Christophe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

:Commands
[emptytemp]
[start explorer]
[Reboot]


- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

2) Télécharge Malwarebytes Anti-Malware.

3) Installe-le et fais les mises à jour.

4) Lance MBAM :

- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection". Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.

5) Comment se comporte l'ordinateur ?
répondre
flech53 le 04 décembre 2008 à 06h14
Re, :hello:

Voici le rapport "OTMOveIt3":

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Windows\tasks\User_Feed_Synchronization-{CBA6944B-E9B9-48F3-A220-3D643ADF59F1}.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\bthservsdp.dat scheduled to be moved on reboot.
C:\Users\Christophe\AppData\Local\d3d9caps.dat moved successfully.
C:\Users\Christophe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12042008_053946

Files moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\bthservsdp.dat scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} scheduled to be moved on reboot.
répondre
flech53 le 04 décembre 2008 à 18h33
Et voici le rapport de 'mbam':

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 6.0.6001 Service Pack 1

04/12/2008 18:08:26
mbam-log-2008-12-04 (18-08-26).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 117663
Temps écoulé: 1 hour(s), 42 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voila a ce que je vois je ne suis pas infecté maintenant
vu le rapport mais j'ai toujours le meme probleme avec
"Windows Update" avec le code de l'erreur suivant: 800736B2

Bon sinon le pc se comporte assez bien maintenant du moins mieux
qu'avant!
:super:
répondre
Curson le 05 décembre 2008 à 17h09
Bonjour,

Tu n'es plus infecté. En ce qui concerne l'erreure 800736B2 de Windows Update, il s'agit d'un problème inhérent à Windows lui-même.


Essayons ceci :

1) Télécharge l'Outil d'analyse de l'installation conforme des mises à jour du système pour Windows Vista

- Installe-le et suis les instructions
- Teste Windows Update


2) Si cela ne fonctionne pas, suis les instructions ci-dessous (KB936212) :

1. Ouvrez une invite de commandes élevée. Pour ce faire, cliquez sur Démarrer, puis sur Tous les programmes , sur Accessoires , cliquez avec le bouton droit sur Invite de commandes et puis cliquez sur Exécuter en tant qu'administrateur . Si vous êtes invité pour un mot de passe d'administrateur ou pour une confirmation, tapez le mot de passe, ou cliquez sur Autoriser.

2. Tapez la commande suivante et appuyez sur ENTRÉE : sfc /scannow
répondre
flech53 le 06 décembre 2008 à 19h13
Bonjour ,

Merci mais en ce qui concerne l'outil d'analyse il m'est impossible de l'installer et le scanner sfc/scanow non plus ..il s'arrete a 14 %
avec le message suivant:
_Windows Ressource Protection could not perform the requested operation_

Voila donc pe t'etre le mieux serait de réinstaller ou seulement le Sp1 de vista non?
répondre
Curson le 06 décembre 2008 à 19h28
Bonsoir,

As-tu une version 64bits de Vista ?
répondre
flech53 le 06 décembre 2008 à 19h58
Non 32 bits et j'ai réussi a faire un scan sfc\verifyonly
en mode sans echec et le résultat est le suivant :
_windows found integrity violation_
répondre
Curson le 06 décembre 2008 à 20h13
Y a-t-il eu un message d'erreur lors de la tentative d'installation de l'Outil d'analyse de l'installation conforme des mises à jour du système pour Windows Vista ?

Possède-tu le DVD d’installation de Vista avec SP1 ?


Si non, essaye ceci :

1. Ouvrez une invite de commandes élevée. Pour ce faire, cliquez sur Démarrer, puis sur Tous les programmes, sur Accessoires, cliquez avec le bouton droit sur Invite de commandes et puis cliquez sur Exécuter en tant qu’administrateur. Si vous êtes invité pour un mot de passe d'administrateur ou pour une confirmation, tapez le mot de passe, ou cliquez sur Autoriser.


2. Tapez la commande suivante et appuyez sur ENTRÉE : chkdsk /r

- Le message suivant apparaîtra :
Le type de système de fichiers est NTFS impossible de verrouiller le lecteur en cours. CHKDSK ne peut pas s'exécuter parce que le volume est utilisé par un autre processus. Voulez vous que ce volume soit vérifié au prochain démarrage du système?


- Tape O et valide.
- Redémarre ton système.


3. Une fois l'analyse terminée, effectue à nouveau la procédure ci-dessous :
1. Ouvrez une invite de commandes élevée. Pour ce faire, cliquez sur Démarrer, puis sur Tous les programmes , sur Accessoires , cliquez avec le bouton droit sur Invite de commandes et puis cliquez sur Exécuter en tant qu'administrateur . Si vous êtes invité pour un mot de passe d'administrateur ou pour une confirmation, tapez le mot de passe, ou cliquez sur Autoriser.

2. Tapez la commande suivante et appuyez sur ENTRÉE : sfc /scannow
-->Message édité par Curson le 06/12/2008 20:22:17<--
répondre
flech53 le 06 décembre 2008 à 20h23
Avec le rapport suivant juste la fin car celui ci est un peu long:


POQ 18 ends.
2008-12-06 19:33:18, Info CSI 00000101 [SR] Verify complete
2008-12-06 19:33:18, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:33:18, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2008-12-06 19:33:30, Info CSI 00000104 Ignoring duplicate ownership for directory [l:108{54}]"\??\C:\Program Files\Common Files\Microsoft Shared\Ink" in component Microsoft-Windows-TabletPC-Platform-COMRuntime, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:33:31, Info CSI 00000105 Repair results created:
POQ 19 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e5bed21d157c90118140000d0025407._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ebcef21d157c90119140000d0025407.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ebcef21d157c9011a140000d0025407.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ebcef21d157c9011b140000d0025407.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\ee1df221d157c9011c140000d0025407.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
5: Move File: Source = [l:298{149}]"\SystemRoot\WinSxS\Temp\PendingRenames\0e42f921d157c9011d140000d0025407.program_files_common_files_microsoft_shared_ink_zh-tw_b1fdeb1bde31194e.cdf-ms", Destination = [l:210{105}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_zh-tw_b1fdeb1bde31194e.cdf-ms"
6: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e8a0722d157c9011e140000d0025407.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
7: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e8a0722d157c9011f140000d0025407.$$_inf_3f581d
2008-12-06 19:33:31, Info CSI aba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
8: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e8a0722d157c90120140000d0025407.$$_inf_termservice_f0fb244350031192.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_f0fb244350031192.cdf-ms"
9: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\aeeb0922d157c90121140000d0025407.$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e711322d157c90122140000d0025407.$$_help_tablet_pc_b55f3bd4940b8498.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_help_tablet_pc_b55f3bd4940b8498.cdf-ms"
11: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e711322d157c90123140000d0025407.$$_help_tablet_pc_en-us_8cf0be91a1941bee.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_help_tablet_pc_en-us_8cf0be91a1941bee.cdf-ms"
12: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{0a8aaf8d-ccc1-a544-f4c8-f1c87dade9d7}", Type = REG_SZ (1), Data = {l:114 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c004c0053004d0053007900730050007200650070004200610063006b00750070000000}
13: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{0a8aaf8d-ccc1-a544-2848-d06e242bc47b}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c004c0053004d00530079007300500072006500700052006500730074006f00
2008-12-06 19:33:31, Info CSI 720065000000}
14: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{54441762-41c8-8e9f-0218-900956130400}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c00520043004d00530079007300500072006500700052006500730074006f00720065000000}
15: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{c5a8367d-07bc-2fee-2e23-229f6b9bef89}", Type = REG_SZ (1), Data = {l:116 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c00520064007000530079007300500072006500700052006500730074006f00720065000000}
16: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{c5a8367d-07bc-2fee-86d6-c722da22bf5b}", Type = REG_SZ (1), Data = {l:122 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00730065007400750070005c007400730073007900730070007200650070002e0064006c006c002c005200640070005300790073005000720065007000470065006e006500720061006c0069007a0065000000}

POQ 19 ends.
2008-12-06 19:33:31, Info CSI 00000106 [SR] Verify complete
2008-12-06 19:33:31, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:33:31, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2008-12-06 19:33:38, Error CSI 00000109@2008/12/6:18:33:38.465 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:33:43, Error CSI 0000010a (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2218288# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:33:43, Error CSI 0000010b (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2218205# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:33:43, Error CSI 0000010c (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2218204# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:33:45, Info CSI 0000010d [SR] Verifying 100 (0x00000064) components
2008-12-06 19:33:45, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2008-12-06 19:33:55, Error CSI 0000010f@2008/12/6:18:33:55.267 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:34:01, Error CSI 00000110 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2256943# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:34:01, Error CSI 00000111 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2256876# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:34:01, Error CSI 00000112 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2256875# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:34:02, Info CSI 00000113 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:34:02, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2008-12-06 19:34:11, Error CSI 00000115@2008/12/6:18:34:11.600 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:34:16, Error CSI 00000116 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2297703# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:34:16, Error CSI 00000117 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2297636# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:34:16, Error CSI 00000118 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2297635# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:34:17, Info CSI 00000119 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:34:17, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2008-12-06 19:34:27, Error CSI 0000011b@2008/12/6:18:34:27.293 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:34:32, Error CSI 0000011c (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2341084# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:34:32, Error CSI 0000011d (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2341017# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:34:32, Error CSI 0000011e (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2341016# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:34:32, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2008-12-06 19:34:32, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2008-12-06 19:34:45, Error CSI 00000121@2008/12/6:18:34:45.967 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:34:51, Error CSI 00000122 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2377965# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:34:51, Error CSI 00000123 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2377661# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:34:51, Error CSI 00000124 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2377660# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:34:52, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:34:52, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2008-12-06 19:34:59, Info CSI 00000127 Repair results created:
POQ 20 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\aee6ab57d157c901b5160000d0025407._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\aee6ab57d157c901b6160000d0025407.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\aee6ab57d157c901b7160000d0025407.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\aee6ab57d157c901b8160000d0025407.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\aee6ab57d157c901b9160000d0025407.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
5: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ecdb757d157c901ba160000d0025407.program_files_common_files_microsoft_shared_ink_1.7_c96a7f2ee8d9af26.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_1.7_c96a7f2ee8d9af26.cdf-ms"
6: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ecdb757d157c901bb160000d0025407.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
7: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\8ecdb757d157c901bc160000d0025407.$$_microsoft.net_
2008-12-06 19:34:59, Info CSI 3296b36dbe4c7fa3.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms"
8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e90bc57d157c901bd160000d0025407.$$_microsoft.net_authman_27829e1b3df01691.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_microsoft.net_authman_27829e1b3df01691.cdf-ms"
9: Move File: Source = [l:294{147}]"\SystemRoot\WinSxS\Temp\PendingRenames\0e5ed457d157c901be160000d0025407.program_files_common_files_microsoft_shared_ink_1.0_c96a7f20e8d9af65.cdf-ms", Destination = [l:206{103}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_1.0_c96a7f20e8d9af65.cdf-ms"

POQ 20 ends.
2008-12-06 19:34:59, Info CSI 00000128 [SR] Verify complete
2008-12-06 19:34:59, Info CSI 00000129 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:34:59, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2008-12-06 19:35:05, Info CSI 0000012b Repair results created:
POQ 21 starts:

POQ 21 ends.
2008-12-06 19:35:05, Info CSI 0000012c [SR] Verify complete
2008-12-06 19:35:05, Info CSI 0000012d [SR] Verifying 100 (0x00000064) components
2008-12-06 19:35:05, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2008-12-06 19:35:12, Info CSI 0000012f Repair results created:
POQ 22 starts:

POQ 22 ends.
2008-12-06 19:35:12, Info CSI 00000130 [SR] Verify complete
2008-12-06 19:35:12, Info CSI 00000131 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:35:12, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2008-12-06 19:35:17, Info CSI 00000133 Repair results created:
POQ 23 starts:

POQ 23 ends.
2008-12-06 19:35:17, Info CSI 00000134 [SR] Verify complete
2008-12-06 19:35:17, Info CSI 00000135 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:35:17, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2008-12-06 19:35:23, Error CSI 00000137@2008/12/6:18:35:23.032 (F) d:\rtm\base\wcp\cdf\cdfp.h(887): Error STATUS_SXS_INVALID_ACTCTXDATA_FORMAT originated in function Windows::Cdf::Implementation::cdf_GetBlob expression: Blob->Type == ValueType
[gle=0x80004005]
2008-12-06 19:35:28, Error CSI 00000138 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2572720# from CFileInstaller::AcquireFileMapForDirectory(...)[gle=0xd0150003]
2008-12-06 19:35:28, Error CSI 00000139 (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2572609# from CFileInstaller::CommitChanges(...)[gle=0xd0150003]
2008-12-06 19:35:28, Error CSI 0000013a (F) STATUS_SXS_INVALID_ACTCTXDATA_FORMAT #2572608# from PrimitiveInstaller::CCoordinator::FinalizeChanges(...)[gle=0xd0150003]
2008-12-06 19:35:29, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2008-12-06 19:35:29, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2008-12-06 19:35:55, Info CSI 0000013d Repair results created:
POQ 24 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ec22e79d157c901b5180000d0025407._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\2ec22e79d157c901b6180000d0025407.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\ae473879d157c901b7180000d0025407.program_files_windows_defender_3e33901162166ae9.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms"
3: Move File: Source = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\6e0a3d79d157c901b8180000d0025407.program_files_windows_defender_en-us_a607fb510b9fff95.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_defender_en-us_a607fb510b9fff95.cdf-ms"
4: Move File: Source = [l:322{161}]"\SystemRoot\WinSxS\Temp\PendingRenames\ce978b79d157c901b9180000d0025407.programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms", Destination = [l:234{117}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms"

POQ 24 ends.
2008-12-06 19:35:55, Info CSI 0000013e [SR] Verify complete
2008-12-06 19:35:56, Info CSI 0000013f [SR] Verifying 100 (0x00000064) components
2008-12-06 19:35:56, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2008-12-06 19:36:00, Info CSI 00000141 Repair results created:
POQ 25 starts:

POQ 25 ends.
2008-12-06 19:36:00, Info CSI 00000142 [SR] Verify complete
2008-12-06 19:36:01, Info CSI 00000143 [SR] Verifying 100 (0x00000064) components
2008-12-06 19:36:01, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2008-12-06 19:36:07, Info CSI 00000145 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Inf\UGTHRSVC\0409" in component WindowsSearchEngine.Resources, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:07, Info CSI 00000146 Ignoring duplicate ownership for directory [l:66{33}]"\??\C:\Windows\Inf\UGatherer\0409" in component WindowsSearchEngine.Resources, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:07, Info CSI 00000147 Ignoring duplicate ownership for directory [l:72{36}]"\??\C:\Windows\Inf\wsearchidxpi\0409" in component WindowsSearchEngine.Resources, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 00000148 Ignoring duplicate ownership for directory [l:54{27}]"\??\C:\Windows\Inf\UGTHRSVC" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 00000149 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Inf\UGTHRSVC\0000" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 0000014a Ignoring duplicate ownership for directory [l:56{28}]"\??\C:\Windows\Inf\UGatherer" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 0000014b Ignoring duplicate ownership for directory [l:66{33}]"\??\C:\Windows\Inf\UGatherer\0000" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 0000014c Ignoring duplicate ownership for directory [l:62{31}]"\??\C:\Windows\Inf\wsearchidxpi" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 0000014d Ignoring duplicate ownership for directory [l:72{36}]"\??\C:\Windows\Inf\wsearchidxpi\0000" in component WindowsSearchEngine, Version = 7.0.6001.16503, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2008-12-06 19:36:08, Info CSI 0000014e Repair results created:
POQ 26 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\2e24c580d157c90182190000d0025407._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\eee6c980d157c90183190000d0025407.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\eee6c980d157c90184190000d0025407.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
3: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e48cc80d157c90185190000d0025407.$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms"
4: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\aea9ce80d157c90186190000d0025407.$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0409_8451c270df70bfac.cdf-ms"
5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\6e6cd380d157c90187190000d0025407.$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms"
6: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\6e6cd380d157c90188190000d0025407.$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0409_046b6321f9ca254f.cdf-ms"
7: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\cecdd580d157c90189190000d0025407.$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms"
8: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenam
2008-12-06 19:36:08, Info CSI es\cecdd580d157c9018a190000d0025407.$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0409_2e6e3e8caf9fcb6d.cdf-ms"
9: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\4e690581d157c9018b190000d0025407.$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms"
10: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\aeca0781d157c9018c190000d0025407.$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms"
11: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\aeca0781d157c9018d190000d0025407.$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms"
12: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{ba3dd3dd-27e8-3b8c-feb3-aa882aa02408}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c006d00730073007200630068002e0064006c006c002c004d00530053007200630068005f0053007900730050007200650070005f0043006c00650061006e00750070000000}

POQ 26 ends.
2008-12-06 19:36:08, Info CSI 0000014f [SR] Verify complete
2008-12-06 19:36:08, Info CSI 00000150 [SR] Verifying 67 (0x00000043) components
2008-12-06 19:36:08, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2008-12-06 19:36:11, Info CSI 00000152 Repair results created:
POQ 27 starts:

POQ 27 ends.
2008-12-06 19:36:11, Info CSI 00000153 [SR] Verify complete
répondre
flech53 le 06 décembre 2008 à 22h11
Re,
J'ai fais ce que tu m'a dit mais apres essai de sfc/scannow
j'ai le meme probleme avec le meme message :
Windows Ressource Protection could not perform the requested operation.

A plus tard ,
répondre
Curson le 06 décembre 2008 à 23h47
Y a-t-il eu un message d'erreur lors de la tentative d'installation de l'Outil d'analyse de l'installation conforme des mises à jour du système pour Windows Vista ?

Possède-tu le DVD d’installation de Vista avec SP1 ?


Essaye de faire ceci en mode sans échec :
1. Ouvrez une invite de commandes élevée. Pour ce faire, cliquez sur Démarrer, puis sur Tous les programmes , sur Accessoires , cliquez avec le bouton droit sur Invite de commandes et puis cliquez sur Exécuter en tant qu'administrateur . Si vous êtes invité pour un mot de passe d'administrateur ou pour une confirmation, tapez le mot de passe, ou cliquez sur Autoriser.

2. Tapez la commande suivante et appuyez sur ENTRÉE : sfc /scannow


A plus tard.
-->Message édité par Curson le 06/12/2008 23:48:38<--
répondre
flech53 le 09 décembre 2008 à 09h08
Bonjour ,

Bon apres un nouvel essai j'ai enfin réussi a installer l'outil
d'analyse de Microsoft :youpi: et maintenant quesqu'il y a a faire
car les anciennes mises a jour ne s'installe toujours pas est-ce normal docteur? ;)

Sinon j' ai juste le DVD d'installation de Vista mais sans le SP1; :

répondre
Curson le 11 décembre 2008 à 00h05
Bonsoir,

As-tu maintenant accès à Windows Update ? L'erreur 800736B2 apparaît-elle toujours ?

STATUS_SXS_INVALID_ACTCTXDATA_FORMAT

Il semblerait que le System File Checker (sfc) soit endommagé.

As-tu essayer de lancer la commande sfc /scannow en mode sans échec ?


J'aimerais vérifier quelque chose :

1) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
@ECHO OFF
cls
chkdsk /V >>\chkdsk.txt
notepad \chkdsk.txt
exit

Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.
Choisis le bureau comme lieu d'enregistrement, puis dans:

Type -> choisis "tous les fichiers"
Nom du fichier -> tape check.bat
Clic sur enregistrer.

Sur ton bureau tu auras maintenant un fichier nommé check.bat.


2) Puis une fois fait, double clic sur le fichier check.bat.

- Une fenêtre noire va s'ouvrir.
- Le bloc note va s'ouvrir après un temps plus ou moins long. Ne referme pas la fenêtre noire avant l'affichage du bloc-notes.


3) Copie et colle ici le contenu du bloc-notes. Il te sera peut-être nécessaire de le répartir sur plusieurs message (le rapport sera probablement long).


A plus tard.
répondre
flech53 le 11 décembre 2008 à 18h40
Bonsoir et merci pour ta patience;

Oui j'ai toujours eu acces a Windows Update, l'erreur 800736B2
est aussi la meme ainsi que le meme probleme et j'ai réessayer
une fois la restauration systeme mais elle ne s'est pas éffectué
correctement..

Voici le rapport mais apparement il n'y pas d'erreur trouvé :

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
0 percent complete. (0 of 88832 file records processed)
0 percent complete. (8325 of 88832 file records processed)
1 percent complete. (8884 of 88832 file records processed)
2 percent complete. (17767 of 88832 file records processed)
2 percent complete. (26625 of 88832 file records processed)
3 percent complete. (26650 of 88832 file records processed)
3 percent complete. (33409 of 88832 file records processed)
4 percent complete. (35533 of 88832 file records processed)
4 percent complete. (36111 of 88832 file records processed)
5 percent complete. (44416 of 88832 file records processed)
6 percent complete. (53300 of 88832 file records processed)
7 percent complete. (62183 of 88832 file records processed)
8 percent complete. (71066 of 88832 file records processed)
9 percent complete. (79949 of 88832 file records processed)
88832 file records processed.

File verification completed.
230 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
11 percent complete. (2273 of 117988 index entries processed)
12 percent complete. (4636 of 117988 index entries processed)
13 percent complete. (7000 of 117988 index entries processed)
14 percent complete. (9364 of 117988 index entries processed)
15 percent complete. (11727 of 117988 index entries processed)
16 percent complete. (14091 of 117988 index entries processed)
17 percent complete. (16455 of 117988 index entries processed)
18 percent complete. (18818 of 117988 index entries processed)
19 percent complete. (21182 of 117988 index entries processed)
20 percent complete. (23545 of 117988 index entries processed)
21 percent complete. (25909 of 117988 index entries processed)
22 percent complete. (28273 of 117988 index entries processed)
23 percent complete. (30636 of 117988 index entries processed)
24 percent complete. (33000 of 117988 index entries processed)
25 percent complete. (35364 of 117988 index entries processed)
25 percent complete. (36134 of 117988 index entries processed)
26 percent complete. (37727 of 117988 index entries processed)
27 percent complete. (40091 of 117988 index entries processed)
28 percent complete. (42455 of 117988 index entries processed)
29 percent complete. (44818 of 117988 index entries processed)
30 percent complete. (47182 of 117988 index entries processed)
31 percent complete. (49545 of 117988 index entries processed)
32 percent complete. (51909 of 117988 index entries processed)
33 percent complete. (54273 of 117988 index entries processed)
34 percent complete. (56636 of 117988 index entries processed)
35 percent complete. (59000 of 117988 index entries processed)
36 percent complete. (61364 of 117988 index entries processed)
37 percent complete. (63727 of 117988 index entries processed)
38 percent complete. (66091 of 117988 index entries processed)
39 percent complete. (68455 of 117988 index entries processed)
40 percent complete. (70818 of 117988 index entries processed)
41 percent complete. (73182 of 117988 index entries processed)
42 percent complete. (75545 of 117988 index entries processed)
43 percent complete. (77909 of 117988 index entries processed)
44 percent complete. (80273 of 117988 index entries processed)
45 percent complete. (82636 of 117988 index entries processed)
46 percent complete. (85000 of 117988 index entries processed)
47 percent complete. (87364 of 117988 index entries processed)
47 percent complete. (88835 of 117988 index entries processed)
47 percent complete. (88843 of 117988 index entries processed)
47 percent complete. (89014 of 117988 index entries processed)
47 percent complete. (89329 of 117988 index entries processed)
48 percent complete. (89727 of 117988 index entries processed)
48 percent complete. (90004 of 117988 index entries processed)
48 percent complete. (90194 of 117988 index entries processed)
48 percent complete. (90536 of 117988 index entries processed)
48 percent complete. (90671 of 117988 index entries processed)
48 percent complete. (90890 of 117988 index entries processed)
48 percent complete. (90966 of 117988 index entries processed)
48 percent complete. (90970 of 117988 index entries processed)
48 percent complete. (91381 of 117988 index entries processed)
48 percent complete. (92014 of 117988 index entries processed)
49 percent complete. (92091 of 117988 index entries processed)
49 percent complete. (92312 of 117988 index entries processed)
49 percent complete. (92903 of 117988 index entries processed)
49 percent complete. (93347 of 117988 index entries processed)
49 percent complete. (93512 of 117988 index entries processed)
49 percent complete. (93743 of 117988 index entries processed)
49 percent complete. (93889 of 117988 index entries processed)
49 percent complete. (94210 of 117988 index entries processed)
49 percent complete. (94407 of 117988 index entries processed)
50 percent complete. (94454 of 117988 index entries processed)
50 percent complete. (94768 of 117988 index entries processed)
50 percent complete. (95089 of 117988 index entries processed)
50 percent complete. (95322 of 117988 index entries processed)
50 percent complete. (95348 of 117988 index entries processed)
50 percent complete. (95626 of 117988 index entries processed)
50 percent complete. (95827 of 117988 index entries processed)
50 percent complete. (95919 of 117988 index entries processed)
50 percent complete. (96143 of 117988 index entries processed)
50 percent complete. (96311 of 117988 index entries processed)
50 percent complete. (96519 of 117988 index entries processed)
50 percent complete. (96621 of 117988 index entries processed)
50 percent complete. (96788 of 117988 index entries processed)
51 percent complete. (96818 of 117988 index entries processed)
51 percent complete. (96994 of 117988 index entries processed)
51 percent complete. (97385 of 117988 index entries processed)
51 percent complete. (97605 of 117988 index entries processed)
51 percent complete. (97743 of 117988 index entries processed)
51 percent complete. (97813 of 117988 index entries processed)
51 percent complete. (98019 of 117988 index entries processed)
51 percent complete. (98105 of 117988 index entries processed)
51 percent complete. (98296 of 117988 index entries processed)
51 percent complete. (98402 of 117988 index entries processed)
51 percent complete. (98557 of 117988 index entries processed)
51 percent complete. (98617 of 117988 index entries processed)
51 percent complete. (98889 of 117988 index entries processed)
51 percent complete. (99105 of 117988 index entries processed)
52 percent complete. (99182 of 117988 index entries processed)
52 percent complete. (99289 of 117988 index entries processed)
52 percent complete. (99591 of 117988 index entries processed)

52 percent complete. (100095 of 117988 index entries processed)
52 percent complete. (100268 of 117988 index entries processed)
52 percent complete. (100389 of 117988 index entries processed)
52 percent complete. (100501 of 117988 index entries processed)
52 percent complete. (100626 of 117988 index entries processed)
52 percent complete. (100719 of 117988 index entries processed)
52 percent complete. (100762 of 117988 index entries processed)
52 percent complete. (101412 of 117988 index entries processed)
53 percent complete. (101545 of 117988 index entries processed)
53 percent complete. (101689 of 117988 index entries processed)
53 percent complete. (101772 of 117988 index entries processed)
53 percent complete. (102140 of 117988 index entries processed)
53 percent complete. (102257 of 117988 index entries processed)
53 percent complete. (102339 of 117988 index entries processed)
53 percent complete. (102466 of 117988 index entries processed)
53 percent complete. (102641 of 117988 index entries processed)
53 percent complete. (102697 of 117988 index entries processed)
53 percent complete. (102772 of 117988 index entries processed)
53 percent complete. (103043 of 117988 index entries processed)
53 percent complete. (103056 of 117988 index entries processed)
53 percent complete. (103113 of 117988 index entries processed)
53 percent complete. (103154 of 117988 index entries processed)
53 percent complete. (103182 of 117988 index entries processed)
53 percent complete. (103313 of 117988 index entries processed)
117988 index entries processed.

Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
59 percent complete. (0 of 88832 descriptors processed)
60 percent complete. (307 of 88832 descriptors processed)
61 percent complete. (7398 of 88832 descriptors processed)
62 percent complete. (14489 of 88832 descriptors processed)
63 percent complete. (21580 of 88832 descriptors processed)
64 percent complete. (28671 of 88832 descriptors processed)
65 percent complete. (35762 of 88832 descriptors processed)
66 percent complete. (42853 of 88832 descriptors processed)
67 percent complete. (49944 of 88832 descriptors processed)
68 percent complete. (57035 of 88832 descriptors processed)
69 percent complete. (64126 of 88832 descriptors processed)
70 percent complete. (71216 of 88832 descriptors processed)
71 percent complete. (78307 of 88832 descriptors processed)
72 percent complete. (85398 of 88832 descriptors processed)
88832 security descriptors processed.

Index $SII of file 9 contains 29 unused index entries.
Index $SDH of file 9 contains 29 unused index entries.
There are 29 unused security descriptors.
Security descriptor verification completed.
14579 data files processed.

CHKDSK is verifying Usn Journal...
99 percent complete. (0 of 33986432 USN bytes processed)
99 percent complete. (7438336 of 33986432 USN bytes processed)
99 percent complete. (13189120 of 33986432 USN bytes processed)
99 percent complete. (20320256 of 33986432 USN bytes processed)
99 percent complete. (25944064 of 33986432 USN bytes processed)
99 percent complete. (33095680 of 33986432 USN bytes processed)
100 percent complete. (33980416 of 33986432 USN bytes processed)
33986432 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

143617023 KB total disk space.
58112120 KB in 70526 files.
40460 KB in 14580 indexes.
0 KB in bad sectors.
197647 KB in use by the system.
65536 KB occupied by the log file.
85266796 KB available on disk.

4096 bytes in each allocation unit.
35904255 total allocation units on disk.
21316699 allocation units available on disk.

A plus tard,
répondre
flech53 le 11 décembre 2008 à 19h12
Aussi j'oubliais le mode sfc/scannow en mode sans échec ne fonctionne
pas avec ceci: Vérification 14% complete.

Windows Resource Protection could not perform the requested operation.

Et aussi j'ai remarquer quelquefois lorsque j'écris un texte j'ai des lettres
qui ne se retrouve pas a la suite de ce que j'écris mais dans les autres phrases mais n'est pas tres important genre sur ce texte 2 lettres se sont retrouvés a une ligne au dessus de celle que j'étais en train d'écrire un pe embetant si je ne vérifie pas mon écran :(

A+
-->Message édité par flech53 le 11/12/2008 19:18:50<--
répondre
Curson le 12 décembre 2008 à 15h42
Bonjour,

Il est impossible d'effectuer une réparation du système à l'aide du System File Checker.
Il est également impossible de faire une réinstallation sans perte de données à l'aide d'un DVD d'installation ne comprenant pas le SP1.
Pourrais-tu t'en procurer un ?

Personnellement, je ne connais malheureusement pas la solution à ce problème si ce n'est la réinstallation du système.


Une piste à explorer

Avec Vista Business, Enterprise et Ultimate, il est possible de déterminer quels sont les éléments irréparables avec sfc /scannow et de les remplacer manuellement avec la commande suivante :
findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Peut-être existe-il un moyen de l'utiliser avec Vista Home Premium Edition...

Tu pourras peut-être obtenir de l'aide dans la section Windows et logiciels


Cordialement.
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / Alerte rouge !
publicité
Unesco
Les nouveaux trésors du patrimoine mondial en 2009

01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  La Tribune  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.