Virus sur mon PC rapport HijackThis

xav1664 Messages postés 57 Statut Membre -  
loloetseb Messages postés 5684 Statut Membre -
Bonjour,

Je voudrais supprimer les virus et autres infectant mon ordinateur.

J'ai donc utilisé hijackthis et voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:11, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Installation Logiciels\Super Copieur\SuperCopier2\SuperCopier2.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Installation Logiciels\iTunes\iPod\bin\iPodService.exe
C:\Installation Logiciels\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Installation Logiciels\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PCMService] "C:\Installation Logiciels\Power Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Installation Logiciels\Super Copieur\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ASUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98c60aa0fe60c) (gupdate1c98c60aa0fe60c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Installation Logiciels\iTunes\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
A voir également:

83 réponses

Précédent
Réponse 41 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Tu as un rootkit a priori difficillement detectable,fais ceci

Telecharges gmer

http://www.gmer.net#files

tutorial ici

https://www.malekal.com/supprimer-rootkit-windows/


Dezippes gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

Les lignes rouges indiquent la presence d'un rootkit

Ensuite

sur les lignes rouge:

Services:cliques droit delete service
Process:cliques droit kill process
Adl ,file:cliques droit delete files


Avant de supprimer les lignes rouges,postes moi le rapport ( cliques sur le bouton copy a la fin du scan ensuite tu vas dans demarrer,puis tu ouvres le bloc note,puis edition et coller).
0
Réponse 42 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Tu as aussi la toolbar verrolée ask bar
0
Réponse 43 / 83
xav1664 Messages postés 57 Statut Membre
 
Pour Gmer, je scan tous les disque ?

Pour la toolBar ask bar, elle s'est installée a 16H32 quand j'etais sur Commentcamarche.net. Que faut-il faire pour l'éviter ?
0
Réponse 44 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Tu as combien de disque?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 83
xav1664 Messages postés 57 Statut Membre
 
J'en est un partager en 2, un externe, et deux autres ( 5 en tout).
0
Réponse 46 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Eh ben ca va prendre 3 jours pour scanner.Lequel ou lesquels etaient connecté pendant le scan combofix?
0
Réponse 47 / 83
xav1664 Messages postés 57 Statut Membre
 
Ils étaient tous branchés.
0
Réponse 48 / 83
xav1664 Messages postés 57 Statut Membre
 
Je les lance tous alors ?
0
Réponse 49 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Oui vas y ,ca va prendre 3 heures a mon avis
0
Réponse 50 / 83
xav1664 Messages postés 57 Statut Membre
 
Il y a un problème, windows me met ce message d'erreur :

gmer.exe a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru.
0
Réponse 51 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Bon c'est le rootkit qui le bloque,supprimes le ,retelecharges le ,tu le nommes killrootkit avant de le lancer
0
Réponse 52 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Ca a marché?
0
Réponse 53 / 83
xav1664 Messages postés 57 Statut Membre
 
Ça a marché, le seul problème c'est qu'il n'y a pas de ligne rouge.
0
Réponse 54 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Bon repostes un Rsit pour controle

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 55 / 83
xav1664 Messages postés 57 Statut Membre
 
Toute les lignes sont noire sur fond blanc ( je n'ai pas eu besoin de renommer killrootkit ).

Voici le rapport :


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-16 22:49:39
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwCreateKey [0xBA6D10B0]
SSDT BAFB71C4 ZwCreateThread
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xBA6D684E]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xBA6D6BEE]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwOpenKey [0xBA6D1090]
SSDT BAFB71B0 ZwOpenProcess
SSDT BAFB71B5 ZwOpenThread
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xBA6D6CC6]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryValueKey [0xBA6D6B46]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwSetValueKey [0xBA6D6D58]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB7848DF0]
SSDT BAFB71BA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text USBPORT.SYS!DllUnload BA08362C 5 Bytes JMP 89C7E7A0
? System32\Drivers\adotzvx4.SYS Le chemin d'accès spécifié est introuvable. !
? C:\DOCUME~1\Xavier\LOCALS~1\Temp\mc23.tmp Le fichier spécifié est introuvable. !
? C:\DOCUME~1\Xavier\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wscntfy.exe[2624] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\Program Files\SUPERAntiSpyware\e46d61d6-72f2-4bfe-92e8-46040928d2ce.exe[3016] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Xavier\Bureau\gmer.exe[3196] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\WINDOWS\explorer.exe[3832] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D1ABA] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D1C00] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D1B82] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D272E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D2604] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6E4A9A] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89DDA1D8
Device \FileSystem\Fastfat \FatCdrom 898361D8
Device \Driver\usbuhci \Device\USBPDO-0 89C75600
Device \Driver\00000044 \Device\00000052 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbuhci \Device\USBPDO-1 89C75600
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmConfig 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmPnP 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmInfo 89DDC1D8
Device \Driver\usbehci \Device\USBPDO-2 89C3C7C0
Device \Driver\usbuhci \Device\USBPDO-3 89C75600
Device \Driver\usbuhci \Device\USBPDO-4 89C75600
Device \Driver\usbuhci \Device\USBPDO-5 89C75600
Device \Driver\usbehci \Device\USBPDO-6 89C3C7C0
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E4D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E4D1D8
Device \Driver\Cdrom \Device\CdRom0 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E4D1D8
Device \Driver\atapi \Device\Ide\IdePort0 89E4C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort1 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort2 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort3 89E4C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 89E4C1D8
Device \Driver\Cdrom \Device\CdRom1 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E4D1D8
Device \Driver\Cdrom \Device\CdRom2 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume5 89E4D1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898C21D8
Device \Driver\NetBT \Device\NetbiosSmb 898C21D8
Device \Driver\USBSTOR \Device\00000089 898501D8
Device \Driver\usbuhci \Device\USBFDO-0 89C75600
Device \Driver\usbuhci \Device\USBFDO-1 89C75600
Device \Driver\NetBT \Device\NetBT_Tcpip_{1C3C67ED-BAD2-4749-912C-359B869B29C1} 898C21D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898841D8
Device \Driver\usbehci \Device\USBFDO-2 89C3C7C0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898841D8
Device \Driver\usbuhci \Device\USBFDO-3 89C75600
Device \Driver\usbuhci \Device\USBFDO-4 89C75600
Device \Driver\Ftdisk \Device\FtControl 89E4D1D8
Device \Driver\usbuhci \Device\USBFDO-5 89C75600
Device \Driver\USBSTOR \Device\0000008b 898501D8
Device \Driver\usbehci \Device\USBFDO-6 89C3C7C0
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41Port5Path0Target0Lun0 89BD71D8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 89DDB1D8
Device \Driver\JRAID \Device\Scsi\JRAID1 89DDB1D8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 89DDB1D8
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41Port5Path0Target1Lun0 89BD71D8
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41 89BD71D8
Device \FileSystem\Fastfat \Fat 898361D8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89DA61D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d637eb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -806938578
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 737739633
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Installation Logiciels\Demon Tools\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x38 0x7A 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x3F 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xE5 0x01 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xC6 0x11 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d637eb8
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Installation Logiciels\Demon Tools\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x38 0x7A 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x3F 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xE5 0x01 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xC6 0x11 0x6E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\BH Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_02.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_14.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part1.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part2_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part2_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part3_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part3_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC2_scene_20_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC2_scene_20_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_02_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_02_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_13_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_13_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_15_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_15_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC4_scene_13.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Deep Silver Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_02.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_03.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_04.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_18.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_20.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC2_scene_04.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC2_scene_22.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC3_scene_11.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC3_scene_21.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC4_scene_14.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Intro.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\NIS01.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Nvidia Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\SoundBlaster Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x7E 0xAF 0x16 0x42 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@Model 294
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@Therad 29
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@MData 0xCB 0x9B 0xAD 0xEF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}@abhihnfhojcpghadlpgakldgmjhcninnlo 0x6A 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}@pafhbaieieaejgdamjibmdiolalcmfda 0x6A 0x61 0x61 0x64 ...

---- EOF - GMER 1.0.15 ----
0
Réponse 56 / 83
xav1664 Messages postés 57 Statut Membre
 
Toute les lignes sont noire sur fond blanc ( je n'ai pas eu besoin de renommer killrootkit ).

Voici le rapport :


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-16 22:49:39
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwCreateKey [0xBA6D10B0]
SSDT BAFB71C4 ZwCreateThread
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xBA6D684E]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xBA6D6BEE]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwOpenKey [0xBA6D1090]
SSDT BAFB71B0 ZwOpenProcess
SSDT BAFB71B5 ZwOpenThread
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xBA6D6CC6]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryValueKey [0xBA6D6B46]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwSetValueKey [0xBA6D6D58]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB7848DF0]
SSDT BAFB71BA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text USBPORT.SYS!DllUnload BA08362C 5 Bytes JMP 89C7E7A0
? System32\Drivers\adotzvx4.SYS Le chemin d'accès spécifié est introuvable. !
? C:\DOCUME~1\Xavier\LOCALS~1\Temp\mc23.tmp Le fichier spécifié est introuvable. !
? C:\DOCUME~1\Xavier\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wscntfy.exe[2624] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\Program Files\SUPERAntiSpyware\e46d61d6-72f2-4bfe-92e8-46040928d2ce.exe[3016] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Xavier\Bureau\gmer.exe[3196] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D
.text C:\WINDOWS\explorer.exe[3832] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes CALL 5F00003D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D1ABA] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D1C00] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D1B82] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D272E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D2604] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6E4A9A] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89DDA1D8
Device \FileSystem\Fastfat \FatCdrom 898361D8
Device \Driver\usbuhci \Device\USBPDO-0 89C75600
Device \Driver\00000044 \Device\00000052 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbuhci \Device\USBPDO-1 89C75600
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmConfig 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmPnP 89DDC1D8
Device \Driver\dmio \Device\DmControl\DmInfo 89DDC1D8
Device \Driver\usbehci \Device\USBPDO-2 89C3C7C0
Device \Driver\usbuhci \Device\USBPDO-3 89C75600
Device \Driver\usbuhci \Device\USBPDO-4 89C75600
Device \Driver\usbuhci \Device\USBPDO-5 89C75600
Device \Driver\usbehci \Device\USBPDO-6 89C3C7C0
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E4D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E4D1D8
Device \Driver\Cdrom \Device\CdRom0 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E4D1D8
Device \Driver\atapi \Device\Ide\IdePort0 89E4C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort1 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort2 89E4C1D8
Device \Driver\atapi \Device\Ide\IdePort3 89E4C1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 89E4C1D8
Device \Driver\Cdrom \Device\CdRom1 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E4D1D8
Device \Driver\Cdrom \Device\CdRom2 89C10440
Device \Driver\Ftdisk \Device\HarddiskVolume5 89E4D1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898C21D8
Device \Driver\NetBT \Device\NetbiosSmb 898C21D8
Device \Driver\USBSTOR \Device\00000089 898501D8
Device \Driver\usbuhci \Device\USBFDO-0 89C75600
Device \Driver\usbuhci \Device\USBFDO-1 89C75600
Device \Driver\NetBT \Device\NetBT_Tcpip_{1C3C67ED-BAD2-4749-912C-359B869B29C1} 898C21D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898841D8
Device \Driver\usbehci \Device\USBFDO-2 89C3C7C0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898841D8
Device \Driver\usbuhci \Device\USBFDO-3 89C75600
Device \Driver\usbuhci \Device\USBFDO-4 89C75600
Device \Driver\Ftdisk \Device\FtControl 89E4D1D8
Device \Driver\usbuhci \Device\USBFDO-5 89C75600
Device \Driver\USBSTOR \Device\0000008b 898501D8
Device \Driver\usbehci \Device\USBFDO-6 89C3C7C0
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41Port5Path0Target0Lun0 89BD71D8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 89DDB1D8
Device \Driver\JRAID \Device\Scsi\JRAID1 89DDB1D8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 89DDB1D8
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41Port5Path0Target1Lun0 89BD71D8
Device \Driver\adotzvx4 \Device\Scsi\adotzvx41 89BD71D8
Device \FileSystem\Fastfat \Fat 898361D8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89DA61D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d637eb8
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -806938578
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 737739633
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Installation Logiciels\Demon Tools\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x38 0x7A 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x3F 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xE5 0x01 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xC6 0x11 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d637eb8
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Installation Logiciels\Demon Tools\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x38 0x7A 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB8 0x3F 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xE5 0x01 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xC6 0x11 0x6E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\BH Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_02.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_14.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part1.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part2_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part2_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part3_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC1_scene_16_part3_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC2_scene_20_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC2_scene_20_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_02_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_02_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_13_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_13_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_15_khorne.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC3_scene_15_nurgle.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\CC4_scene_13.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Deep Silver Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_02.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_03.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_04.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_18.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC1_scene_20.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC2_scene_04.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC2_scene_22.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC3_scene_11.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC3_scene_21.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\EC4_scene_14.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Intro.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\NIS01.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\Nvidia Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\movie\SoundBlaster Logo.ork 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Installation Jeux\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x7E 0xAF 0x16 0x42 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@Model 294
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@Therad 29
Reg HKLM\SOFTWARE\Classes\CLSID\{e05be328-3025-496a-914e-c414e4b18480}@MData 0xCB 0x9B 0xAD 0xEF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}@abhihnfhojcpghadlpgakldgmjhcninnlo 0x6A 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C93C54F0-C03C-D9D6-4488-9355E205D6D7}@pafhbaieieaejgdamjibmdiolalcmfda 0x6A 0x61 0x61 0x64 ...

---- EOF - GMER 1.0.15 ----
0
Réponse 57 / 83
xav1664 Messages postés 57 Statut Membre
 
Voila le log.txt :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Xavier at 2009-04-16 23:11:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (7%) free of 100 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:13, on 16/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Installation Logiciels\Power Cinema\PowerCinema\PCMService.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\e46d61d6-72f2-4bfe-92e8-46040928d2ce.exe
C:\Documents and Settings\Xavier\Bureau\RSIT.exe
C:\Program Files\trend micro\Xavier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PCMService] "C:\Installation Logiciels\Power Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Installation Logiciels\Super Copieur\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: ASUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Installation Logiciels\Power Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98c60aa0fe60c) (gupdate1c98c60aa0fe60c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Installation Logiciels\iTunes\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
0
Réponse 58 / 83
xav1664 Messages postés 57 Statut Membre
 
Et le info.txt :


info.txt logfile of random's system information tool 1.06 2009-04-16 23:11:14

======Uninstall list======

-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x40c
Alien Skin Blow Up-->C:\INSTAL~1\ADOBEP~1.CS3\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\INSTAL~1\ADOBEP~1.CS3\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
ANIO Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
ASUS GameFace Library-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS GameLiveShow-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS MyCinema Series-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D70666B2-7E6B-46F0-85E2-06C30C1269C0}\setup.exe" -l0x9
ASUS SmartDoctor-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036
ASUS Utilities-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1036
ASUS VideoSecurity Online-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
AsusUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus-->C:\Installation Logiciels\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Cameron Screen Saver-->C:\WINDOWS\system32\uninstall.exe Cameron Screen Saver
CCleaner (remove only)-->"C:\Installation Logiciels\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Clive Barker's Jericho-->"C:\Program Files\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\setup.exe" -runfromtemp -l0x040c -removeonly
Code de la route-->"C:\Installation Logiciels\Code de la route\Code de la route\unins000.exe"
Conquist-->d:\Xavier\Jeux\Risk\Conquist\Data\Unist.exe
Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
CryEngine(R)2 Sandbox(TM)2-->MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\InstallationLogiciels\Dev-C\Dev-Cpp\uninstall.exe"
EasyHelper Contact Plus SMSBackup v1.2.3 - SyMBiAN-->C:\Program Files\Microsoft ActiveSync\EasyHelper Contact Plus SMSBackup v1.2.3 - SyMBiAN\Uninstall.exe EasyHelper Contact Plus SMSBackup v1.2.3 - SyMBiAN
EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036
FindyKill-->C:\FindyKill\Uninstal.exe
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Free iPod Video Converter 1.34-->"C:\Installation Logiciels\Free iPod Video Converter\Free iPod Video Converter\unins000.exe"
GameFace Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Guide routier France-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC828A42-3901-4178-81AF-712A55AC5A65}\SETUP.exe" -l0x40c -removeonly
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hunting Unlimited 2008 1.0-->C:\Installation Jeux\Hunting Unlimited 2008\uninst.exe
iPod for Windows 2006-06-28-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1036
iPod To Computer Transfer 3.5-->"C:\Program Files\iPod To Computer Transfer\unins000.exe"
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JRAID-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
MediaInfo 0.7.13-->C:\Program Files\MediaInfo\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Installation Jeux\RON\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Movie Collection 5.4.9.0-->"C:\Installation Logiciels\Movie Collection\Movie Collection\unins000.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed™ Most Wanted-->C:\Installation Jeux\NFS Most Wanted\EAUninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Postal 2 Share The Pain-->C:\WINDOWS\unvise32.exe c:\installation jeux\postal2stp\uninstal.log
PowerCinema MakeDisc Module-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
PowerCinema-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x40c -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
SimCity 3000 World Edition-->C:\WINDOWS\IsUn040c.exe -f"c:\installation jeux\sim city 3000\DeIsL1.isu" -c"c:\installation jeux\sim city 3000\_UnInstall.dll"
SimCity 4-->C:\Installation Jeux\Maxis\SimCity 4\EAUninstall.exe
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Stellarium 0.10.2-->"C:\Program Files\Stellarium\unins000.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperCopier2-->"C:\Installation Logiciels\Super Copieur\SuperCopier2\SC2Uninst.exe"
TmNationsForever-->"C:\Installation Jeux\TmNationsForever\TmNationsForever\unins000.exe"
Tom Clancy's H.A.W.X-->"C:\Program Files\InstallShield Installation Information\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}\setup.exe" -runfromtemp -l0x040c -removeonly
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x040c -removeonly
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x040c -removeonly
VideoLAN VLC media player 0.8.6-->C:\Installation Logiciels\VLC\uninstall.exe
VirtualDub 1.6.9 Fr-->C:\Installation Logiciels\VirtualDub\UnInstall_VirtualDub.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Vuze-->C:\Installation Logiciels\Azureus\uninstall.exe
Warhammer® Mark of Chaos-->C:\Program Files\InstallShield Installation Information\{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}\setup.exe -runfromtemp -l0x040c -removeonly
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Installation Logiciels\Winrar\uninstall.exe
WMTorrent-->C:\Program Files\Microsoft ActiveSync\WMTorrent\Uninstall.exe WMTorrent
Worms 4 Mayhem-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93515E6A-EE53-4A4B-BA65-94A026A363E2}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

======System event log======

Computer Name: LANGOUET
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{1C3C67ED-BAD2-4749-912C-359B869B29C1} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 23618
Source Name: Tcpip
Time Written: 20090322023850.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{1C3C67ED-BAD2-4749-912C-359B869B29C1} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 23617
Source Name: Tcpip
Time Written: 20090322023846.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 1001
Message: Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur
DHCP) pour la carte réseau avec l'adresse réseau 0022B05D1B0D. Il s'est produit
l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 23616
Source Name: Dhcp
Time Written: 20090322023846.000000+060
Event Type: erreur
User:

Computer Name: LANGOUET
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{1C3C67ED-BAD2-4749-912C-359B869B29C1} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 23615
Source Name: Tcpip
Time Written: 20090322023843.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps time.windows.com (ntp.m|0x1|192.168.0.10:123->207.46.232.182:123).

Record Number: 23614
Source Name: W32Time
Time Written: 20090322022332.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LANGOUET
Event Code: 103
Message: msnmsgr (376) \\.\C:\Documents and Settings\Xavier\Local Settings\Application Data\Microsoft\Messenger\dimitri1989@hotmail.fr\SharingMetadata\Working\database_A6CC_7421_CC73_E9C7\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5612
Source Name: ESENT
Time Written: 20090306195934.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 102
Message: msnmsgr (376) \\.\C:\Documents and Settings\Xavier\Local Settings\Application Data\Microsoft\Messenger\dimitri1989@hotmail.fr\SharingMetadata\Working\database_A6CC_7421_CC73_E9C7\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5611
Source Name: ESENT
Time Written: 20090306192439.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 100
Message: msnmsgr (376) Le moteur de base de données 5.01.2600.2180 est démarré.

Record Number: 5610
Source Name: ESENT
Time Written: 20090306192439.000000+060
Event Type: Informations
User:

Computer Name: LANGOUET
Event Code: 4113
Message: AntiVir a détecté dans le fichier
E:\Autorun.inf
un code suspect avec la désignation 'WORM/VB.NPM.2'!

Record Number: 5609
Source Name: Avira AntiVir
Time Written: 20090306180452.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: LANGOUET
Event Code: 20
Message:
Record Number: 5608
Source Name: Google Update
Time Written: 20090306164651.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\GIS\Tools;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Installation Jeux\GTA IV\Rockstar Games Social Club
"RGSC"=C:\Installation Jeux\GTA IV\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
0
Réponse 59 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
Bon j'ai deja une bonne nouvelle,je viens de trouver par ou se reinstalles l'ask bar

Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"


Donc desinstalles la barre d'outils vuze (t'en a pas besoin pour telecharger des logiciels libres!!!)
0
Réponse 60 / 83
loloetseb Messages postés 5684 Statut Membre 174
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Program Files\AskBardis
c:\program files\asksearch



:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-



:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0