Worm magania impossible a detruire

grisonnant28 -  
 Utilisateur anonyme -
Bonjour,

Je suis sous XP SP3 Professionnel et j'ai Mcafee enterprise version 8.7.0.8.
J'ai egalement malwarebytes qui me détecte le ver magania, il le trouve essaie de le detruire en bootant mais ce worm revient toujours sur la machine.
Est ce que quelqu'un pourrait m'aider à enlever ce worm définitivement
d'avance merci

grisonnant28
Configuration: Windows XP Internet Explorer 7.0

9 réponses

  1. Utilisateur anonyme
     
    bonjour,
    poste le rapport de MBAM s'il te plait
    merci
    0
    1. grisonnant28
       
      re-bonjour

      Voici le rapport de malwarebytes:

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2775
      Windows 5.1.2600 Service Pack 3

      30/09/2009 13:35:39
      mbam-log-2009-09-30 (13-35-35).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 173157
      Temps écoulé: 22 minute(s), 15 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 4

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
      D:\Documents\ohurel\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
      D:\Documents\ohurel\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
      D:\Documents\ohurel\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.
      0
  2. Utilisateur anonyme
     
    •Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
    http://images.malwareremoval.com/random/RSIT.exe

    Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    Double clique sur RSIT.exe pour lancer l'outil.
    Clique sur ' continue ' à l'écran Disclaimer.
    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
    (log.txt & info.txt)
    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
    1. grisonnant28
       
      re-bonjour
      voici info.txt
      info.txt logfile of random's system information tool 1.06 2009-09-30 14:12:20

      ======Uninstall list======

      -->C:\PROGRA~1\REFLEC~1\Setup\R1WIN32\Setup.exe /u "C:\Program Files\Reflection\Setup\R1WIN32\UNINSTAL.INF"
      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Photoshop 6.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
      Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
      Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
      Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
      Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
      Désinstallation du logiciel Dell-->C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
      FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
      Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
      hp deskjet 5550 series (Supprimer uniquement)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall
      hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
      Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
      Intel(R) PRO Network Connections Drivers-->Prounstl.exe
      Interface Intel® Management Engine-->C:\WINDOWS\system32\heciudlg.exe -uninstall
      Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
      Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      McAfee Agent-->MsiExec.exe /X{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}
      McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
      Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
      Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
      Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
      Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
      Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
      Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
      Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
      Pack d’outils d’administration de Windows Server 2003 Service Pack 2-->MsiExec.exe /I{0D184898-C3F8-4268-8FE7-B482B4ADF086}
      PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
      Peregrine AssetCenter 4.4 (fr)-->MsiExec.exe /I{73A56222-C516-4278-AA10-48F25A8C7CDC}
      PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE
      QuestionData Saisie UCPA 6 (Désinstallation)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\QuestionData Saisie UCPA 6\Uninst.isu"
      QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
      Realtek AC'97 Audio-->Alcrmv.exe -r -m
      Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
      Reflection X 8.0-->MsiExec.exe /I{2D3597EA-CD3D-11D3-9E53-00C04FA3225F}
      Sauvegarde des Dossiers personnels Microsoft Outlook-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
      Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
      Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
      Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
      Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
      Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
      Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
      Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
      Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
      Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
      Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
      Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
      Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
      Technologie d’administration active Intel®-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
      U.S. Robotics 56K Faxmodem USB-->C:\UIU\USRUSB\HXFSETUP.EXE -U -Iusr6112k.inf
      Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
      Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
      Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
      VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
      Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
      WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
      Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
      Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

      ======Security center information======

      AV: McAfee VirusScan Enterprise

      ======System event log======

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

      Record Number: 4808
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7036
      Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

      Record Number: 4807
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

      Record Number: 4806
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7001
      Message: Le service CyberLink Task Scheduler (CTS) dépend du service CyberLink Background Capture Service (CBCS) qui n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4805
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 7000
      Message: Le service CyberLink Background Capture Service (CBCS) n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4804
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      =====Application event log=====

      Computer Name: U0901031
      Event Code: 8
      Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : A connection with the server could not be established


      Record Number: 4497
      Source Name: crypt32
      Time Written: 20090716085159.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 11
      Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon la vérification par rapport à l'horloge système en cours ou le tampon daté dans le fichier signé.


      Record Number: 4496
      Source Name: crypt32
      Time Written: 20090716085154.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 5000
      Message: Service McShield démarré.

      Version du moteur : 5301.4018

      Version du fichier DAT : 5676.0000



      Nombre de signatures dans le fichier EXTRA.DAT : Aucun

      Nom des menaces pouvant être détectées par EXTRA.DAT : Aucun

      Record Number: 4495
      Source Name: McLogEvent
      Time Written: 20090716085154.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 0
      Message: DataStore -> 10568 ms

      Record Number: 4494
      Source Name: VMCService
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 1003
      Message: Le service Windows Search a été démarré.


      Record Number: 4493
      Source Name: Windows Search Service
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      ======Environment variables======

      "CLASSPATH"=.;"C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip";C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "NUMBER_OF_PROCESSORS"=2
      "OS"=Windows_NT
      "Path"=C:\orant\bin;C:\Program Files\Fichiers communs\Crystal Decisions\2.5\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_REVISION"=170a
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "windir"=%SystemRoot%
      "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "DEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection
      "VSEDEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection

      -----------------EOF-----------------
      0
    2. grisonnant28
       
      re-bonjour
      voici info.txt
      info.txt logfile of random's system information tool 1.06 2009-09-30 14:12:20

      ======Uninstall list======

      -->C:\PROGRA~1\REFLEC~1\Setup\R1WIN32\Setup.exe /u "C:\Program Files\Reflection\Setup\R1WIN32\UNINSTAL.INF"
      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Photoshop 6.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
      Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
      Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
      Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
      Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
      Désinstallation du logiciel Dell-->C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
      FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
      Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
      hp deskjet 5550 series (Supprimer uniquement)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall
      hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
      Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
      Intel(R) PRO Network Connections Drivers-->Prounstl.exe
      Interface Intel® Management Engine-->C:\WINDOWS\system32\heciudlg.exe -uninstall
      Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
      Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      McAfee Agent-->MsiExec.exe /X{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}
      McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
      Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
      Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
      Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
      Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
      Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
      Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
      Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
      Pack d’outils d’administration de Windows Server 2003 Service Pack 2-->MsiExec.exe /I{0D184898-C3F8-4268-8FE7-B482B4ADF086}
      PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
      Peregrine AssetCenter 4.4 (fr)-->MsiExec.exe /I{73A56222-C516-4278-AA10-48F25A8C7CDC}
      PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE
      QuestionData Saisie UCPA 6 (Désinstallation)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\QuestionData Saisie UCPA 6\Uninst.isu"
      QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
      Realtek AC'97 Audio-->Alcrmv.exe -r -m
      Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
      Reflection X 8.0-->MsiExec.exe /I{2D3597EA-CD3D-11D3-9E53-00C04FA3225F}
      Sauvegarde des Dossiers personnels Microsoft Outlook-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
      Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
      Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
      Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
      Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
      Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
      Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
      Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
      Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
      Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
      Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
      Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
      Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
      Technologie d’administration active Intel®-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
      U.S. Robotics 56K Faxmodem USB-->C:\UIU\USRUSB\HXFSETUP.EXE -U -Iusr6112k.inf
      Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
      Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
      Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
      VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
      Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
      WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
      Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
      Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

      ======Security center information======

      AV: McAfee VirusScan Enterprise

      ======System event log======

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

      Record Number: 4808
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7036
      Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

      Record Number: 4807
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

      Record Number: 4806
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7001
      Message: Le service CyberLink Task Scheduler (CTS) dépend du service CyberLink Background Capture Service (CBCS) qui n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4805
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 7000
      Message: Le service CyberLink Background Capture Service (CBCS) n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4804
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      =====Application event log=====

      Computer Name: U0901031
      Event Code: 8
      Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : A connection with the server could not be established


      Record Number: 4497
      Source Name: crypt32
      Time Written: 20090716085159.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 11
      Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon la vérification par rapport à l'horloge système en cours ou le tampon daté dans le fichier signé.


      Record Number: 4496
      Source Name: crypt32
      Time Written: 20090716085154.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 5000
      Message: Service McShield démarré.

      Version du moteur : 5301.4018

      Version du fichier DAT : 5676.0000



      Nombre de signatures dans le fichier EXTRA.DAT : Aucun

      Nom des menaces pouvant être détectées par EXTRA.DAT : Aucun

      Record Number: 4495
      Source Name: McLogEvent
      Time Written: 20090716085154.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 0
      Message: DataStore -> 10568 ms

      Record Number: 4494
      Source Name: VMCService
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 1003
      Message: Le service Windows Search a été démarré.


      Record Number: 4493
      Source Name: Windows Search Service
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      ======Environment variables======

      "CLASSPATH"=.;"C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip";C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "NUMBER_OF_PROCESSORS"=2
      "OS"=Windows_NT
      "Path"=C:\orant\bin;C:\Program Files\Fichiers communs\Crystal Decisions\2.5\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_REVISION"=170a
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "windir"=%SystemRoot%
      "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "DEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection
      "VSEDEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection

      -----------------EOF-----------------
      0
    3. grisonnant28
       
      re-bonjour
      voici info.txt
      info.txt logfile of random's system information tool 1.06 2009-09-30 14:12:20

      ======Uninstall list======

      -->C:\PROGRA~1\REFLEC~1\Setup\R1WIN32\Setup.exe /u "C:\Program Files\Reflection\Setup\R1WIN32\UNINSTAL.INF"
      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Photoshop 6.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
      Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
      Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
      Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
      Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
      Désinstallation du logiciel Dell-->C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
      FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
      Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
      hp deskjet 5550 series (Supprimer uniquement)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall
      hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
      Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
      Intel(R) PRO Network Connections Drivers-->Prounstl.exe
      Interface Intel® Management Engine-->C:\WINDOWS\system32\heciudlg.exe -uninstall
      Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
      Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      McAfee Agent-->MsiExec.exe /X{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}
      McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
      Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
      Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
      Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
      Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
      Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
      Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
      Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
      Pack d’outils d’administration de Windows Server 2003 Service Pack 2-->MsiExec.exe /I{0D184898-C3F8-4268-8FE7-B482B4ADF086}
      PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
      Peregrine AssetCenter 4.4 (fr)-->MsiExec.exe /I{73A56222-C516-4278-AA10-48F25A8C7CDC}
      PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE
      QuestionData Saisie UCPA 6 (Désinstallation)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\QuestionData Saisie UCPA 6\Uninst.isu"
      QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
      Realtek AC'97 Audio-->Alcrmv.exe -r -m
      Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
      Reflection X 8.0-->MsiExec.exe /I{2D3597EA-CD3D-11D3-9E53-00C04FA3225F}
      Sauvegarde des Dossiers personnels Microsoft Outlook-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
      Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
      Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
      Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
      Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
      Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
      Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
      Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
      Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
      Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
      Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
      Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
      Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
      Technologie d’administration active Intel®-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
      U.S. Robotics 56K Faxmodem USB-->C:\UIU\USRUSB\HXFSETUP.EXE -U -Iusr6112k.inf
      Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
      Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
      Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
      VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
      Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
      WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
      Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
      Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

      ======Security center information======

      AV: McAfee VirusScan Enterprise

      ======System event log======

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

      Record Number: 4808
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7036
      Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

      Record Number: 4807
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

      Record Number: 4806
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 7001
      Message: Le service CyberLink Task Scheduler (CTS) dépend du service CyberLink Background Capture Service (CBCS) qui n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4805
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 7000
      Message: Le service CyberLink Background Capture Service (CBCS) n'a pas pu démarrer en raison de l'erreur :
      Le chemin d'accès spécifié est introuvable.


      Record Number: 4804
      Source Name: Service Control Manager
      Time Written: 20090803090452.000000+120
      Event Type: erreur
      User:

      =====Application event log=====

      Computer Name: U0901031
      Event Code: 8
      Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : A connection with the server could not be established


      Record Number: 4497
      Source Name: crypt32
      Time Written: 20090716085159.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 11
      Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon la vérification par rapport à l'horloge système en cours ou le tampon daté dans le fichier signé.


      Record Number: 4496
      Source Name: crypt32
      Time Written: 20090716085154.000000+120
      Event Type: erreur
      User:

      Computer Name: U0901031
      Event Code: 5000
      Message: Service McShield démarré.

      Version du moteur : 5301.4018

      Version du fichier DAT : 5676.0000



      Nombre de signatures dans le fichier EXTRA.DAT : Aucun

      Nom des menaces pouvant être détectées par EXTRA.DAT : Aucun

      Record Number: 4495
      Source Name: McLogEvent
      Time Written: 20090716085154.000000+120
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: U0901031
      Event Code: 0
      Message: DataStore -> 10568 ms

      Record Number: 4494
      Source Name: VMCService
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      Computer Name: U0901031
      Event Code: 1003
      Message: Le service Windows Search a été démarré.


      Record Number: 4493
      Source Name: Windows Search Service
      Time Written: 20090716085151.000000+120
      Event Type: Informations
      User:

      ======Environment variables======

      "CLASSPATH"=.;"C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip";C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "NUMBER_OF_PROCESSORS"=2
      "OS"=Windows_NT
      "Path"=C:\orant\bin;C:\Program Files\Fichiers communs\Crystal Decisions\2.5\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_REVISION"=170a
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "windir"=%SystemRoot%
      "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "DEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection
      "VSEDEFLOGDIR"=D:\Documents\All Users\Application Data\McAfee\DesktopProtection

      -----------------EOF-----------------
      0
    4. grisonnant28
       
      re-bonjour voici log.txt
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by ohurel at 2009-09-30 14:12:16
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 29 GB (72%) free of 40 GB
      Total RAM: 3318 MB (80% free)

      HijackThis download failed

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
      Yahoo! Toolbar Helper

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
      Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
      scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-04-29 67120]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
      JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-01-16 136512]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
      "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
      "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-04-29 124240]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
      "cdoosoft"=D:\DOCUME~1\ohurel\LOCALS~1\Temp\herss.exe [2009-09-30 116840]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
      C:\Program Files\Intel\AMT\atchk.exe [2007-07-06 408088]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
      C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
      C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-09-22 2073088]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
      []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
      C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
      C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
      C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
      C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^VPN Client.lnk]
      C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-09-22 6144]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
      C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "CyberLink Media Library Service"=2

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
      C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
      C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "DisableCAD"=0

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "HonorAutoRunSetting"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema"
      "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
      "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
      "C:\WINDOWS\system32\usmt\migwiza.exe"="C:\WINDOWS\system32\usmt\migwiza.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
      "\\nf800\install\ZAktools\$$PROGRAMS\GHOST\GHOST32.EXE"="\\nf800\install\ZAktools\$$PROGRAMS\GHOST\GHOST32.EXE:*:Enabled:GHOST32.EXE"
      "\\nf800\2is\Mig-test\usmt\migwiz.exe"="\\nf800\2is\Mig-test\usmt\migwiz.exe:*:Enabled:migwiz.exe"
      "C:\Program Files\Reflection\Rx.exe"="C:\Program Files\Reflection\Rx.exe:*:Enabled:Reflection X for Windows 95 and Windows NT"
      "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
      "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
      "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:LocalSubNet:Enabled:SUPERAntiSpyware Free Edition"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      shell\AutoRun\command - D:\9jyhdim8.exe
      shell\open\command - D:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
      shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a227773-0ee0-11de-95ad-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a227774-0ee0-11de-95ad-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50f0e21f-4b5b-11de-95e3-002185ca9539}]
      shell\AutoRun\command - F:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d6b364c-fdce-11dd-959f-002185ca9539}]
      shell\AutoRun\command - F:\eaywxx.cmd
      shell\open\command - F:\eaywxx.cmd

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a35491c-5fe0-11de-95f0-002185ca9539}]
      shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a66443e-e6f8-11dd-9581-806d6172696f}]
      shell\AutoRun\command - C:\9jyhdim8.exe
      shell\open\command - C:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a66443f-e6f8-11dd-9581-806d6172696f}]
      shell\AutoRun\command - D:\9jyhdim8.exe
      shell\open\command - D:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cc7d19a-6bc4-11de-95fc-002185ca9539}]
      shell\AutoRun\command - F:\cj1m.com
      shell\open\command - F:\cj1m.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce1dc5a8-9875-11de-9618-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9a27a74-97c3-11de-9617-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8b83677-9630-11de-9615-002185ca9539}]
      shell\AutoRun\command - F:\mranjm.exe
      shell\open\command - F:\mranjm.exe


      ======List of files/folders created in the last 1 months======

      2009-09-30 14:12:17 ----D---- C:\Program Files\trend micro
      2009-09-30 14:12:16 ----D---- C:\rsit
      2009-09-30 13:22:08 ----A---- C:\WINDOWS\system32\mfevtps.exe
      2009-09-30 13:20:37 ----D---- C:\Program Files\Fichiers communs\McAfee
      2009-09-30 10:11:12 ----RSH---- C:\9jyhdim8.exe
      2009-09-30 10:10:37 ----RSH---- C:\rg9g9bgq.exe
      2009-09-30 09:47:36 ----SHD---- C:\Config.Msi
      2009-09-30 09:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
      2009-09-30 09:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
      2009-09-30 09:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
      2009-09-30 09:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
      2009-09-30 09:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
      2009-09-30 09:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
      2009-09-30 09:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
      2009-09-30 09:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
      2009-09-30 09:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
      2009-09-30 09:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
      2009-09-30 09:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
      2009-09-30 09:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
      2009-09-30 09:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
      2009-09-30 09:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
      2009-09-30 09:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
      2009-09-30 09:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
      2009-09-29 17:07:51 ----D---- C:\Program Files\RegCleaner
      2009-09-29 10:33:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2009-09-28 11:23:43 ----RSH---- C:\mranjm.exe
      2009-09-25 15:20:34 ----D---- D:\Documents\ohurel\Application Data\webex
      2009-09-22 17:01:12 ----D---- C:\Program Files\Fichiers communs\Deterministic Networks
      2009-09-03 12:56:31 ----D---- D:\Documents\All Users\Application Data\SUPERAntiSpyware.com
      2009-09-03 12:56:22 ----D---- D:\Documents\ohurel\Application Data\SUPERAntiSpyware.com
      2009-09-03 12:56:22 ----D---- C:\Program Files\SUPERAntiSpyware
      2009-09-03 12:55:56 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2009-09-03 12:38:36 ----D---- D:\Documents\All Users\Application Data\Vodafone
      2009-09-03 12:38:33 ----D---- C:\Program Files\Vodafone

      ======List of files/folders modified in the last 1 months======

      2009-09-30 14:12:17 ----RD---- C:\Program Files
      2009-09-30 13:45:24 ----D---- C:\WINDOWS\Temp
      2009-09-30 13:44:53 ----D---- C:\WINDOWS\system32\CatRoot2
      2009-09-30 13:44:51 ----A---- C:\WINDOWS\system32\log.txt
      2009-09-30 13:44:43 ----D---- C:\WINDOWS\system32
      2009-09-30 13:43:33 ----A---- C:\WINDOWS\SchedLgU.Txt
      2009-09-30 13:22:43 ----SHD---- C:\WINDOWS\Installer
      2009-09-30 13:22:43 ----D---- C:\WINDOWS
      2009-09-30 13:22:08 ----D---- C:\WINDOWS\system32\drivers
      2009-09-30 13:20:37 ----D---- C:\Program Files\McAfee
      2009-09-30 13:20:37 ----D---- C:\Program Files\Fichiers communs
      2009-09-30 11:36:57 ----A---- C:\WINDOWS\ntbtlog.txt
      2009-09-30 09:50:28 ----D---- D:\Documents\All Users\Application Data\McAfee
      2009-09-30 09:28:41 ----D---- C:\WINDOWS\system32\wbem
      2009-09-30 09:28:41 ----D---- C:\WINDOWS\AppPatch
      2009-09-30 09:10:06 ----HD---- C:\WINDOWS\inf
      2009-09-30 09:10:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
      2009-09-30 09:10:00 ----A---- C:\WINDOWS\imsins.BAK
      2009-09-30 09:09:42 ----D---- D:\Documents\All Users\Application Data\Microsoft Help
      2009-09-30 09:08:56 ----HD---- C:\WINDOWS\$hf_mig$
      2009-09-30 09:07:52 ----D---- C:\Program Files\Windows Desktop Search
      2009-09-30 09:03:32 ----D---- C:\WINDOWS\security
      2009-09-29 17:55:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2009-09-29 17:34:38 ----D---- C:\WINDOWS\system32\Restore
      2009-09-29 17:33:49 ----SHD---- C:\System Volume Information
      2009-09-29 11:02:37 ----A---- C:\WINDOWS\system.ini
      2009-09-29 11:02:36 ----RH---- C:\ASSET.BAT
      2009-09-28 16:11:01 ----A---- C:\WINDOWS\ModemLog_Olitec Self Memory Serial.txt
      2009-09-25 16:40:21 ----SD---- C:\WINDOWS\Downloaded Program Files
      2009-09-25 16:22:30 ----D---- C:\Program Files\Unlocker
      2009-09-22 17:06:29 ----RASH---- C:\boot.ini
      2009-09-22 17:06:29 ----A---- C:\WINDOWS\win.ini
      2009-09-22 09:04:55 ----A---- C:\WINDOWS\NeroDigital.ini
      2009-09-22 08:54:26 ----D---- D:\Documents\ohurel\Application Data\Ahead
      2009-09-17 16:40:02 ----D---- C:\WINDOWS\Prefetch
      2009-09-16 09:32:11 ----A---- C:\WINDOWS\webica.ini
      2009-09-10 11:37:11 ----D---- C:\QUARANTINE
      2009-09-08 08:54:42 ----D---- D:\Documents\ohurel\Application Data\U3

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
      R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
      R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-04-29 63696]
      R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
      R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
      R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
      R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
      R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
      R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
      R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-05-11 45056]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
      R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
      R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-06-05 36608]
      R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
      R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
      R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-04-29 75704]
      R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-04-29 91640]
      R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-04-29 43288]
      R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-28 12288]
      R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
      R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
      S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
      S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
      S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
      S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
      S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
      S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
      S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
      S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-09-15 7680]
      S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-04-29 65224]
      S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
      S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
      S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
      S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
      S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
      S3 Winacusb;Winacusb; C:\WINDOWS\system32\DRIVERS\winacusb.sys []
      S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-09-15 104960]
      S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2008-09-15 110080]
      S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-09-15 104960]
      S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-09-15 104960]
      S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2008-09-15 104960]
      S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
      S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-07-06 182808]
      R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
      R2 idasrv602;Peregrine Desktop Administration Server 6.0.2; C:\Program Files\Peregrine\Desktop Administration Server\bin\idasrv.exe [2004-12-07 1204496]
      R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
      R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-07-06 109080]
      R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-04-29 21256]
      R2 McAfeeFramework;Service McAfee Framework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-01-16 103744]
      R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-04-29 144888]
      R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-04-29 62800]
      R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
      R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-04-29 70216]
      R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-07-06 2521624]
      R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-09-22 14336]
      R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
      S2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe []
      S2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe []
      S3 amsrv44;AssetCenter Server 4.4; C:\Program Files\Peregrine\AssetCenter\amsrv\bin\amsrv.exe [2005-06-07 5366032]
      S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
      S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [1999-10-04 101136]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe []
      S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

      -----------------EOF-----------------
      0
  3. Utilisateur anonyme
     
    tu m'as posté 3 fois le rapport info.txt, il me faudra aussi l'autre rapport

    log.txt

    merci
    0
    1. grisonnant28
       
      voici le rapport
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by ohurel at 2009-09-30 14:25:24
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 29 GB (72%) free of 40 GB
      Total RAM: 3318 MB (79% free)

      HijackThis download failed

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
      Yahoo! Toolbar Helper

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
      Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
      scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-04-29 67120]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
      JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-01-16 136512]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
      "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
      "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-04-29 124240]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
      "cdoosoft"=D:\DOCUME~1\ohurel\LOCALS~1\Temp\herss.exe [2009-09-30 116840]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
      C:\Program Files\Intel\AMT\atchk.exe [2007-07-06 408088]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
      C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
      C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-09-22 2073088]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
      []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
      C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
      C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
      C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
      C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^VPN Client.lnk]
      C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-09-22 6144]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
      C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "CyberLink Media Library Service"=2

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
      C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
      C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "DisableCAD"=0

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "HonorAutoRunSetting"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema"
      "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
      "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
      "C:\WINDOWS\system32\usmt\migwiza.exe"="C:\WINDOWS\system32\usmt\migwiza.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
      "\\nf800\install\ZAktools\$$PROGRAMS\GHOST\GHOST32.EXE"="\\nf800\install\ZAktools\$$PROGRAMS\GHOST\GHOST32.EXE:*:Enabled:GHOST32.EXE"
      "\\nf800\2is\Mig-test\usmt\migwiz.exe"="\\nf800\2is\Mig-test\usmt\migwiz.exe:*:Enabled:migwiz.exe"
      "C:\Program Files\Reflection\Rx.exe"="C:\Program Files\Reflection\Rx.exe:*:Enabled:Reflection X for Windows 95 and Windows NT"
      "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
      "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
      "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:LocalSubNet:Enabled:SUPERAntiSpyware Free Edition"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      shell\AutoRun\command - D:\9jyhdim8.exe
      shell\open\command - D:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
      shell\AutoRun\command - H:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a227773-0ee0-11de-95ad-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a227774-0ee0-11de-95ad-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50f0e21f-4b5b-11de-95e3-002185ca9539}]
      shell\AutoRun\command - F:\LaunchU3.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d6b364c-fdce-11dd-959f-002185ca9539}]
      shell\AutoRun\command - F:\eaywxx.cmd
      shell\open\command - F:\eaywxx.cmd

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a35491c-5fe0-11de-95f0-002185ca9539}]
      shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a66443e-e6f8-11dd-9581-806d6172696f}]
      shell\AutoRun\command - C:\9jyhdim8.exe
      shell\open\command - C:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a66443f-e6f8-11dd-9581-806d6172696f}]
      shell\AutoRun\command - D:\9jyhdim8.exe
      shell\open\command - D:\9jyhdim8.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cc7d19a-6bc4-11de-95fc-002185ca9539}]
      shell\AutoRun\command - F:\cj1m.com
      shell\open\command - F:\cj1m.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce1dc5a8-9875-11de-9618-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9a27a74-97c3-11de-9617-002185ca9539}]
      shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8b83677-9630-11de-9615-002185ca9539}]
      shell\AutoRun\command - F:\mranjm.exe
      shell\open\command - F:\mranjm.exe


      ======List of files/folders created in the last 1 months======

      2009-09-30 14:12:17 ----D---- C:\Program Files\trend micro
      2009-09-30 14:12:16 ----D---- C:\rsit
      2009-09-30 13:22:08 ----A---- C:\WINDOWS\system32\mfevtps.exe
      2009-09-30 13:20:37 ----D---- C:\Program Files\Fichiers communs\McAfee
      2009-09-30 10:11:12 ----RSH---- C:\9jyhdim8.exe
      2009-09-30 10:10:37 ----RSH---- C:\rg9g9bgq.exe
      2009-09-30 09:47:36 ----SHD---- C:\Config.Msi
      2009-09-30 09:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
      2009-09-30 09:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
      2009-09-30 09:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
      2009-09-30 09:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
      2009-09-30 09:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
      2009-09-30 09:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
      2009-09-30 09:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
      2009-09-30 09:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
      2009-09-30 09:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
      2009-09-30 09:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
      2009-09-30 09:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
      2009-09-30 09:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
      2009-09-30 09:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
      2009-09-30 09:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
      2009-09-30 09:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
      2009-09-30 09:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
      2009-09-29 17:07:51 ----D---- C:\Program Files\RegCleaner
      2009-09-29 10:33:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2009-09-28 11:23:43 ----RSH---- C:\mranjm.exe
      2009-09-25 15:20:34 ----D---- D:\Documents\ohurel\Application Data\webex
      2009-09-22 17:01:12 ----D---- C:\Program Files\Fichiers communs\Deterministic Networks
      2009-09-03 12:56:31 ----D---- D:\Documents\All Users\Application Data\SUPERAntiSpyware.com
      2009-09-03 12:56:22 ----D---- D:\Documents\ohurel\Application Data\SUPERAntiSpyware.com
      2009-09-03 12:56:22 ----D---- C:\Program Files\SUPERAntiSpyware
      2009-09-03 12:55:56 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2009-09-03 12:38:36 ----D---- D:\Documents\All Users\Application Data\Vodafone
      2009-09-03 12:38:33 ----D---- C:\Program Files\Vodafone

      ======List of files/folders modified in the last 1 months======

      2009-09-30 14:12:17 ----RD---- C:\Program Files
      2009-09-30 13:45:24 ----D---- C:\WINDOWS\Temp
      2009-09-30 13:44:53 ----D---- C:\WINDOWS\system32\CatRoot2
      2009-09-30 13:44:51 ----A---- C:\WINDOWS\system32\log.txt
      2009-09-30 13:44:43 ----D---- C:\WINDOWS\system32
      2009-09-30 13:43:33 ----A---- C:\WINDOWS\SchedLgU.Txt
      2009-09-30 13:22:43 ----SHD---- C:\WINDOWS\Installer
      2009-09-30 13:22:43 ----D---- C:\WINDOWS
      2009-09-30 13:22:08 ----D---- C:\WINDOWS\system32\drivers
      2009-09-30 13:20:37 ----D---- C:\Program Files\McAfee
      2009-09-30 13:20:37 ----D---- C:\Program Files\Fichiers communs
      2009-09-30 11:36:57 ----A---- C:\WINDOWS\ntbtlog.txt
      2009-09-30 09:50:28 ----D---- D:\Documents\All Users\Application Data\McAfee
      2009-09-30 09:28:41 ----D---- C:\WINDOWS\system32\wbem
      2009-09-30 09:28:41 ----D---- C:\WINDOWS\AppPatch
      2009-09-30 09:10:06 ----HD---- C:\WINDOWS\inf
      2009-09-30 09:10:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
      2009-09-30 09:10:00 ----A---- C:\WINDOWS\imsins.BAK
      2009-09-30 09:09:42 ----D---- D:\Documents\All Users\Application Data\Microsoft Help
      2009-09-30 09:08:56 ----HD---- C:\WINDOWS\$hf_mig$
      2009-09-30 09:07:52 ----D---- C:\Program Files\Windows Desktop Search
      2009-09-30 09:03:32 ----D---- C:\WINDOWS\security
      2009-09-29 17:55:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2009-09-29 17:34:38 ----D---- C:\WINDOWS\system32\Restore
      2009-09-29 17:33:49 ----SHD---- C:\System Volume Information
      2009-09-29 11:02:37 ----A---- C:\WINDOWS\system.ini
      2009-09-29 11:02:36 ----RH---- C:\ASSET.BAT
      2009-09-28 16:11:01 ----A---- C:\WINDOWS\ModemLog_Olitec Self Memory Serial.txt
      2009-09-25 16:40:21 ----SD---- C:\WINDOWS\Downloaded Program Files
      2009-09-25 16:22:30 ----D---- C:\Program Files\Unlocker
      2009-09-22 17:06:29 ----RASH---- C:\boot.ini
      2009-09-22 17:06:29 ----A---- C:\WINDOWS\win.ini
      2009-09-22 09:04:55 ----A---- C:\WINDOWS\NeroDigital.ini
      2009-09-22 08:54:26 ----D---- D:\Documents\ohurel\Application Data\Ahead
      2009-09-17 16:40:02 ----D---- C:\WINDOWS\Prefetch
      2009-09-16 09:32:11 ----A---- C:\WINDOWS\webica.ini
      2009-09-10 11:37:11 ----D---- C:\QUARANTINE
      2009-09-08 08:54:42 ----D---- D:\Documents\ohurel\Application Data\U3

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
      R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
      R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-04-29 63696]
      R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
      R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
      R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
      R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
      R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
      R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
      R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-05-11 45056]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
      R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
      R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-06-05 36608]
      R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
      R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
      R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-04-29 75704]
      R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-04-29 91640]
      R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-04-29 43288]
      R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-28 12288]
      R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
      R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
      S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
      S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
      S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
      S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
      S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
      S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
      S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
      S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-09-15 7680]
      S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-04-29 65224]
      S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
      S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
      S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
      S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
      S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
      S3 Winacusb;Winacusb; C:\WINDOWS\system32\DRIVERS\winacusb.sys []
      S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-09-15 104960]
      S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2008-09-15 110080]
      S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-09-15 104960]
      S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-09-15 104960]
      S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2008-09-15 104960]
      S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
      S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-07-06 182808]
      R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
      R2 idasrv602;Peregrine Desktop Administration Server 6.0.2; C:\Program Files\Peregrine\Desktop Administration Server\bin\idasrv.exe [2004-12-07 1204496]
      R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
      R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-07-06 109080]
      R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-04-29 21256]
      R2 McAfeeFramework;Service McAfee Framework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-01-16 103744]
      R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-04-29 144888]
      R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-04-29 62800]
      R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
      R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-04-29 70216]
      R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-07-06 2521624]
      R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-09-22 14336]
      R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
      S2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe []
      S2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe []
      S3 amsrv44;AssetCenter Server 4.4; C:\Program Files\Peregrine\AssetCenter\amsrv\bin\amsrv.exe [2005-06-07 5366032]
      S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
      S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [1999-10-04 101136]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe []
      S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

      -----------------EOF-----------------
      0
  4. Utilisateur anonyme
     
    •télécharge GenProc sur ton bureau :
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    ou ici : http://www.genproc.com/GenProc.exe

    dézippe le dossier, puis double-clique sur GenProc.bat
    le programme va s'executer et générer un rappor à la fin de sacn

    poste le contenu du rappor généré par genproc

    Aide en images : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

    ou ici directement : http://www.genproc.com/GenProc.exe

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

    ou télécharge GenProc directement http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
    1. grisonnant28
       
      voici le rapport de genproc
      Rapport GenProc 2.633 [1] - 30/09/2009 à 14:40:42
      @ Windows XP Service Pack 3 - Mode normal
      @ Internet Explorer (7.0.5730.13) [Navigateur par défaut]

      ~~ ECHEC DU TELECHARGEMENT DE CM ~~
      ~~ ECHEC DU TELECHARGEMENT DE MBR.EXE ~~

      # Etape 1/ Télécharge :

      - CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

      - USBFix http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe (Chiquitine29) sur le Bureau, et procède simplement à son installation.


      Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** ohurel *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


      # Etape 2/

      Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir, puis double-clique sur le raccourci USBFix présent sur ton Bureau : choisis l' option 2 (Suppression), ton bureau disparaitra et le pc redémarrera. Au redémarrage, USBFix scannera ton pc, laisse travailler l'outil.

      # Etape 3/

      Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

      # Etape 4/

      Redémarre normalement et poste, dans la même réponse :

      - Le contenu du rapport UsbFix.txt situé dans C:\ ;
      - Un nouveau rapport HijackThis ;
      - Un nouveau rapport GenProc ;

      Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

      ~~ Arguments de la procédure ~~


      # Détections [1] GenProc 2.633 30/09/2009 à 14:40:55
      USBFix:le 30/09/2009 à 14:41:29 "D:\DOCUME~1\ohurel\LOCALS~1\Temp\cvasds0.dll"

      ----------------------------------------------------------------------
      Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
      ----------------------------------------------------------------------

      ~~ Fin à 14:42:58 ~~
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    suis la procédure avec Cliner et usbfix dans l'ordre et poste leur rapports S'il te plait
    0
    1. grisonnant28
       
      bonsoir voici le rapport

      ############################## | UsbFix V6.037 |

      User : ohurel () # U0901031
      Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 15:11:27 | 30/09/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html

      Processeur Intel Pentium III Xeon
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 7.0.5730.13
      Windows Firewall Status : Enabled
      AV : McAfee VirusScan Enterprise 8.7.0.570 [ Enabled | Updated ]

      C:\ -> Disque fixe local # 39.06 Go (28 Go free) [SYSTEM] # NTFS
      D:\ -> Disque fixe local # 100.22 Go (90.11 Go free) [DATA] # NTFS
      E:\ -> Disque CD-ROM
      Q:\ -> Connexion réseau # 36 Go (1.84 Go free) [dsi] # NTFS
      S:\ -> Connexion réseau # 926.6 Go (799.24 Go free) [mig] # NTFS
      U:\ -> Connexion réseau # 36 Go (1.84 Go free) [dsi] # NTFS
      V:\ -> Connexion réseau # 36 Go (1.84 Go free) [dsi] # NTFS
      W:\ -> Connexion réseau # 393.04 Go (28.52 Go free) [ucpadata] # NTFS
      X:\ -> Connexion réseau # 926.6 Go (799.24 Go free) [install] # NTFS
      Y:\ -> Connexion réseau # 926.6 Go (799.24 Go free) [ghost] # NTFS
      Z:\ -> Connexion réseau # 30.01 Go (14.16 Go free) # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\AMT\atchksrv.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\Program Files\Peregrine\Desktop Administration Server\bin\idasrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Intel\AMT\LMS.exe
      C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\mfevtps.exe
      C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
      C:\Program Files\Intel\AMT\UNS.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\Explorer.EXE

      ################## | Fichiers # Dossiers infectieux |


      ################## | Registre # Clés Run infectieuses |

      Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"

      ################## | Registre # Mountpoints2 |

      Supprimé ! HKCU\...\Explorer\MountPoints2\H\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{1a227773-0ee0-11de-95ad-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{1a227774-0ee0-11de-95ad-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{50f0e21f-4b5b-11de-95e3-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{7d6b364c-fdce-11dd-959f-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{8a35491c-5fe0-11de-95f0-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{9cc7d19a-6bc4-11de-95fc-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{ce1dc5a8-9875-11de-9618-002185ca9539}\Shell\AutoRun\Command
      Supprimé ! HKCU\...\Explorer\MountPoints2\{d9a27a74-97c3-11de-9617-002185ca9539}\Shell\AutoRun\Command

      ################## | Listing des fichiers présent |

      [29/09/2009 11:02|-r-h-----|207] C:\ASSET.BAT
      [27/06/2006 09:29|--a------|0] C:\AUTOEXEC.BAT
      [22/06/2006 12:26|--ahs----|211] C:\BOOT.BAK
      [22/09/2009 17:06|-rahs----|212] C:\boot.ini
      [28/09/2001 14:00|-rahs----|4952] C:\Bootfont.bin
      [05/08/2004 14:00|-rahs----|263488] C:\cmldr
      [27/06/2006 09:29|--a------|0] C:\CONFIG.SYS
      [22/06/2006 12:27|-rahs----|0] C:\IO.SYS
      [22/06/2006 12:27|-rahs----|0] C:\MSDOS.SYS
      [03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM
      [23/10/2008 11:10|-rahs----|252240] C:\ntldr
      [07/09/2006 15:08|--ahs----|20] C:\ntuser.ini
      [?|?|?] C:\pagefile.sys
      [29/09/2009 16:50|-r-hs----|117960] C:\rg9g9bgq.exe
      [30/09/2009 15:20|--a------|4411] D:\UsbFix.txt
      [18/03/2009 15:28|--a------|1583904] D:\USR5633b-v173.046-TBR21x86.exe
      [23/07/2009 14:07|--a------|55324] Q:\NOTI_FAC01_23072009.txt
      [22/02/2009 20:00|--a------|746496] U:\config-scan to folder.doc
      [28/02/2002 16:29|--a------|176128] U:\Sécurité des systèmes clients.doc
      [01/03/2002 13:29|--a------|156160] U:\Sécurité des systèmes clients drh.doc
      [05/08/2008 10:55|--a------|51200] U:\Inventaire poste isolé.doc
      [05/01/2004 14:05|--a------|224256] U:\Procédure de personnalisation V1.2.doc
      [22/06/2004 17:03|--a------|27136] U:\MAJ_ASSET_TAG.DOC
      [03/12/2004 15:41|--a------|33280] U:\clonage de la partition systeme.doc
      [05/08/2008 10:11|--a------|44032] U:\Inventaire Parc Informatique.doc
      [30/11/2007 10:36|--a------|74752] U:\porcédure-connexion Wireless.doc
      [11/06/2007 18:05|-ra------|74752] U:\Installation Carte SFR 3G+.doc
      [21/02/2008 18:44|--a------|2877440] U:\scan-to-folder.doc
      [06/11/2008 10:59|--a------|1868800] U:\20081028-webmail.doc
      [09/07/2008 23:08|--a------|288768] U:\personnalisation_dell_V1.doc
      [06/11/2008 11:03|--a------|956641] U:\20081028-webmail.pdf
      [07/11/2008 15:38|--a------|2862080] U:\scan-to-folder-DRH.doc
      [17/02/2009 16:35|--a------|36583] U:\Procédure compatibilité carte 3G ancienne génération.docx
      [23/08/2000 22:27|--a------|278585] V:\ntwdblib.DLL
      [22/02/2005 17:05|---------|412893344] W:\offices97pro.rar
      [17/01/2007 13:06|--a------|266896720] W:\X12-69908.exe
      [21/08/2007 17:55|--a------|8704] W:\Fichier bribes.shs
      [23/02/2005 18:21|---------|11386516] W:\access2.rar
      [04/05/2009 15:50|--a------|22729] W:\newkey
      [29/03/2007 17:25|--a------|7081104] W:\SQLyog527.exe
      [22/05/2007 10:07|--a------|23693298] W:\mysql-4.0.15-win.zip
      [11/12/2006 11:44|--a------|19058331] W:\Virtual PC 2004 SP1.zip
      [12/12/2006 14:52|--a------|40552152] W:\SQLEXPR32_FRN.EXE
      [04/05/2009 15:50|--a------|22729] W:\newfile.enc
      [13/08/2008 16:26|--a------|276] W:\Err_word.txt
      [20/08/2008 15:09|--a------|170177] W:\Creature.rar
      [06/12/2007 16:55|--a------|131828237] W:\powerdesigner125_eval.exe
      [12/03/2008 16:04|--a------|10253312] W:\odbc-odbc-bridge-2_1_0-windows-x86.msi
      [04/03/2009 11:47|--a------|251838933] W:\FileMaker Pro 9.0v3.zip
      [11/03/2009 19:12|--a------|4469] W:\Carte Birdie.rpx
      [22/09/2009 13:31|--a------|81] X:\clef wifi.txt
      [04/10/2007 16:34|--a------|833] Y:\Raccourci vers versioning.xls.lnk
      [13/05/2009 17:50|--a------|5283464] Y:\ghost32.exe
      [11/05/2006 11:16|---------|192311] Z:\47444745.upd
      [06/07/2006 23:03|---------|244509] Z:\47864787.upd
      [21/08/2006 23:14|---------|137094] Z:\48194820.upd
      [21/08/2006 23:14|---------|22820] Z:\48194820avv.gem
      [18/09/2006 23:06|---------|199394] Z:\48394840.upd
      [18/09/2006 23:06|---------|23380] Z:\48394840avv.gem
      [19/09/2006 23:07|---------|183863] Z:\48404841.upd
      [19/09/2006 23:07|---------|21628] Z:\48404841avv.gem
      [02/12/2006 00:06|---------|202036] Z:\48944895.upd
      [02/12/2006 00:06|---------|24588] Z:\48944895avv.gem
      [05/12/2006 00:08|---------|196306] Z:\48954896.upd
      [05/12/2006 00:08|---------|31900] Z:\48954896avv.gem
      [06/12/2006 00:09|---------|179405] Z:\48964897.upd
      [06/12/2006 00:09|---------|22388] Z:\48964897avv.gem
      [12/12/2006 00:04|---------|171819] Z:\49014902.upd
      [12/12/2006 00:04|---------|15572] Z:\49014902avv.gem
      [12/01/2007 00:06|---------|137827] Z:\49224923.upd
      [12/01/2007 00:06|---------|42228] Z:\49224923avv.gem
      [13/02/2007 00:08|---------|125412] Z:\49464947.upd
      [13/02/2007 00:08|---------|48084] Z:\49464947avv.gem
      [21/02/2007 00:07|---------|144530] Z:\49524953.upd
      [21/02/2007 00:07|---------|45148] Z:\49524953avv.gem
      [14/09/2007 23:05|---------|221464] Z:\51055106.upd
      [14/09/2007 23:05|---------|31756] Z:\51055106avv.gem
      [31/03/2009 14:44|---------|193649] Z:\55535554.upd
      [31/03/2009 14:45|---------|116548] Z:\55535554avv.gem
      [31/03/2009 14:44|---------|326874] Z:\55545555.upd
      [31/03/2009 14:44|---------|88812] Z:\55545555avv.gem
      [31/03/2009 14:44|---------|551983] Z:\55555556.upd
      [31/03/2009 14:44|---------|304948] Z:\55555556avv.gem
      [31/03/2009 14:44|---------|371976] Z:\55565557.upd
      [31/03/2009 14:44|---------|193436] Z:\55565557avv.gem
      [31/03/2009 14:44|---------|460546] Z:\55575558.upd
      [31/03/2009 14:44|---------|255404] Z:\55575558avv.gem
      [31/03/2009 14:44|---------|477915] Z:\55585559.upd
      [31/03/2009 14:44|---------|250100] Z:\55585559avv.gem
      [31/03/2009 14:44|---------|566898] Z:\55595560.upd
      [31/03/2009 14:44|---------|490772] Z:\55595560avv.gem
      [31/03/2009 14:44|---------|291340] Z:\55605561.upd
      [31/03/2009 14:44|---------|211476] Z:\55605561avv.gem
      [31/03/2009 14:44|---------|354148] Z:\55615562.upd
      [31/03/2009 14:44|---------|107356] Z:\55615562avv.gem
      [31/03/2009 14:44|---------|374586] Z:\55625563.upd
      [31/03/2009 14:44|---------|168804] Z:\55625563avv.gem
      [31/03/2009 14:44|---------|525826] Z:\55635564.upd
      [31/03/2009 14:44|---------|275764] Z:\55635564avv.gem
      [31/03/2009 14:44|---------|368384] Z:\55645565.upd
      [31/03/2009 14:44|---------|143060] Z:\55645565avv.gem
      [31/03/2009 14:44|---------|474353] Z:\55655566.upd
      [31/03/2009 14:44|---------|212876] Z:\55655566avv.gem
      [31/03/2009 14:44|---------|272046] Z:\55665567.upd
      [31/03/2009 14:44|---------|192892] Z:\55665567avv.gem
      [31/03/2009 14:44|---------|148190] Z:\55675568.upd
      [31/03/2009 14:44|---------|72204] Z:\55675568avv.gem
      [30/07/2009 23:11|---------|216756] Z:\56585659avv.gem
      [30/07/2009 23:11|---------|173972] Z:\56595660avv.gem
      [30/07/2009 23:11|---------|53716] Z:\56605661avv.gem
      [30/07/2009 23:11|---------|205164] Z:\56615662avv.gem
      [30/07/2009 23:11|---------|316620] Z:\56625663avv.gem
      [30/07/2009 23:10|---------|229872] Z:\56785679.upd
      [30/07/2009 23:10|---------|336749] Z:\56795680.upd
      [30/07/2009 23:10|---------|357160] Z:\56805681.upd
      [30/07/2009 23:10|---------|329761] Z:\56815682.upd
      [30/07/2009 23:10|---------|385380] Z:\56825683.upd
      [30/09/2009 00:14|---------|141340] Z:\57215722avv.gem
      [30/09/2009 00:14|---------|155660] Z:\57225723avv.gem
      [30/09/2009 00:14|---------|376508] Z:\57235724avv.gem
      [30/09/2009 00:14|---------|387404] Z:\57245725avv.gem
      [30/09/2009 00:14|---------|423548] Z:\57255726avv.gem
      [30/09/2009 00:14|---------|127676] Z:\57265727avv.gem
      [30/09/2009 00:14|---------|265572] Z:\57275728avv.gem
      [30/09/2009 00:14|---------|1156] Z:\57285729avv.gem
      [30/09/2009 00:14|---------|244860] Z:\57295730avv.gem
      [30/09/2009 00:14|---------|125724] Z:\57305731avv.gem
      [30/09/2009 00:14|---------|130460] Z:\57315732avv.gem
      [30/09/2009 00:14|---------|238084] Z:\57325733avv.gem
      [30/09/2009 00:14|---------|171124] Z:\57335734avv.gem
      [30/09/2009 00:14|---------|61196] Z:\57345735avv.gem
      [30/09/2009 00:14|---------|52228] Z:\57355736avv.gem
      [30/09/2009 00:14|---------|59804] Z:\57365737avv.gem
      [30/09/2009 00:14|---------|129932] Z:\57375738avv.gem
      [30/09/2009 00:14|---------|90764] Z:\57385739avv.gem
      [30/09/2009 00:14|---------|75988] Z:\57395740avv.gem
      [30/09/2009 00:14|---------|34660] Z:\57405741avv.gem
      [30/09/2009 00:14|---------|305788] Z:\57415742.upd
      [30/09/2009 00:14|---------|137772] Z:\57415742avv.gem
      [30/09/2009 00:14|---------|304841] Z:\57425743.upd
      [30/09/2009 00:14|---------|114780] Z:\57425743avv.gem
      [30/09/2009 00:14|---------|316830] Z:\57435744.upd
      [30/09/2009 00:14|---------|101460] Z:\57435744avv.gem
      [30/09/2009 00:14|---------|310757] Z:\57445745.upd
      [30/09/2009 00:14|---------|77428] Z:\57445745avv.gem
      [30/09/2009 00:14|---------|326964] Z:\57455746.upd
      [30/09/2009 00:14|---------|91060] Z:\57455746avv.gem
      [30/09/2009 00:14|---------|204843] Z:\57465747.upd
      [30/09/2009 00:14|---------|34460] Z:\57465747avv.gem
      [30/09/2009 00:14|---------|146436] Z:\57475748.upd
      [30/09/2009 00:14|---------|26708] Z:\57475748avv.gem
      [30/09/2009 00:14|---------|180552] Z:\57485749.upd
      [30/09/2009 00:14|---------|29068] Z:\57485749avv.gem
      [30/09/2009 00:14|---------|343449] Z:\57495750.upd
      [30/09/2009 00:14|---------|167972] Z:\57495750avv.gem
      [30/09/2009 00:14|---------|246433] Z:\57505751.upd
      [30/09/2009 00:14|---------|44980] Z:\57505751avv.gem
      [30/09/2009 00:14|---------|271217] Z:\57515752.upd
      [30/09/2009 00:14|---------|83748] Z:\57515752avv.gem
      [30/09/2009 00:14|---------|276570] Z:\57525753.upd
      [30/09/2009 00:14|---------|48332] Z:\57525753avv.gem
      [30/09/2009 00:14|---------|298677] Z:\57535754.upd
      [30/09/2009 00:14|---------|124212] Z:\57535754avv.gem
      [30/09/2009 00:14|---------|366436] Z:\57545755.upd
      [30/09/2009 00:14|---------|175844] Z:\57545755avv.gem
      [30/09/2009 00:13|---------|320829] Z:\57555756.upd
      [30/09/2009 00:13|---------|131972] Z:\57555756avv.gem
      [21/08/2006 23:14|---------|5059786] Z:\avvdat-4834.zip
      [18/09/2006 23:05|---------|5154498] Z:\avvdat-4854.zip
      [19/09/2006 23:06|---------|5158970] Z:\avvdat-4855.zip
      [02/12/2006 00:05|---------|5350818] Z:\avvdat-4909.zip
      [05/12/2006 00:08|---------|5356650] Z:\avvdat-4910.zip
      [06/12/2006 00:08|---------|5362354] Z:\avvdat-4911.zip
      [12/12/2006 00:04|---------|5373522] Z:\avvdat-4916.zip
      [12/01/2007 00:06|---------|5426226] Z:\avvdat-4937.zip
      [13/02/2007 00:07|---------|6089834] Z:\avvdat-4961.zip
      [21/02/2007 00:06|---------|6112858] Z:\avvdat-4967.zip
      [14/09/2007 23:04|---------|9271210] Z:\avvdat-5120.zip
      [31/03/2009 14:44|---------|50708073] Z:\avvdat-5568.zip
      [30/07/2009 23:10|---------|54740286] Z:\avvdat-5693.zip
      [30/09/2009 00:13|---------|58049611] Z:\avvdat-5756.zip
      [30/09/2009 00:13|---------|3636] Z:\catalog.z
      [30/09/2009 00:15|---------|54] Z:\ceu.ini
      [11/05/2006 11:16|---------|7593167] Z:\dat-4759.zip
      [06/07/2006 23:03|---------|7902220] Z:\dat-4801.zip
      [21/08/2006 23:14|---------|8118286] Z:\dat-4834.zip
      [18/09/2006 23:05|---------|8245356] Z:\dat-4854.zip
      [19/09/2006 23:06|---------|8253149] Z:\dat-4855.zip
      [02/12/2006 00:05|---------|8573107] Z:\dat-4909.zip
      [05/12/2006 00:08|---------|8583904] Z:\dat-4910.zip
      [06/12/2006 00:08|---------|8592382] Z:\dat-4911.zip
      [12/12/2006 00:04|---------|8611614] Z:\dat-4916.zip
      [12/01/2007 00:06|---------|8704881] Z:\dat-4937.zip
      [13/02/2007 00:07|---------|9431120] Z:\dat-4961.zip
      [21/02/2007 00:06|---------|9463768] Z:\dat-4967.zip
      [14/09/2007 23:04|---------|13338533] Z:\dat-5120.zip
      [31/03/2009 14:44|---------|58168029] Z:\dat-5568.zip
      [30/07/2009 23:10|---------|63751342] Z:\dat-5693.zip
      [30/09/2009 00:13|---------|68067122] Z:\dat-5756.zip
      [30/09/2009 00:13|---------|49772] Z:\datinstall.mcs
      [30/09/2009 00:15|---------|1340] Z:\delta.ini
      [30/09/2009 00:15|---------|21116] Z:\extradat.mcs
      [30/09/2009 00:15|---------|2314] Z:\gdeltaavv.ini
      [30/09/2009 00:15|---------|6405] Z:\Replica.log
      [27/04/2006 14:01|---------|6055406] Z:\scm-4489.zip
      [30/09/2009 00:15|---------|467704] Z:\scmdat.pdb
      [05/10/2006 14:29|---------|8935750] Z:\sdat4866.exe
      [29/07/2009 14:08|---------|112289103] Z:\sdat5691.exe
      [30/09/2009 03:23|---------|118] Z:\SiteStat.xml
      [29/07/2009 14:33|---------|97542] Z:\SuperDAT.log
      [30/09/2009 00:15|---------|1287] Z:\update.ini
      [30/09/2009 00:15|---------|81516] Z:\V2datdet.mcs
      [30/09/2009 00:15|---------|87556] Z:\V2datinstall.mcs

      ################## | Vaccination |

      # C:\autorun.inf -> Folder created by UsbFix.
      # D:\autorun.inf -> Folder created by UsbFix.
      # S:\autorun.inf -> Folder created by UsbFix.
      # U:\autorun.inf -> Folder created by UsbFix.
      # X:\autorun.inf -> Folder created by UsbFix.
      # Y:\autorun.inf -> Folder created by UsbFix.

      ################## | Upload |

      Veuillez envoyer le fichier : D:\DOCUME~1\ohurel\Bureau\UsbFix_Upload_Me_UCPA_DOM.zip : https://www.androidworld.fr/
      Merci pour votre contribution .
      0
  7. Utilisateur anonyme
     
    as tu executer ccliner ?
    0
    1. grisonnant28
       
      bonsoir
      oui mais ya pas eu de rapport

      a tout de suite

      grisonannt28
      0
  8. Utilisateur anonyme
     
    relance MBAM
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Une fois la mise à jour terminé
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. grisonnant28
       
      bonsoir

      y a encore une clef de registre infectée par le worm.malaga .
      voici le rapport
      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2775
      Windows 5.1.2600 Service Pack 3

      30/09/2009 16:33:08
      mbam-log-2009-09-30 (16-33-04).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 171700
      Temps écoulé: 18 minute(s), 1 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  9. Utilisateur anonyme
     
    • Télécharge OtmoveIT (de Old_Timer) sur ton Bureau

    https://www.androidworld.fr/

    (c est le numéro 7 en bas de la page) :

    * Double-clique sur OTMoveIt.exe pour le lancer.

    * Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

    * Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    :reg
    HKEY_CLASSES_ROOT\CLSID\MADOWN

    :Commands
    [emptytemp]
    [purity]
    [start explorer]
    [Reboot]


    # clique sur MoveIt! pour lancer la suppression.

    # Le résultat apparaitra dans le cadre "Results".

    # Clique sur Exit pour fermer.

    # Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    # Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    0
    1. grisonnant28
       
      bonsoir
      Voici le dernier rapport de malwarebytes qui ne trouve plus rien.
      Mon PC était -il bien infecté ?
      Ce ver ne reviendra t-il pas sur mon poste ?
      merci de me répondre

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2775
      Windows 5.1.2600 Service Pack 3

      30/09/2009 17:49:55
      mbam-log-2009-09-30 (17-49-55).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 171229
      Temps écoulé: 20 minute(s), 18 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)


      a bientot et merci pour tout



      C'est bien terminé pour les manipulations ?


      grisonnant 28
      0
  10. Utilisateur anonyme
     
    que des clés de registre infectéées,
    j'ai quand même un doute sur tous ces fichiers :

    [11/05/2006 11:16|---------|192311] Z:\47444745.upd
    [06/07/2006 23:03|---------|244509] Z:\47864787.upd
    [21/08/2006 23:14|---------|137094] Z:\48194820.upd
    [21/08/2006 23:14|---------|22820] Z:\48194820avv.gem
    [18/09/2006 23:06|---------|199394] Z:\48394840.upd
    [18/09/2006 23:06|---------|23380] Z:\48394840avv.gem
    [19/09/2006 23:07|---------|183863] Z:\48404841.upd
    [19/09/2006 23:07|---------|21628] Z:\48404841avv.gem
    [02/12/2006 00:06|---------|202036] Z:\48944895.upd
    [02/12/2006 00:06|---------|24588] Z:\48944895avv.gem
    [05/12/2006 00:08|---------|196306] Z:\48954896.upd
    [05/12/2006 00:08|---------|31900] Z:\48954896avv.gem
    [06/12/2006 00:09|---------|179405] Z:\48964897.upd
    [06/12/2006 00:09|---------|22388] Z:\48964897avv.gem
    [12/12/2006 00:04|---------|171819] Z:\49014902.upd
    [12/12/2006 00:04|---------|15572] Z:\49014902avv.gem
    [12/01/2007 00:06|---------|137827] Z:\49224923.upd
    [12/01/2007 00:06|---------|42228] Z:\49224923avv.gem
    [13/02/2007 00:08|---------|125412] Z:\49464947.upd
    [13/02/2007 00:08|---------|48084] Z:\49464947avv.gem
    [21/02/2007 00:07|---------|144530] Z:\49524953.upd
    [21/02/2007 00:07|---------|45148] Z:\49524953avv.gem
    [14/09/2007 23:05|---------|221464] Z:\51055106.upd
    [14/09/2007 23:05|---------|31756] Z:\51055106avv.gem
    [31/03/2009 14:44|---------|193649] Z:\55535554.upd
    [31/03/2009 14:45|---------|116548] Z:\55535554avv.gem
    [31/03/2009 14:44|---------|326874] Z:\55545555.upd
    [31/03/2009 14:44|---------|88812] Z:\55545555avv.gem
    [31/03/2009 14:44|---------|551983] Z:\55555556.upd
    [31/03/2009 14:44|---------|304948] Z:\55555556avv.gem
    [31/03/2009 14:44|---------|371976] Z:\55565557.upd
    [31/03/2009 14:44|---------|193436] Z:\55565557avv.gem
    [31/03/2009 14:44|---------|460546] Z:\55575558.upd
    [31/03/2009 14:44|---------|255404] Z:\55575558avv.gem
    [31/03/2009 14:44|---------|477915] Z:\55585559.upd
    [31/03/2009 14:44|---------|250100] Z:\55585559avv.gem
    [31/03/2009 14:44|---------|566898] Z:\55595560.upd
    [31/03/2009 14:44|---------|490772] Z:\55595560avv.gem
    [31/03/2009 14:44|---------|291340] Z:\55605561.upd
    [31/03/2009 14:44|---------|211476] Z:\55605561avv.gem
    [31/03/2009 14:44|---------|354148] Z:\55615562.upd
    [31/03/2009 14:44|---------|107356] Z:\55615562avv.gem
    [31/03/2009 14:44|---------|374586] Z:\55625563.upd
    [31/03/2009 14:44|---------|168804] Z:\55625563avv.gem
    [31/03/2009 14:44|---------|525826] Z:\55635564.upd
    [31/03/2009 14:44|---------|275764] Z:\55635564avv.gem
    [31/03/2009 14:44|---------|368384] Z:\55645565.upd
    [31/03/2009 14:44|---------|143060] Z:\55645565avv.gem
    [31/03/2009 14:44|---------|474353] Z:\55655566.upd
    [31/03/2009 14:44|---------|212876] Z:\55655566avv.gem
    [31/03/2009 14:44|---------|272046] Z:\55665567.upd
    [31/03/2009 14:44|---------|192892] Z:\55665567avv.gem
    [31/03/2009 14:44|---------|148190] Z:\55675568.upd
    [31/03/2009 14:44|---------|72204] Z:\55675568avv.gem
    [30/07/2009 23:11|---------|216756] Z:\56585659avv.gem
    [30/07/2009 23:11|---------|173972] Z:\56595660avv.gem
    [30/07/2009 23:11|---------|53716] Z:\56605661avv.gem
    [30/07/2009 23:11|---------|205164] Z:\56615662avv.gem
    [30/07/2009 23:11|---------|316620] Z:\56625663avv.gem
    [30/07/2009 23:10|---------|229872] Z:\56785679.upd
    [30/07/2009 23:10|---------|336749] Z:\56795680.upd
    [30/07/2009 23:10|---------|357160] Z:\56805681.upd
    [30/07/2009 23:10|---------|329761] Z:\56815682.upd
    [30/07/2009 23:10|---------|385380] Z:\56825683.upd
    [30/09/2009 00:14|---------|141340] Z:\57215722avv.gem
    [30/09/2009 00:14|---------|155660] Z:\57225723avv.gem
    [30/09/2009 00:14|---------|376508] Z:\57235724avv.gem
    [30/09/2009 00:14|---------|387404] Z:\57245725avv.gem
    [30/09/2009 00:14|---------|423548] Z:\57255726avv.gem
    [30/09/2009 00:14|---------|127676] Z:\57265727avv.gem
    [30/09/2009 00:14|---------|265572] Z:\57275728avv.gem
    [30/09/2009 00:14|---------|1156] Z:\57285729avv.gem
    [30/09/2009 00:14|---------|244860] Z:\57295730avv.gem
    [30/09/2009 00:14|---------|125724] Z:\57305731avv.gem
    [30/09/2009 00:14|---------|130460] Z:\57315732avv.gem
    [30/09/2009 00:14|---------|238084] Z:\57325733avv.gem
    [30/09/2009 00:14|---------|171124] Z:\57335734avv.gem
    [30/09/2009 00:14|---------|61196] Z:\57345735avv.gem
    [30/09/2009 00:14|---------|52228] Z:\57355736avv.gem
    [30/09/2009 00:14|---------|59804] Z:\57365737avv.gem
    [30/09/2009 00:14|---------|129932] Z:\57375738avv.gem
    [30/09/2009 00:14|---------|90764] Z:\57385739avv.gem
    [30/09/2009 00:14|---------|75988] Z:\57395740avv.gem
    [30/09/2009 00:14|---------|34660] Z:\57405741avv.gem
    [30/09/2009 00:14|---------|305788] Z:\57415742.upd
    [30/09/2009 00:14|---------|137772] Z:\57415742avv.gem
    [30/09/2009 00:14|---------|304841] Z:\57425743.upd
    [30/09/2009 00:14|---------|114780] Z:\57425743avv.gem
    [30/09/2009 00:14|---------|316830] Z:\57435744.upd
    [30/09/2009 00:14|---------|101460] Z:\57435744avv.gem
    [30/09/2009 00:14|---------|310757] Z:\57445745.upd
    [30/09/2009 00:14|---------|77428] Z:\57445745avv.gem
    [30/09/2009 00:14|---------|326964] Z:\57455746.upd
    [30/09/2009 00:14|---------|91060] Z:\57455746avv.gem
    [30/09/2009 00:14|---------|204843] Z:\57465747.upd
    [30/09/2009 00:14|---------|34460] Z:\57465747avv.gem
    [30/09/2009 00:14|---------|146436] Z:\57475748.upd
    [30/09/2009 00:14|---------|26708] Z:\57475748avv.gem
    [30/09/2009 00:14|---------|180552] Z:\57485749.upd
    [30/09/2009 00:14|---------|29068] Z:\57485749avv.gem
    [30/09/2009 00:14|---------|343449] Z:\57495750.upd
    [30/09/2009 00:14|---------|167972] Z:\57495750avv.gem
    [30/09/2009 00:14|---------|246433] Z:\57505751.upd
    [30/09/2009 00:14|---------|44980] Z:\57505751avv.gem
    [30/09/2009 00:14|---------|271217] Z:\57515752.upd
    [30/09/2009 00:14|---------|83748] Z:\57515752avv.gem
    [30/09/2009 00:14|---------|276570] Z:\57525753.upd
    [30/09/2009 00:14|---------|48332] Z:\57525753avv.gem
    [30/09/2009 00:14|---------|298677] Z:\57535754.upd
    [30/09/2009 00:14|---------|124212] Z:\57535754avv.gem
    [30/09/2009 00:14|---------|366436] Z:\57545755.upd
    [30/09/2009 00:14|---------|175844] Z:\57545755avv.gem
    [30/09/2009 00:13|---------|320829] Z:\57555756.upd
    [30/09/2009 00:13|---------|131972] Z:\57555756avv.gem
    [21/08/2006 23:14|---------|5059786] Z:\avvdat-4834.zip
    [18/09/2006 23:05|---------|5154498] Z:\avvdat-4854.zip
    [19/09/2006 23:06|---------|5158970] Z:\avvdat-4855.zip
    [02/12/2006 00:05|---------|5350818] Z:\avvdat-4909.zip
    [05/12/2006 00:08|---------|5356650] Z:\avvdat-4910.zip
    [06/12/2006 00:08|---------|5362354] Z:\avvdat-4911.zip
    [12/12/2006 00:04|---------|5373522] Z:\avvdat-4916.zip
    [12/01/2007 00:06|---------|5426226] Z:\avvdat-4937.zip
    [13/02/2007 00:07|---------|6089834] Z:\avvdat-4961.zip
    [21/02/2007 00:06|---------|6112858] Z:\avvdat-4967.zip
    [14/09/2007 23:04|---------|9271210] Z:\avvdat-5120.zip
    [31/03/2009 14:44|---------|50708073] Z:\avvdat-5568.zip
    [30/07/2009 23:10|---------|54740286] Z:\avvdat-5693.zip
    [30/09/2009 00:13|---------|58049611] Z:\avvdat-5756.zip

    je n'ai rien trouvé sur internet sur ces fichiers, je ne sais pas s'ils sont liés à ton activité dans l'entreprise et je ne vaux pas les supprimer.
    par conre, il faut virer la quarentaine de MBAM:
    relance mban et vide la quarentaine.

    puis utilise ce logiciel pour virer les outils de désinfection :

    Télécharge OTC de Old Timer.

    http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/

    Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
    Clique sur le bouton "CleanUp!" .
    Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche.
    Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
    L'outil va se supprimer lui-même une fois la fin de l'opération.
    Sinon, supprime les manuellement

    si tu veux retéléchetgaer MBAM, fait le après la désinstallation .

    puis :

    Désactivation, puis Réactivation de la restauration système après désinfection :

    Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
    Pour XP : https://www.commentcamarche.net/faq/5097-virus-system-volume-information
    Pour Vista : https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista

    je te conseille de faire un nouveau point de reasauration ;-)
    0