Sujet Précédent Sujet Suivant

PC qui ram a mort

Fermé
Tigamo - 30 janv. 2010 à 20:56
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 31 janv. 2010 à 00:08
Bonjour,
je suis chez des amis et leur pc portable ram et j'ai besoin d'aide pour eliminer les virus

merci bcp
A voir également:

13 réponses

Réponse 1 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
30 janv. 2010 à 20:57
Salut Tigamo


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++ :)
0
Réponse 2 / 13
Tigamo
30 janv. 2010 à 21:04
voila le premier

Logfile of random's system information tool 1.06 (written by random/random)
Run by FABRICE at 2010-01-30 20:59:36
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 56 GB (54%) free of 103 GB
Total RAM: 895 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:56, on 30/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Coala\local\bin\CoalaWatcher\CoalaWatcher.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\FABRICE\Bureau\RSIT.exe
C:\Program Files\trend micro\FABRICE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] F:\PdtGuide.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77C0EA11-EFC1-41CC-A9C4-23E0F6845D0A}: NameServer = 192.168.178.1,195.154.193.55
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: CoalaWatcher - - C:\Coala\local\bin\CoalaWatcher\CoalaWatcher.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
0
Réponse 3 / 13
Tigamo
30 janv. 2010 à 21:07
voici le deuxieme

info.txt logfile of random's system information tool 1.06 2010-01-30 20:59:58

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
-->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Agere Systems HDA Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B14-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATnotes Version 9.5-->"C:\Program Files\ATnotes\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CANAL+ CANALSAT A LA DEMANDE-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
ccc-Branding-->MsiExec.exe /I{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Credential Manager for HP ProtectTools-->MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
Drive Encryption for HP ProtectTools-->MsiExec.exe /X{1CF925D3-1E33-4447-889B-0751D2CF886D}
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESDX5000_CX4900 Guide d’utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\setup.exe" -l0x40c UNINSTALL
HP BIOS Configuration for ProtectTools-->MsiExec.exe /X{617093CF-0B62-4B8B-87D0-DB8FD2A5156B}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
hp officejet g series-->C:\WINDOWS\system32\hpocon09.exe /u 1243362763 /d "hp officejet g series"
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 F2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c -removeonly uninst
HP Share-to-Web-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l1036
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0064-->MsiExec.exe /I{E25AA53F-6878-4C64-8130-EB8D678DF303}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
Installation de HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 5.0.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logiciel d'impression photo HP-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft SQL Server 2005 (GLOBALAJ)-->MsiExec.exe /I{16BBCDA8-C8E0-4E39-9D95-1E3274917D22}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Motic Images Plus 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06960020-59A4-11D5-9721-00B0D03F1A43}\setup.exe" -l0x40c
Motic Trace-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7B5D2DA-858E-4530-B7E5-487B5F058076}\Setup.exe" -l0x9
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
Plus de 200 000 Cliparts et Photos-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D01940CE-8BD3-4258-B4E2-42F185AE1968}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SLOW-PCfighter-->C:\Program Files\Fighters\SLOW-PCfighter\Uninstall.exe
SLOW-PCfighter-->MsiExec.exe /X{674756A1-D4E6-445C-959B-AD8D0C03FABC}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======System event log======

Computer Name: MOTIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater.

Record Number: 19801
Source Name: Service Control Manager
Time Written: 20091229101053.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MOTIC
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 19800
Source Name: Service Control Manager
Time Written: 20091229101031.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 19799
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 19798
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MOTIC
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 19797
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: MOTIC
Event Code: 26037
Message: La bibliothèque des interfaces réseau SQL n'a pas pu enregistrer le nom principal de service pour le service SQL Server. Erreur : 0x54b, état : 3. Cela peut entraîner l'authentification intégrée via NTLM à la place de Kerberos. Ce message est un message d'information. Une action est requise uniquement si l'authentification Kerberos est nécessaire pour les stratégies d'authentification.

Record Number: 18724
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 17199
Message: La prise en charge de connexion administrateur dédiée n'a pas démarré parce qu'elle n'est pas disponible dans cette édition de SQL Server. Ce message est fourni uniquement à titre d'information. Aucune action n'est requise de la part de l'utilisateur.

Record Number: 18723
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26028
Message: Le fournisseur de canaux nommés du serveur est prêt à accepter la connexion sur [\\.\pipe\MSSQL$GLOBALAJ\sql\query].

Record Number: 18722
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26048
Message: Le fournisseur de connexions locales du serveur est prêt à accepter la connexion sur [ \\.\pipe\SQLLocal\GLOBALAJ ].

Record Number: 18721
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26022
Message: Le serveur écoute sur [ 'any' <ipv4> 1062].

Record Number: 18720
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;c:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\;C:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=c:\Program Files\Fichiers communs\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 4 / 13
Tigamo
30 janv. 2010 à 21:07
voici le deuxieme

info.txt logfile of random's system information tool 1.06 2010-01-30 20:59:58

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
-->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Agere Systems HDA Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B14-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATnotes Version 9.5-->"C:\Program Files\ATnotes\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CANAL+ CANALSAT A LA DEMANDE-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
ccc-Branding-->MsiExec.exe /I{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Credential Manager for HP ProtectTools-->MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
Drive Encryption for HP ProtectTools-->MsiExec.exe /X{1CF925D3-1E33-4447-889B-0751D2CF886D}
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESDX5000_CX4900 Guide d’utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\setup.exe" -l0x40c UNINSTALL
HP BIOS Configuration for ProtectTools-->MsiExec.exe /X{617093CF-0B62-4B8B-87D0-DB8FD2A5156B}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
hp officejet g series-->C:\WINDOWS\system32\hpocon09.exe /u 1243362763 /d "hp officejet g series"
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 F2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c -removeonly uninst
HP Share-to-Web-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l1036
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0064-->MsiExec.exe /I{E25AA53F-6878-4C64-8130-EB8D678DF303}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
Installation de HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 5.0.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logiciel d'impression photo HP-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft SQL Server 2005 (GLOBALAJ)-->MsiExec.exe /I{16BBCDA8-C8E0-4E39-9D95-1E3274917D22}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Motic Images Plus 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06960020-59A4-11D5-9721-00B0D03F1A43}\setup.exe" -l0x40c
Motic Trace-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7B5D2DA-858E-4530-B7E5-487B5F058076}\Setup.exe" -l0x9
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
Plus de 200 000 Cliparts et Photos-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D01940CE-8BD3-4258-B4E2-42F185AE1968}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SLOW-PCfighter-->C:\Program Files\Fighters\SLOW-PCfighter\Uninstall.exe
SLOW-PCfighter-->MsiExec.exe /X{674756A1-D4E6-445C-959B-AD8D0C03FABC}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======System event log======

Computer Name: MOTIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater.

Record Number: 19801
Source Name: Service Control Manager
Time Written: 20091229101053.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MOTIC
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 19800
Source Name: Service Control Manager
Time Written: 20091229101031.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 19799
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 19798
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MOTIC
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 19797
Source Name: Service Control Manager
Time Written: 20091229101030.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: MOTIC
Event Code: 26037
Message: La bibliothèque des interfaces réseau SQL n'a pas pu enregistrer le nom principal de service pour le service SQL Server. Erreur : 0x54b, état : 3. Cela peut entraîner l'authentification intégrée via NTLM à la place de Kerberos. Ce message est un message d'information. Une action est requise uniquement si l'authentification Kerberos est nécessaire pour les stratégies d'authentification.

Record Number: 18724
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 17199
Message: La prise en charge de connexion administrateur dédiée n'a pas démarré parce qu'elle n'est pas disponible dans cette édition de SQL Server. Ce message est fourni uniquement à titre d'information. Aucune action n'est requise de la part de l'utilisateur.

Record Number: 18723
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26028
Message: Le fournisseur de canaux nommés du serveur est prêt à accepter la connexion sur [\\.\pipe\MSSQL$GLOBALAJ\sql\query].

Record Number: 18722
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26048
Message: Le fournisseur de connexions locales du serveur est prêt à accepter la connexion sur [ \\.\pipe\SQLLocal\GLOBALAJ ].

Record Number: 18721
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

Computer Name: MOTIC
Event Code: 26022
Message: Le serveur écoute sur [ 'any' <ipv4> 1062].

Record Number: 18720
Source Name: MSSQL$GLOBALAJ
Time Written: 20100102173731.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;c:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\;C:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=c:\Program Files\Fichiers communs\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
30 janv. 2010 à 21:13
Salut Tigamo


Télécharge et installe UsbFix par El Desaparecido , C_XX & Chimay8
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


@++ :)
0
Réponse 6 / 13
Tigamo
30 janv. 2010 à 21:33
############################## | UsbFix V6.083 |

User : FABRICE (Administrateurs) # MOTIC
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:29:15 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Turion(tm) 64 X2 Mobile Technology TL-58
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 100,93 Go (54,36 Go free) # NTFS
D:\ -> Disque CD-ROM # 4,38 Go (0 Mo free) [croisière 2] # UDF
E:\ -> Disque fixe local # 10,85 Go (10,59 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque fixe local # 931,51 Go (833,47 Go free) [OneTouch Domicile] # NTFS
G:\ -> Disque amovible # 14,9 Go (2,31 Mo free) [USB DISK] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 832
C:\WINDOWS\system32\csrss.exe 900
C:\WINDOWS\system32\winlogon.exe 932
C:\WINDOWS\system32\services.exe 984
C:\WINDOWS\system32\lsass.exe 1028
C:\WINDOWS\System32\svchost.exe 1176
C:\WINDOWS\system32\Ati2evxx.exe 1216
C:\WINDOWS\system32\svchost.exe 1240
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1312
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\System32\svchost.exe 1412
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1444
C:\WINDOWS\system32\svchost.exe 1536
C:\WINDOWS\system32\svchost.exe 1572
C:\WINDOWS\system32\Ati2evxx.exe 1796
C:\WINDOWS\system32\spoolsv.exe 1884
C:\WINDOWS\system32\msdtc.exe 500
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 572
C:\Program Files\Bonjour\mDNSResponder.exe 584
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 628
C:\Coala\local\bin\CoalaWatcher\CoalaWatcher.exe 764
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe 1268
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 1496
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1672
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe 1592
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 240
C:\Program Files\PDF Complete\pdfsvc.exe 288
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 404
C:\WINDOWS\System32\svchost.exe 600
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 664
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 1728
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2064
C:\WINDOWS\system32\svchost.exe 2120
C:\WINDOWS\system32\UTSCSI.EXE 2148
C:\Program Files\UltraVNC\WinVNC.exe 2184
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2236
C:\WINDOWS\system32\mqsvc.exe 2288
C:\WINDOWS\system32\mqtgsvc.exe 2500
C:\WINDOWS\System32\svchost.exe 2616
C:\WINDOWS\System32\alg.exe 2880
C:\WINDOWS\System32\SCardSvr.exe 3168
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe 3764
C:\WINDOWS\Explorer.EXE 3808
C:\Program Files\Analog Devices\Core\smax4pnp.exe 4000
C:\Program Files\PDF Complete\pdfsty.exe 4080
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE 1488
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1684
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 1652
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 2040
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 420
C:\WINDOWS\SMINST\Scheduler.exe 748
C:\WINDOWS\system32\AccelerometerSt.exe 2568
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2736
C:\WINDOWS\system32\wbem\wmiprvse.exe 2748
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 2836
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 2944
C:\Program Files\iTunes\iTunesHelper.exe 3080
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe 3452
C:\WINDOWS\system32\ctfmon.exe 3460
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE 3464
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe 3540
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3624
C:\Program Files\Messenger\msmsgs.exe 3696
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE 3704
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 3724
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe 740
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe 140
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe 3976
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe 1132
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 3304
C:\Program Files\iPod\bin\iPodService.exe 4572
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 5748
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe 4152
C:\Program Files\Internet Explorer\iexplore.exe 4396
C:\Program Files\Windows Live\Toolbar\wltuser.exe 3432
C:\Program Files\Outlook Express\msimn.exe 5972
C:\Program Files\Internet Explorer\iexplore.exe 2904
C:\WINDOWS\system32\wbem\wmiprvse.exe 4524

################## | Elements infectieux |

C:\WINDOWS\autorun.ini
C:\DOCUME~1\FABRICE\LOCALS~1\Temp\Run.exe
E:\autorun.inf
F:\autorun.inf

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{1241e2bc-8f66-11de-96fd-001a73ee2877}
Shell\Open(&0)\command =F:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{2eee7592-8e80-11de-96fa-001a73ee2877}
Shell\Open(&0)\command =F:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{3aa6c6be-d946-11dc-965b-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

HKCU\..\..\Explorer\MountPoints2\{8257bd46-040b-11df-9792-001a73ee2877}
Shell\AutoRun\command =F:\Run.exe

HKCU\..\..\Explorer\MountPoints2\{b0c09f85-8e82-11de-96fb-001a73ee2877}
Shell\AutoRun\command =F:\PdtGuide.exe

HKCU\..\..\Explorer\MountPoints2\{c94d1fc0-01fe-11df-978e-001a73ee2877}
Shell\AutoRun\command =F:\Run.exe

HKCU\..\..\Explorer\MountPoints2\{d2354947-8f21-11de-96fc-001a4b8ce619}
Shell\AutoRun\command =I:\LaunchU3.exe -a

################## | ! Fin du rapport # UsbFix V6.083 ! |
0
Réponse 7 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
30 janv. 2010 à 21:46
Salut Tigamo


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, caméra, Carte SD, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaîtra et le pc redémarrera.

• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


@++ :)
0
Réponse 8 / 13
Tigamo
30 janv. 2010 à 22:12
############################## | UsbFix V6.083 |

User : FABRICE (Administrateurs) # MOTIC
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:55:09 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Turion(tm) 64 X2 Mobile Technology TL-58
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 100,93 Go (54,31 Go free) # NTFS
D:\ -> Disque CD-ROM # 4,38 Go (0 Mo free) [croisière 2] # UDF
E:\ -> Disque fixe local # 10,85 Go (10,59 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque fixe local # 931,51 Go (833,47 Go free) [OneTouch Domicile] # NTFS
G:\ -> Disque amovible # 14,9 Go (2,31 Mo free) [USB DISK] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 820
C:\WINDOWS\system32\csrss.exe 900
C:\WINDOWS\system32\winlogon.exe 932
C:\WINDOWS\system32\services.exe 984
C:\WINDOWS\system32\lsass.exe 996
C:\WINDOWS\System32\svchost.exe 1168
C:\WINDOWS\system32\Ati2evxx.exe 1204
C:\WINDOWS\system32\svchost.exe 1228
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1300
C:\WINDOWS\system32\logonui.exe 1344
C:\WINDOWS\system32\svchost.exe 1392
C:\WINDOWS\System32\svchost.exe 1440
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1476
C:\WINDOWS\system32\svchost.exe 1536
C:\WINDOWS\system32\Ati2evxx.exe 1592
C:\WINDOWS\system32\svchost.exe 1688
C:\WINDOWS\system32\spoolsv.exe 1972
C:\WINDOWS\system32\msdtc.exe 564
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 632
C:\Program Files\Bonjour\mDNSResponder.exe 652
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 688
C:\Coala\local\bin\CoalaWatcher\CoalaWatcher.exe 864
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe 1568
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 1676
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1816
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe 1128
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 248
C:\Program Files\PDF Complete\pdfsvc.exe 1576
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 516
C:\WINDOWS\System32\svchost.exe 760
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 828
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 2068
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2096
C:\WINDOWS\system32\svchost.exe 2172
C:\WINDOWS\system32\UTSCSI.EXE 2196
C:\Program Files\UltraVNC\WinVNC.exe 2228
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2292
C:\WINDOWS\system32\mqsvc.exe 2316
C:\WINDOWS\system32\mqtgsvc.exe 2536
C:\WINDOWS\System32\svchost.exe 2644
C:\WINDOWS\System32\alg.exe 2892
C:\WINDOWS\System32\SCardSvr.exe 3156
C:\WINDOWS\system32\userinit.exe 3776
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe 3876
C:\WINDOWS\Explorer.EXE 3900
C:\WINDOWS\system32\wbem\wmiprvse.exe 3068

################## | Elements infectieux |

Supprimé ! C:\WINDOWS\autorun.ini
Supprimé ! C:\DOCUME~1\FABRICE\LOCALS~1\Temp\Run.exe
Supprimé ! C:\Recycler\S-1-5-21-117609710-706699826-839522115-500
Supprimé ! C:\Recycler\S-1-5-21-1397966659-2045198256-682449973-500
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1007
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1008
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-500
Supprimé ! E:\autorun.inf
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1007
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1008
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-500
Supprimé ! F:\autorun.inf
Supprimé ! F:\$Recycle.Bin\S-1-5-21-1978742474-1593193642-2263009649-1000
Supprimé ! F:\Recycler\S-1-5-21-2664800652-1252163766-3786886765-1115
Supprimé ! F:\Recycler\S-1-5-21-4223334480-4169191501-1924559394-1005

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{1241e2bc-8f66-11de-96fd-001a73ee2877}\Shell\Open(&0)\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2eee7592-8e80-11de-96fa-001a73ee2877}\Shell\Open(&0)\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8257bd46-040b-11df-9792-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b0c09f85-8e82-11de-96fb-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c94d1fc0-01fe-11df-978e-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d2354947-8f21-11de-96fc-001a4b8ce619}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/02/2008 09:38|-rahs----|224] C:\boot.ini
[05/08/2004 09:00|-rahs----|4952] C:\Bootfont.bin
[24/09/2009 17:21|--a------|40960] C:\HTGD0003.exe
[12/02/2008 14:14|-rahs----|0] C:\IO.SYS
[12/02/2008 14:14|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 09:00|--ahs----|47564] C:\ntdetect.com
[05/08/2004 09:00|--ahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[16/11/2009 17:38|--a------|13030] C:\PDOXUSRS.NET
[07/01/2009 21:03|--a------|594] C:\updatedatfix.log
[30/01/2010 22:02|--a------|5404] C:\UsbFix.txt
[26/08/2009 17:08|-r-------|68878336] D:\20090611181246.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611181246.modd
[26/08/2009 17:01|-r-------|148308] D:\DSC00148.JPG
[26/08/2009 17:01|-r-------|149465] D:\DSC00149.JPG
[26/08/2009 17:08|-r-------|37912576] D:\20090611181959.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611181959.modd
[26/08/2009 17:08|-r-------|63930368] D:\20090611182542.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611182542.modd
[26/08/2009 17:01|-r-------|152666] D:\DSC00150.JPG
[26/08/2009 17:01|-r-------|153847] D:\DSC00151.JPG
[26/08/2009 17:08|-r-------|101023744] D:\20090612102755.mpg
[26/08/2009 17:08|-r-------|385] D:\20090612102755.modd
[26/08/2009 17:08|-r-------|30146560] D:\20090612110158.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612110158.modd
[26/08/2009 17:08|-r-------|39944192] D:\20090612110405.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612110405.modd
[26/08/2009 17:01|-r-------|137326] D:\DSC00152.JPG
[26/08/2009 17:01|-r-------|153333] D:\DSC00153.JPG
[26/08/2009 17:01|-r-------|152737] D:\DSC00154.JPG
[26/08/2009 17:01|-r-------|145910] D:\DSC00155.JPG
[26/08/2009 17:01|-r-------|144083] D:\DSC00156.JPG
[26/08/2009 17:01|-r-------|154328] D:\DSC00157.JPG
[26/08/2009 17:01|-r-------|131402] D:\DSC00158.JPG
[26/08/2009 17:01|-r-------|133085] D:\DSC00159.JPG
[26/08/2009 17:01|-r-------|129697] D:\DSC00160.JPG
[26/08/2009 17:08|-r-------|59441152] D:\20090612111108.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612111108.modd
[26/08/2009 17:08|-r-------|54132736] D:\20090612111816.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612111816.modd
[26/08/2009 17:08|-r-------|59506688] D:\20090612112547.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612112547.modd
[26/08/2009 17:08|-r-------|24903680] D:\20090612112921.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612112921.modd
[26/08/2009 17:08|-r-------|68190208] D:\20090612113354.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612113354.modd
[26/08/2009 17:08|-r-------|11599872] D:\20090612113616.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612113616.modd
[26/08/2009 17:01|-r-------|150920] D:\DSC00161.JPG
[26/08/2009 17:08|-r-------|92667904] D:\20090612115345.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612115345.modd
[26/08/2009 17:08|-r-------|4816896] D:\20090612123630.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612123630.modd
[26/08/2009 17:08|-r-------|17334272] D:\20090612125632.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125632.modd
[26/08/2009 17:08|-r-------|28246016] D:\20090612125751.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125751.modd
[26/08/2009 17:08|-r-------|9928704] D:\20090612125822.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612125822.modd
[26/08/2009 17:08|-r-------|11042816] D:\20090612125855.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125855.modd
[26/08/2009 17:08|-r-------|2129920] D:\20090612125915.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612125915.modd
[26/08/2009 17:08|-r-------|17072128] D:\20090612125930.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125930.modd
[26/08/2009 17:08|-r-------|91324416] D:\20090612141047.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612141047.modd
[26/08/2009 17:01|-r-------|147445] D:\DSC00162.JPG
[26/08/2009 17:01|-r-------|150287] D:\DSC00163.JPG
[26/08/2009 17:09|-r-------|29523968] D:\20090612141609.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612141609.modd
[26/08/2009 17:09|-r-------|55803904] D:\20090612151308.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612151308.modd
[26/08/2009 17:01|-r-------|143988] D:\DSC00164.JPG
[26/08/2009 17:01|-r-------|155565] D:\DSC00165.JPG
[26/08/2009 17:01|-r-------|142975] D:\DSC00166.JPG
[26/08/2009 17:01|-r-------|144599] D:\DSC00167.JPG
[26/08/2009 17:01|-r-------|148032] D:\DSC00168.JPG
[26/08/2009 17:09|-r-------|22249472] D:\20090612154141.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612154141.modd
[26/08/2009 17:09|-r-------|67502080] D:\20090612154517.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612154517.modd
[26/08/2009 17:09|-r-------|53116928] D:\20090612155024.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612155024.modd
[26/08/2009 17:09|-r-------|90669056] D:\20090713173358.mpg
[26/08/2009 17:09|-r-------|384] D:\20090713173358.modd
[26/08/2009 17:09|-r-------|21004288] D:\20090713173632.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713173632.modd
[26/08/2009 17:09|-r-------|9011200] D:\20090713173712.mpg
[26/08/2009 17:09|-r-------|382] D:\20090713173712.modd
[26/08/2009 17:09|-r-------|7766016] D:\20090713173726.mpg
[26/08/2009 17:09|-r-------|381] D:\20090713173726.modd
[26/08/2009 17:09|-r-------|18022400] D:\20090713173926.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713173926.modd
[26/08/2009 17:09|-r-------|28377088] D:\20090713174120.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713174120.modd
[26/08/2009 17:09|-r-------|164790272] D:\20090713174153.mpg
[26/08/2009 17:09|-r-------|385] D:\20090713174153.modd
[26/08/2009 17:09|-r-------|20512768] D:\20090713174558.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713174558.modd
[26/08/2009 17:09|-r-------|97746944] D:\20090713174627.mpg
[26/08/2009 17:09|-r-------|384] D:\20090713174627.modd
[26/08/2009 17:09|-r-------|34340864] D:\20090713175444.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713175444.modd
[26/08/2009 17:09|-r-------|28508160] D:\20090713175549.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713175549.modd
[26/08/2009 17:09|-r-------|220626944] D:\20090713175746.mpg
[26/08/2009 17:09|-r-------|385] D:\20090713175746.modd
[26/08/2009 17:09|-r-------|33193984] D:\20090713180226.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180226.modd
[26/08/2009 17:09|-r-------|57573376] D:\20090713180437.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180437.modd
[26/08/2009 17:09|-r-------|31850496] D:\20090713180658.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180658.modd
[26/08/2009 17:09|-r-------|43614208] D:\20090713180737.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180737.modd
[26/08/2009 17:09|-r-------|34537472] D:\20090713180828.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180828.modd
[26/08/2009 17:10|-r-------|40173568] D:\20090713181329.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713181329.modd
[26/08/2009 17:10|-r-------|46399488] D:\20090713181607.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713181607.modd
[26/08/2009 17:10|-r-------|162627584] D:\20090713181710.mpg
[26/08/2009 17:10|-r-------|385] D:\20090713181710.modd
[26/08/2009 17:10|-r-------|6160384] D:\20090713182023.mpg
[26/08/2009 17:10|-r-------|381] D:\20090713182023.modd
[26/08/2009 17:10|-r-------|60588032] D:\20090713182146.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713182146.modd
[26/08/2009 17:10|-r-------|132546560] D:\20090713182327.mpg
[26/08/2009 17:10|-r-------|385] D:\20090713182327.modd
[26/08/2009 17:10|-r-------|16220160] D:\20090713183724.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713183724.modd
[26/08/2009 17:10|-r-------|10649600] D:\20090713184617.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713184617.modd
[26/08/2009 17:10|-r-------|9011200] D:\20090713184834.mpg
[26/08/2009 17:10|-r-------|381] D:\20090713184834.modd
[26/08/2009 17:10|-r-------|90701824] D:\20090713184934.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713184934.modd
[26/08/2009 17:10|-r-------|47185920] D:\20090713185139.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713185139.modd
[28/07/2001 00:07|---hs----|0] E:\AUTOEXEC.BAT
[09/01/2002 13:52|---hs----|244] E:\BOOT.INI
[17/08/2001 03:26|---hs----|237728] E:\CMLDR
[28/07/2001 00:07|---hs----|0] E:\CONFIG.SYS
[01/07/2005 14:16|---hs----|102] E:\Desktop.ini
[22/11/2004 18:28|---hs----|8130] E:\Folder.htt
[30/11/2004 14:01|---hs----|73728] E:\Info.exe
[28/07/2001 00:07|---hs----|0] E:\IO.SYS
[12/02/2008 10:08|--ahs----|1230] E:\MASTER.LOG
[21/06/2005 20:22|---hs----|0] E:\MENUND
[28/07/2001 00:07|---hs----|0] E:\MSDOS.SYS
[25/07/2001 16:00|---hs----|45124] E:\NTDETECT.COM
[19/06/2001 01:53|---hs----|0] E:\NTFS
[18/05/2005 16:24|---hs----|245920] E:\NTLDR
[10/09/2002 12:58|---hs----|181616] E:\protect.ed
[28/07/2005 22:09|---hs----|36] E:\SAVEFILE.DIR
[21/10/2005 12:12|---hs----|42] E:\st_log.ini
[08/02/2002 18:44|---hs----|88038] E:\Warning.bmp
[18/08/2001 11:00|---hs----|10] E:\WIN51
[22/01/2001 11:00|---hs----|11] E:\WIN51.B2
[25/07/2001 11:00|---hs----|11] E:\WIN51.RC1
[25/07/2001 16:47|---hs----|11] E:\WIN51.RC2
[18/08/2001 11:00|---hs----|10] E:\WIN51IC
[20/03/2001 11:00|---hs----|11] E:\WIN51IC.B2
[25/07/2001 11:00|---hs----|11] E:\WIN51IC.RC1
[25/07/2001 11:00|---hs----|11] E:\WIN51IC.RC2
[17/08/2001 11:00|---hs----|10] E:\WIN51IP
[22/01/2001 11:00|---hs----|11] E:\WIN51IP.B2
[25/07/2001 16:47|---hs----|11] E:\WIN51IP.RC2
[17/08/2001 09:17|---hs----|184] E:\WINBOM.INI
[24/05/2001 05:19|---hs----|0] E:\XGA
[21/10/2004 11:38|--a------|126976] F:\Launch.exe
[02/07/2007 07:34|--a------|381] F:\Launch.ini
[04/04/2008 07:13|--a------|99614720] F:\Mac Installer.dmg
[18/06/2008 11:23|-ra------|411494] F:\mxoicon6.ico
[25/01/2010 19:30|--a------|2873856] G:\Stat Client par Famille et Article avec Cumul Qte.xls
[11/04/2009 14:39|--a------|907] G:\Mes dossiers de partage.lnk
[22/08/2009 21:34|--a------|114102] G:\TEST.mp3
[25/12/2009 16:14|--a------|572] G:\spider.sav

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_MOTIC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

############################## | UsbFix V6.083 |

User : FABRICE (Administrateurs) # MOTIC
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:55:09 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Turion(tm) 64 X2 Mobile Technology TL-58
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 100,93 Go (54,31 Go free) # NTFS
D:\ -> Disque CD-ROM # 4,38 Go (0 Mo free) [croisière 2] # UDF
E:\ -> Disque fixe local # 10,85 Go (10,59 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque fixe local # 931,51 Go (833,47 Go free) [OneTouch Domicile] # NTFS
G:\ -> Disque amovible # 14,9 Go (2,31 Mo free) [USB DISK] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 820
C:\WINDOWS\system32\csrss.exe 900
C:\WINDOWS\system32\winlogon.exe 932
C:\WINDOWS\system32\services.exe 984
C:\WINDOWS\system32\lsass.exe 996
C:\WINDOWS\System32\svchost.exe 1168
C:\WINDOWS\system32\Ati2evxx.exe 1204
C:\WINDOWS\system32\svchost.exe 1228
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1300
C:\WINDOWS\system32\logonui.exe 1344
C:\WINDOWS\system32\svchost.exe 1392
C:\WINDOWS\System32\svchost.exe 1440
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1476
C:\WINDOWS\system32\svchost.exe 1536
C:\WINDOWS\system32\Ati2evxx.exe 1592
C:\WINDOWS\system32\svchost.exe 1688
C:\WINDOWS\system32\spoolsv.exe 1972
C:\WINDOWS\system32\msdtc.exe 564
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 632
C:\Program Files\Bonjour\mDNSResponder.exe 652
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 688
C:\Coala\local\bin\CoalaWatcher\CoalaWatcher.exe 864
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe 1568
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 1676
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1816
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe 1128
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 248
C:\Program Files\PDF Complete\pdfsvc.exe 1576
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 516
C:\WINDOWS\System32\svchost.exe 760
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 828
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 2068
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2096
C:\WINDOWS\system32\svchost.exe 2172
C:\WINDOWS\system32\UTSCSI.EXE 2196
C:\Program Files\UltraVNC\WinVNC.exe 2228
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2292
C:\WINDOWS\system32\mqsvc.exe 2316
C:\WINDOWS\system32\mqtgsvc.exe 2536
C:\WINDOWS\System32\svchost.exe 2644
C:\WINDOWS\System32\alg.exe 2892
C:\WINDOWS\System32\SCardSvr.exe 3156
C:\WINDOWS\system32\userinit.exe 3776
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe 3876
C:\WINDOWS\Explorer.EXE 3900
C:\WINDOWS\system32\wbem\wmiprvse.exe 3068

################## | Elements infectieux |

Supprimé ! C:\WINDOWS\autorun.ini
Supprimé ! C:\DOCUME~1\FABRICE\LOCALS~1\Temp\Run.exe
Supprimé ! C:\Recycler\S-1-5-21-117609710-706699826-839522115-500
Supprimé ! C:\Recycler\S-1-5-21-1397966659-2045198256-682449973-500
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1007
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1008
Supprimé ! C:\Recycler\S-1-5-21-452722371-3896610426-2199788887-500
Supprimé ! E:\autorun.inf
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1007
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-1008
Supprimé ! E:\Recycler\S-1-5-21-452722371-3896610426-2199788887-500
Supprimé ! F:\autorun.inf
Supprimé ! F:\$Recycle.Bin\S-1-5-21-1978742474-1593193642-2263009649-1000
Supprimé ! F:\Recycler\S-1-5-21-2664800652-1252163766-3786886765-1115
Supprimé ! F:\Recycler\S-1-5-21-4223334480-4169191501-1924559394-1005

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{1241e2bc-8f66-11de-96fd-001a73ee2877}\Shell\Open(&0)\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2eee7592-8e80-11de-96fa-001a73ee2877}\Shell\Open(&0)\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8257bd46-040b-11df-9792-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b0c09f85-8e82-11de-96fb-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c94d1fc0-01fe-11df-978e-001a73ee2877}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d2354947-8f21-11de-96fc-001a4b8ce619}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/02/2008 09:38|-rahs----|224] C:\boot.ini
[05/08/2004 09:00|-rahs----|4952] C:\Bootfont.bin
[24/09/2009 17:21|--a------|40960] C:\HTGD0003.exe
[12/02/2008 14:14|-rahs----|0] C:\IO.SYS
[12/02/2008 14:14|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 09:00|--ahs----|47564] C:\ntdetect.com
[05/08/2004 09:00|--ahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[16/11/2009 17:38|--a------|13030] C:\PDOXUSRS.NET
[07/01/2009 21:03|--a------|594] C:\updatedatfix.log
[30/01/2010 22:02|--a------|5404] C:\UsbFix.txt
[26/08/2009 17:08|-r-------|68878336] D:\20090611181246.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611181246.modd
[26/08/2009 17:01|-r-------|148308] D:\DSC00148.JPG
[26/08/2009 17:01|-r-------|149465] D:\DSC00149.JPG
[26/08/2009 17:08|-r-------|37912576] D:\20090611181959.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611181959.modd
[26/08/2009 17:08|-r-------|63930368] D:\20090611182542.mpg
[26/08/2009 17:08|-r-------|383] D:\20090611182542.modd
[26/08/2009 17:01|-r-------|152666] D:\DSC00150.JPG
[26/08/2009 17:01|-r-------|153847] D:\DSC00151.JPG
[26/08/2009 17:08|-r-------|101023744] D:\20090612102755.mpg
[26/08/2009 17:08|-r-------|385] D:\20090612102755.modd
[26/08/2009 17:08|-r-------|30146560] D:\20090612110158.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612110158.modd
[26/08/2009 17:08|-r-------|39944192] D:\20090612110405.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612110405.modd
[26/08/2009 17:01|-r-------|137326] D:\DSC00152.JPG
[26/08/2009 17:01|-r-------|153333] D:\DSC00153.JPG
[26/08/2009 17:01|-r-------|152737] D:\DSC00154.JPG
[26/08/2009 17:01|-r-------|145910] D:\DSC00155.JPG
[26/08/2009 17:01|-r-------|144083] D:\DSC00156.JPG
[26/08/2009 17:01|-r-------|154328] D:\DSC00157.JPG
[26/08/2009 17:01|-r-------|131402] D:\DSC00158.JPG
[26/08/2009 17:01|-r-------|133085] D:\DSC00159.JPG
[26/08/2009 17:01|-r-------|129697] D:\DSC00160.JPG
[26/08/2009 17:08|-r-------|59441152] D:\20090612111108.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612111108.modd
[26/08/2009 17:08|-r-------|54132736] D:\20090612111816.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612111816.modd
[26/08/2009 17:08|-r-------|59506688] D:\20090612112547.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612112547.modd
[26/08/2009 17:08|-r-------|24903680] D:\20090612112921.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612112921.modd
[26/08/2009 17:08|-r-------|68190208] D:\20090612113354.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612113354.modd
[26/08/2009 17:08|-r-------|11599872] D:\20090612113616.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612113616.modd
[26/08/2009 17:01|-r-------|150920] D:\DSC00161.JPG
[26/08/2009 17:08|-r-------|92667904] D:\20090612115345.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612115345.modd
[26/08/2009 17:08|-r-------|4816896] D:\20090612123630.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612123630.modd
[26/08/2009 17:08|-r-------|17334272] D:\20090612125632.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125632.modd
[26/08/2009 17:08|-r-------|28246016] D:\20090612125751.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125751.modd
[26/08/2009 17:08|-r-------|9928704] D:\20090612125822.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612125822.modd
[26/08/2009 17:08|-r-------|11042816] D:\20090612125855.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125855.modd
[26/08/2009 17:08|-r-------|2129920] D:\20090612125915.mpg
[26/08/2009 17:08|-r-------|381] D:\20090612125915.modd
[26/08/2009 17:08|-r-------|17072128] D:\20090612125930.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612125930.modd
[26/08/2009 17:08|-r-------|91324416] D:\20090612141047.mpg
[26/08/2009 17:08|-r-------|383] D:\20090612141047.modd
[26/08/2009 17:01|-r-------|147445] D:\DSC00162.JPG
[26/08/2009 17:01|-r-------|150287] D:\DSC00163.JPG
[26/08/2009 17:09|-r-------|29523968] D:\20090612141609.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612141609.modd
[26/08/2009 17:09|-r-------|55803904] D:\20090612151308.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612151308.modd
[26/08/2009 17:01|-r-------|143988] D:\DSC00164.JPG
[26/08/2009 17:01|-r-------|155565] D:\DSC00165.JPG
[26/08/2009 17:01|-r-------|142975] D:\DSC00166.JPG
[26/08/2009 17:01|-r-------|144599] D:\DSC00167.JPG
[26/08/2009 17:01|-r-------|148032] D:\DSC00168.JPG
[26/08/2009 17:09|-r-------|22249472] D:\20090612154141.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612154141.modd
[26/08/2009 17:09|-r-------|67502080] D:\20090612154517.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612154517.modd
[26/08/2009 17:09|-r-------|53116928] D:\20090612155024.mpg
[26/08/2009 17:09|-r-------|383] D:\20090612155024.modd
[26/08/2009 17:09|-r-------|90669056] D:\20090713173358.mpg
[26/08/2009 17:09|-r-------|384] D:\20090713173358.modd
[26/08/2009 17:09|-r-------|21004288] D:\20090713173632.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713173632.modd
[26/08/2009 17:09|-r-------|9011200] D:\20090713173712.mpg
[26/08/2009 17:09|-r-------|382] D:\20090713173712.modd
[26/08/2009 17:09|-r-------|7766016] D:\20090713173726.mpg
[26/08/2009 17:09|-r-------|381] D:\20090713173726.modd
[26/08/2009 17:09|-r-------|18022400] D:\20090713173926.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713173926.modd
[26/08/2009 17:09|-r-------|28377088] D:\20090713174120.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713174120.modd
[26/08/2009 17:09|-r-------|164790272] D:\20090713174153.mpg
[26/08/2009 17:09|-r-------|385] D:\20090713174153.modd
[26/08/2009 17:09|-r-------|20512768] D:\20090713174558.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713174558.modd
[26/08/2009 17:09|-r-------|97746944] D:\20090713174627.mpg
[26/08/2009 17:09|-r-------|384] D:\20090713174627.modd
[26/08/2009 17:09|-r-------|34340864] D:\20090713175444.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713175444.modd
[26/08/2009 17:09|-r-------|28508160] D:\20090713175549.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713175549.modd
[26/08/2009 17:09|-r-------|220626944] D:\20090713175746.mpg
[26/08/2009 17:09|-r-------|385] D:\20090713175746.modd
[26/08/2009 17:09|-r-------|33193984] D:\20090713180226.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180226.modd
[26/08/2009 17:09|-r-------|57573376] D:\20090713180437.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180437.modd
[26/08/2009 17:09|-r-------|31850496] D:\20090713180658.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180658.modd
[26/08/2009 17:09|-r-------|43614208] D:\20090713180737.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180737.modd
[26/08/2009 17:09|-r-------|34537472] D:\20090713180828.mpg
[26/08/2009 17:09|-r-------|383] D:\20090713180828.modd
[26/08/2009 17:10|-r-------|40173568] D:\20090713181329.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713181329.modd
[26/08/2009 17:10|-r-------|46399488] D:\20090713181607.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713181607.modd
[26/08/2009 17:10|-r-------|162627584] D:\20090713181710.mpg
[26/08/2009 17:10|-r-------|385] D:\20090713181710.modd
[26/08/2009 17:10|-r-------|6160384] D:\20090713182023.mpg
[26/08/2009 17:10|-r-------|381] D:\20090713182023.modd
[26/08/2009 17:10|-r-------|60588032] D:\20090713182146.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713182146.modd
[26/08/2009 17:10|-r-------|132546560] D:\20090713182327.mpg
[26/08/2009 17:10|-r-------|385] D:\20090713182327.modd
[26/08/2009 17:10|-r-------|16220160] D:\20090713183724.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713183724.modd
[26/08/2009 17:10|-r-------|10649600] D:\20090713184617.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713184617.modd
[26/08/2009 17:10|-r-------|9011200] D:\20090713184834.mpg
[26/08/2009 17:10|-r-------|381] D:\20090713184834.modd
[26/08/2009 17:10|-r-------|90701824] D:\20090713184934.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713184934.modd
[26/08/2009 17:10|-r-------|47185920] D:\20090713185139.mpg
[26/08/2009 17:10|-r-------|383] D:\20090713185139.modd
[28/07/2001 00:07|---hs----|0] E:\AUTOEXEC.BAT
[09/01/2002 13:52|---hs----|244] E:\BOOT.INI
[17/08/2001 03:26|---hs----|237728] E:\CMLDR
[28/07/2001 00:07|---hs----|0] E:\CONFIG.SYS
[01/07/2005 14:16|---hs----|102] E:\Desktop.ini
[22/11/2004 18:28|---hs----|8130] E:\Folder.htt
[30/11/2004 14:01|---hs----|73728] E:\Info.exe
[28/07/2001 00:07|---hs----|0] E:\IO.SYS
[12/02/2008 10:08|--ahs----|1230] E:\MASTER.LOG
[21/06/2005 20:22|---hs----|0] E:\MENUND
[28/07/2001 00:07|---hs----|0] E:\MSDOS.SYS
[25/07/2001 16:00|---hs----|45124] E:\NTDETECT.COM
[19/06/2001 01:53|---hs----|0] E:\NTFS
[18/05/2005 16:24|---hs----|245920] E:\NTLDR
[10/09/2002 12:58|---hs----|181616] E:\protect.ed
[28/07/2005 22:09|---hs----|36] E:\SAVEFILE.DIR
[21/10/2005 12:12|---hs----|42] E:\st_log.ini
[08/02/2002 18:44|---hs----|88038] E:\Warning.bmp
[18/08/2001 11:00|---hs----|10] E:\WIN51
[22/01/2001 11:00|---hs----|11] E:\WIN51.B2
[25/07/2001 11:00|---hs----|11] E:\WIN51.RC1
[25/07/2001 16:47|---hs----|11] E:\WIN51.RC2
[18/08/2001 11:00|---hs----|10] E:\WIN51IC
[20/03/2001 11:00|---hs----|11] E:\WIN51IC.B2
[25/07/2001 11:00|---hs----|11] E:\WIN51IC.RC1
[25/07/2001 11:00|---hs----|11] E:\WIN51IC.RC2
[17/08/2001 11:00|---hs----|10] E:\WIN51IP
[22/01/2001 11:00|---hs----|11] E:\WIN51IP.B2
[25/07/2001 16:47|---hs----|11] E:\WIN51IP.RC2
[17/08/2001 09:17|---hs----|184] E:\WINBOM.INI
[24/05/2001 05:19|---hs----|0] E:\XGA
[21/10/2004 11:38|--a------|126976] F:\Launch.exe
[02/07/2007 07:34|--a------|381] F:\Launch.ini
[04/04/2008 07:13|--a------|99614720] F:\Mac Installer.dmg
[18/06/2008 11:23|-ra------|411494] F:\mxoicon6.ico
[25/01/2010 19:30|--a------|2873856] G:\Stat Client par Famille et Article avec Cumul Qte.xls
[11/04/2009 14:39|--a------|907] G:\Mes dossiers de partage.lnk
[22/08/2009 21:34|--a------|114102] G:\TEST.mp3
[25/12/2009 16:14|--a------|572] G:\spider.sav

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_MOTIC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
0
Réponse 9 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
30 janv. 2010 à 22:31
Salut Tigamo


[*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Déconnecte-toi et ferme toutes applications en cours

[*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
[*]Double-clique sur l'icône AD-Remover située sur ton Bureau
[*]Au menu principal, choisis l'option L.
[*]Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

Aide : https://kerio.probb.fr/t3786-tuto-ad-remover


@++ :)
0
Réponse 10 / 13
Tigamo
30 janv. 2010 à 23:07
coucou desoler mais le logiciel se bloque a 4% et n'evolut pas que dois faire? laisser la nuit et voir demain?
0
Réponse 11 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
30 janv. 2010 à 23:37
Salut Tigamo


On va voir avec un autre outil, télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

- Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

Tutoriel pour MalwareByte's ici :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


@++ :)
0
Réponse 12 / 13
Tigamo
30 janv. 2010 à 23:42
voici le rapport ca a fonctionner desoler
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 29.01.2010 à 16:43
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:00:37, 30/01/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: MOTIC | Utilisateur actuel: FABRICE
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\Program Files\pdfforge Toolbar
C:\DOCUME~1\FABRICE\APPLIC~1\pdfforge
C:\DOCUME~1\FABRICE\APPLIC~1\Search Settings
C:\DOCUME~1\FABRICE\LOCALS~1\TEMPOR~1\Content.IE5\R59GA9RA\wbk23.tmp
C:\DOCUME~1\FABRICE\LOCALS~1\TEMPOR~1\Content.IE5\R59GA9RA\wbk2B.tmp
C:\Windows\Installer\89087.msi
.
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\pdfforge
HKCU\software\Search Settings
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\pdfforge
HKLM\software\Search Settings
HKU\s-1-5-21-452722371-3896610426-2199788887-1008\software\pdfforge
HKU\s-1-5-21-452722371-3896610426-2199788887-1008\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\FABRICE\Mes documents\ACTION CONSEIL\FIDU EXPERT MAJ\patch35210fidu.exe
.
===================================
.
501 Octet(s) - C:\Ad-Report-CLEAN[1].log
501 Octet(s) - C:\Ad-Report-CLEAN[2].log
3863 Octet(s) - C:\Ad-Report-SCAN[1].log
.
198 Fichier(s) - C:\DOCUME~1\FABRICE\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
129 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 23:34:19 | 30/01/2010 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 13 / 13
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
31 janv. 2010 à 00:08
Salut Tigamo


Faire aussi le scan avec MBAM et poste le rapport


@++ :)
0