Nouveau virus msn

tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,
quand j'été entrin de parler avec un ami en msn son ordinateur m'envoie un lien qui debute par "hhhh foto www............." ou quelque chose comme ça.
apres je ne peut pas voir la page ou je chat avec mes ami et apres j'ai fermer msn et je l'ouvre une autre fois et j'essaye a parler a nouveau avec mes ami,bon j-ai fait ca et un de mes amis me dis que mon ordinateur l'envoie un lien tatata......et apres trois ou deux minute les page de chat sont disparu une autre fois.......c'est quoi ça?
j'espere que vous avez compris....
merci bcp
Configuration: Windows XP / Internet Explorer 7.0

11 réponses

  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut tsri_badr_esgi

    On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

    Les rapports sont dans le dossier ici C:\rsit

    @++ :)
    0
  2. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    bon voila le log.txt:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2010-02-25 01:18:55
    Microsoft Windows XP Professionnel Service Pack 3
    System drive D: has 45 GB (68%) free of 66 GB
    Total RAM: 2039 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:20:18, on 25/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20815)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\WINDOWS\system32\igfxpers.exe
    D:\WINDOWS\system32\igfxsrvc.exe
    D:\WINDOWS\system32\mmm.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\AESTFltr.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\WinMover\WinMover.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\WINDOWS\infocard.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    D:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EZTU69HO\RSIT[1].exe
    D:\Program Files\trend micro\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://postarticles.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Mmm] D:\WINDOWS\system32\mmm.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Firewall Administrating] D:\WINDOWS\infocard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [WinMover] "D:\Program Files\WinMover\WinMover.exe" /q
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Firewall Administrating] D:\WINDOWS\infocard.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F9061F35-1082-4A42-AB9B-62EDF1786AB8}: NameServer = 192.168.50.58 192.168.50.55
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - i:\swsetup\idtaudio\wdm\vista\aestsrv.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Audio Service (STacSV) - Unknown owner - d:\d\s\zi\STacSV.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  3. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    et voila le info.txt :

    info.txt logfile of random's system information tool 1.06 2010-02-25 01:22:40

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Archiveur WinRAR-->D:\Program Files\WinRAR\uninstall.exe
    Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall
    avast! Antivirus-->rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Cisco Packet Tracer 5.2.1-->"D:\Program Files\Packet Tracer 5.2\unins000.exe"
    ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall
    CMenu-->"D:\Program Files\CMenu\CMenu.exe" /uninstall
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
    Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall
    File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall
    FlashFXP v3-->"D:\Program Files\FlashFXP\Uninstall.exe" "D:\Program Files\FlashFXP\install.log" -u
    HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall
    HijackThis 2.0.2-->"D:\Program Files\trend micro\HijackThis.exe" /uninstall
    IDT Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
    InstallWatch Pro 2.5-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu"
    Intel(R) Graphics Media Accelerator Driver-->D:\WINDOWS\system32\igxpun.exe -uninstall
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
    Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
    Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall
    Mobile Connect-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2C27866B-00E1-4AFF-A199-C7E978A10FC6}\Setup.exe" -l0x9 -removeonly
    ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall
    Mozilla Firefox (3.0)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.14)-->D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
    Nero 8 Lite 8.3.2.1b-->"D:\Program Files\Nero\unins000.exe"
    Notepad++-->D:\Program Files\Notepad++\uninstall.exe
    PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall
    QuickPar 0.9-->D:\Program Files\QuickPar\uninst.exe
    QuickTime-->D:\WINDOWS\unvise32qt.exe D:\WINDOWS\system32\QuickTime\Uninstall.log
    RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall
    Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall
    RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall
    Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall
    Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall
    Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall
    Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    SmartSound Quicktracks Plugin-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Ulead VideoStudio 9.0-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\Setup.exe" -l0x40c
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
    Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall
    VideoLAN VLC media player 0.8.6c-->D:\Program Files\VideoLAN\VLC\uninstall.exe
    VNC Free Edition 4.1.3-->"D:\Program Files\RealVNC\VNC4\unins000.exe"
    WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall
    Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers
    WinMover 3.2.0.6-->"D:\Program Files\WinMover\unins000.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"D:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall

    ======Security center information======

    AV: avast! antivirus 4.7.981 [VPS 100224-1]

    ======System event log======

    Computer Name: SWEET-F9A1B5154
    Event Code: 3260
    Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.

    Record Number: 5
    Source Name: Workstation
    Time Written: 20100208210026.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-F9A1B5154.

    Record Number: 4
    Source Name: EventLog
    Time Written: 20100208205930.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 7036
    Message: Le service est entré dans l'état : Intel(R) Wireless WiFi Link 5100.

    Record Number: 3
    Source Name: NETw5x32
    Time Written: 20100208215842.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20100208214758.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20100208214758.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 5
    Source Name: LoadPerf
    Time Written: 20100208210133.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 4
    Source Name: LoadPerf
    Time Written: 20100208210023.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 3
    Source Name: LoadPerf
    Time Written: 20100208210019.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 2
    Source Name: LoadPerf
    Time Written: 20100208205932.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 65535
    Message:
    Record Number: 1
    Source Name: STacSV
    Time Written: 20100208215905.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Fichiers communs\Ulead Systems\MPEG
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PT5HOME"=D:\Program Files\Packet Tracer 5.2

    -----------------EOF-----------------
    0
  4. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    et voila le info.txt :

    info.txt logfile of random's system information tool 1.06 2010-02-25 01:22:40

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Archiveur WinRAR-->D:\Program Files\WinRAR\uninstall.exe
    Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall
    avast! Antivirus-->rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Cisco Packet Tracer 5.2.1-->"D:\Program Files\Packet Tracer 5.2\unins000.exe"
    ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall
    CMenu-->"D:\Program Files\CMenu\CMenu.exe" /uninstall
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
    Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall
    File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall
    FlashFXP v3-->"D:\Program Files\FlashFXP\Uninstall.exe" "D:\Program Files\FlashFXP\install.log" -u
    HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall
    HijackThis 2.0.2-->"D:\Program Files\trend micro\HijackThis.exe" /uninstall
    IDT Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
    InstallWatch Pro 2.5-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu"
    Intel(R) Graphics Media Accelerator Driver-->D:\WINDOWS\system32\igxpun.exe -uninstall
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
    Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
    Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
    Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall
    Mobile Connect-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2C27866B-00E1-4AFF-A199-C7E978A10FC6}\Setup.exe" -l0x9 -removeonly
    ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall
    Mozilla Firefox (3.0)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.14)-->D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
    Nero 8 Lite 8.3.2.1b-->"D:\Program Files\Nero\unins000.exe"
    Notepad++-->D:\Program Files\Notepad++\uninstall.exe
    PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall
    QuickPar 0.9-->D:\Program Files\QuickPar\uninst.exe
    QuickTime-->D:\WINDOWS\unvise32qt.exe D:\WINDOWS\system32\QuickTime\Uninstall.log
    RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall
    Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall
    RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall
    Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall
    Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall
    Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall
    Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    SmartSound Quicktracks Plugin-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Ulead VideoStudio 9.0-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\Setup.exe" -l0x40c
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
    Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall
    VideoLAN VLC media player 0.8.6c-->D:\Program Files\VideoLAN\VLC\uninstall.exe
    VNC Free Edition 4.1.3-->"D:\Program Files\RealVNC\VNC4\unins000.exe"
    WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall
    Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers
    WinMover 3.2.0.6-->"D:\Program Files\WinMover\unins000.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"D:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall

    ======Security center information======

    AV: avast! antivirus 4.7.981 [VPS 100224-1]

    ======System event log======

    Computer Name: SWEET-F9A1B5154
    Event Code: 3260
    Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.

    Record Number: 5
    Source Name: Workstation
    Time Written: 20100208210026.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-F9A1B5154.

    Record Number: 4
    Source Name: EventLog
    Time Written: 20100208205930.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 7036
    Message: Le service est entré dans l'état : Intel(R) Wireless WiFi Link 5100.

    Record Number: 3
    Source Name: NETw5x32
    Time Written: 20100208215842.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20100208214758.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20100208214758.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 5
    Source Name: LoadPerf
    Time Written: 20100208210133.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 4
    Source Name: LoadPerf
    Time Written: 20100208210023.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 3
    Source Name: LoadPerf
    Time Written: 20100208210019.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-F9A1B5154
    Event Code: 1000
    Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
    Les données d'enregistrement contiennent les nouvelles valeurs d'index
    assignées à ce service.

    Record Number: 2
    Source Name: LoadPerf
    Time Written: 20100208205932.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 65535
    Message:
    Record Number: 1
    Source Name: STacSV
    Time Written: 20100208215905.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Fichiers communs\Ulead Systems\MPEG
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PT5HOME"=D:\Program Files\Packet Tracer 5.2

    -----------------EOF-----------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut tsri_badr_esgi

    -Télécharge et installe MalwareByte's Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Mets le à jour

    ---

    - Redémarre en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

    ---

    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

    - Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

    Tutoriel pour MalwareByte's ici :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    @++ :)
    0
  7. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    ok je vais faire ca mais je poste le rapport demain car c l'heure a domir ici,j'espere que tu sera la pour m'aider .
    merci bcp
    0
  8. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut tsri_badr_esgi

    Oui je serai là, a demain

    @++ :)
    0
  9. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    voila le rapport mr dédétraqué:

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    25/02/2010 02:41:18
    mbam-log-2010-02-25 (02-41-18).txt

    Type de recherche: Examen complet (D:\|)
    Eléments examinés: 164775
    Temps écoulé: 13 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  10. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut tsri_badr_esgi

    Version de la base de données: 3510
    Mettre MBAM à jour et refais le scan, poste le rapport

    @++ :)
    0
  11. tsri_badr_esgi Messages postés 530 Date d'inscription   Statut Membre Dernière intervention   9
     
    voila mr le nouveau rapport:

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3796
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    26/02/2010 20:40:51
    mbam-log-2010-02-26 (20-40-48).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
    Eléments examinés: 327134
    Temps écoulé: 41 minute(s), 43 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    D:\WINDOWS\infocard.exe (Backdoor.IRCBot) -> No action taken.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\Program Files\CMenu\Utilities\plugins\ZDRx.dll (Malware.Packer.Gen) -> No action taken.
    D:\WINDOWS\infocard.exe (Backdoor.IRCBot) -> No action taken.
    0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut tsri_badr_esgi

    J'aurais du lire Quarantined and deleted successfully et non No action taken, tu as bien cliquer sur Supprimer la sélection?

    Refais un scan avec RSIT et poste le contenu du rapport log.txt à la fin de l’analyse

    Le rapport est dans le dossier ici C:\rsit

    @++ :)
    0