Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e) (modifié)

salut,

 

je suis en combat avec ce fichu viirus que je n' arrive pas à supprimer définitivement, après avoir cherché, j' en appelle à la communauté merci d 'avance !! voici le rapport fait avec hijackthis :

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51:50, on 24/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\ALI\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {150E44D5-314A-4E8C-A11C-B806C6882AEF} - (no file)

O2 - BHO: (no name) - {339f7a5b-1ecb-456c-a310-46d331dcab04} - (no file)

O2 - BHO: (no name) - {48BACDF8-1B76-49C1-97B8-9A494E316683} - (no file)

O2 - BHO: (no name) - {606895aa-eac6-4e64-9004-5c133a010415} - (no file)

O2 - BHO: (no name) - {B8DC1FE9-889D-4559-8090-FF2E5EFA9086} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E35A634B-DC92-4F89-8236-6ADBCA79927B} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [xvs] C:\WINDOWS\system32\xvs.exe \u

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: fheykv.dll rvzbuo.dll

O21 - SSODL: uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\system32\amw.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8980 bytes

Modifié par alou

Posté(e) (modifié)

Bonsoir alou et bienvenue sur Zébulon

 

Ton PC est en SP2 et tu utilises IE 7 , on en est au SP3 et à IE8. Le faite de ne pas mettre Windows à jour, IE et les différents autres programmes présents sur ton PC cree des failles de sécurité exploitables par les malwares. On verra cela ensemble par la suite quand ton PC sera désinfecté.

 

Ton Windows est une version nLite non officielle, je voudrais savoir si tu possèdes la licence avant de poursuivre...

 

Si cela peux t'aider, commence par lire ces deux sujets :

 

Comment participer a un forum

 

Retrouver ses messages et activer la notification par email

 

1) OTM de Old_Timer

  • Télécharge OTM de Old_Timer sur ton Bureau.
  • Double clique sur OTM.exe afin de lancer l'outil.
  • Copie la liste qui se trouve en citation ci-dessous :

:reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150E44D5-314A-4E8C-A11C-B806C6882AEF}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{339f7a5b-1ecb-456c-a310-46d331dcab04}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48BACDF8-1B76-49C1-97B8-9A494E316683}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{606895aa-eac6-4e64-9004-5c133a010415}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8DC1FE9-889D-4559-8090-FF2E5EFA9086}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E35A634B-DC92-4F89-8236-6ADBCA79927B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"xvs"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"uMOlFo"=-

 

:files

C:\WINDOWS\system32\xvs.exe

C:\WINDOWS\system32\fheykv.dll

C:\WINDOWS\system32\rvzbuo.dll

C:\WINDOWS\system32\amw.dll

 

:commands

[emptytemp]

[reboot]

  • et colle-la dans le cadre de gauche de OTM : "Paste instructions for item to be moved".
  • Clique sur le bouton MoveIt!
  • Attends la fin du travail de l'outil puis ferme OTM.

Note: Un redémarrage du PC pourra être nécessaire, clique sur Oui/Yes quand cela te sera demandé.

 

2) Random's System Information Tool (RSIT)

 

Tuto : http://forum.pcastuces.com/randoms_system_...rsit-f31s31.htm.

Télécharge Random's System Information Tool (RSIT) de random/random et sauvegarde-le sur ton Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.(Si tu es sous Vista, fais un clic droit dessus et choisis « Exécuter en tant qu'administrateur»).
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste en réponse :

 

* Le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés dans %systemroot%\rsit

 

* Le rapport de OTM (contenu du fichier Lecteur\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure) [Lecteur représente la partition depuis laquelle OTM a été lancé, généralement C:]

 

@ suivre.

Modifié par Le sioux
Posté(e)

salut mr Sioux! er merci de m' aider voici les deux rapports ..

 

 

LE PREMIER :[/b]

 

 

All processes killed

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150E44D5-314A-4E8C-A11C-B806C6882AEF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{150E44D5-314A-4E8C-A11C-B806C6882AEF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{339f7a5b-1ecb-456c-a310-46d331dcab04}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339f7a5b-1ecb-456c-a310-46d331dcab04}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48BACDF8-1B76-49C1-97B8-9A494E316683}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48BACDF8-1B76-49C1-97B8-9A494E316683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{606895aa-eac6-4e64-9004-5c133a010415}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606895aa-eac6-4e64-9004-5c133a010415}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8DC1FE9-889D-4559-8090-FF2E5EFA9086}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8DC1FE9-889D-4559-8090-FF2E5EFA9086}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E35A634B-DC92-4F89-8236-6ADBCA79927B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E35A634B-DC92-4F89-8236-6ADBCA79927B}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\xvs deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|”” /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\uMOlFo deleted successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\xvs.exe not found.

File/Folder C:\WINDOWS\system32\fheykv.dll not found.

File/Folder C:\WINDOWS\system32\rvzbuo.dll not found.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\amw.dll

C:\WINDOWS\system32\amw.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\amw.dll scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 910777 bytes

->Temporary Internet Files folder emptied: 1559821 bytes

->Java cache emptied: 0 bytes

 

User: ALI

->Temp folder emptied: 455012856 bytes

File delete failed. C:\Documents and Settings\ALI\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 50138569 bytes

->Java cache emptied: 0 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 35539 bytes

 

User: LocalService.AUTORITE NT

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33174 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORITE NT

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2114013 bytes

%systemroot%\System32 .tmp files removed: 11500606 bytes

Windows Temp folder emptied: 1819104 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 499,08 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09252009_093423

 

Files moved on Reboot...

DllUnregisterServer procedure not found in C:\WINDOWS\system32\amw.dll

C:\WINDOWS\system32\amw.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\amw.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

LE SECOND :

 

nfo.txt logfile of random's system information tool 1.06 2009-09-25 09:38:56

 

======Uninstall list======

 

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 9 Plugin-->MsiExec.exe /X{008F31A9-4B8E-4411-AA19-2CB3C8DD7507}

Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}

Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly

Canon Internet Library for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9E75AF24-815C-4BD1-9A05-F96866CC6005}

Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\Canon\ZOOMBR~1\..\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\ZOOMBR~1\..\PhotoRecord\Program\uninstdll.dll"

Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}

Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}

Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB3AC39D-9915-435D-ACC4-9881E75326BC}

Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x40c

CartoExploreur 3D 1.10-->"C:\Program Files\Bayo\Setup\CartoExploreur 3D 1.10\unins000.exe"

cGPSmapper Free 0097-->"C:\Program Files\cGPSmapper\unins000.exe"

Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}

Cloneur Expert-->C:\Program Files\Micro Application\Cloneur Expert\MediaBuilder.exe -uninstall

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Fenêtre d'appareil photo Canon pour ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4}

Garmin City Navigator Europe v8-->MsiExec.exe /X{3879E12E-DA5B-4451-B973-DA0E2FEE7039}

Garmin TOPO Swiss East-->"C:\Garmin\TOPO Swiss East\unins000.exe"

Garmin TOPO Swiss West-->"C:\Garmin\TOPO Swiss West\unins000.exe"

Gpstrack 2008-->MsiExec.exe /X{A666A3CB-C3B8-4ACB-B278-5ED5124EFD6E}

Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\ALI\Bureau\HijackThis.exe" /uninstall

HP Deskjet 5400 series-->C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat

HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}

HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}

Intel® PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1

InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}

iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

KC Softwares IDPhotoStudio-->"C:\Program Files\KC Softwares\IDPhotoStudio\unins000.exe"

K-Lite Codec Pack 2.71 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MapSource Product Install-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47D50190-9DAD-4FFE-9EFA-6D278B2C4810}\Setup.exe" -l0x40c AddRemove

MapSource Product Install-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8BFB69F-BBBA-48A9-A788-851222571C77}\setup.exe" -l0x40c AddRemove

MFCDLL Shared Library - Retail Version-->MsiExec.exe /I{51D569E2-8A28-11D2-B962-006097C4DE24}

Microsoft ® C Runtime Library-->MsiExec.exe /I{51D569E0-8A28-11D2-B962-006097C4DE24}

Microsoft ® C++ Runtime Library-->MsiExec.exe /I{51D569E3-8A28-11D2-B962-006097C4DE24}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

MSXML 3.0-->MsiExec.exe /I{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}

Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}

NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OgcDrv 2.12-->"C:\Program Files\Bayo\Setup\OgcDrv 2.12\unins000.exe"

OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Permis de construire Expert CAD-->"C:\Program Files\Anuman Interactive\Permis de construire Expert CAD\unins000.exe"

Photo d'identité 2008 v3.4-->"C:\Program Files\Emjysoft\Photo\unins000.exe"

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

Pinnacle PCTV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x40c -L0x40c UNINSTALL

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Réseau Antilles Bayo 0007-Q0-->"C:\Program Files\Bayo\Setup\Réseau Antilles Bayo 0007-Q0\unins000.exe"

Réseau Antilles BdAlti 2007-Q1-->"C:\Program Files\Bayo\Setup\Réseau Antilles BdAlti 2007-Q1\unins000.exe"

Réseau Antilles BdNyme 2003-Q1-->"C:\Program Files\Bayo\Setup\Réseau Antilles BdNyme 2003-Q1\unins000.exe"

Réseau France Bayo 0013-Q0-->"C:\Program Files\Bayo\Setup\Réseau France Bayo 0013-Q0\unins000.exe"

Réseau France BdAlti 2006-Q2-->"C:\Program Files\Bayo\Setup\Réseau France BdAlti 2006-Q2\unins000.exe"

Réseau France BdNyme 2004-Q4-->"C:\Program Files\Bayo\Setup\Réseau France BdNyme 2004-Q4\unins000.exe"

Réseau France NavTeq 2006-Q1-->"C:\Program Files\Bayo\Setup\Réseau France NavTeq 2006-Q1\unins000.exe"

Réseau France POI 2006-Q1-->"C:\Program Files\Bayo\Setup\Réseau France POI 2006-Q1\unins000.exe"

Réseau France TopoNyme 2004-Q4-->"C:\Program Files\Bayo\Setup\Réseau France TopoNyme 2004-Q4\unins000.exe"

Réseau Guyane Bayo 0004-Q0-->"C:\Program Files\Bayo\Setup\Réseau Guyane Bayo 0004-Q0\unins000.exe"

Réseau Guyane BdAlti 2003-Q1-->"C:\Program Files\Bayo\Setup\Réseau Guyane BdAlti 2003-Q1\unins000.exe"

Réseau Guyane BdNyme 2003-Q1-->"C:\Program Files\Bayo\Setup\Réseau Guyane BdNyme 2003-Q1\unins000.exe"

Réseau Reunion Bayo 0007-Q0-->"C:\Program Files\Bayo\Setup\Réseau Reunion Bayo 0007-Q0\unins000.exe"

Réseau Reunion BdAlti 2007-Q1-->"C:\Program Files\Bayo\Setup\Réseau Reunion BdAlti 2007-Q1\unins000.exe"

Réseau Reunion BdNyme 2007-Q1-->"C:\Program Files\Bayo\Setup\Réseau Reunion BdNyme 2007-Q1\unins000.exe"

Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Sierra Home Architecte-->C:\WINDOWS\IsUn040c.exe -fC:\SIERRA\SHAF\Uninst.isu

Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x040c -removeonly

SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly

TrekMap v2-->MsiExec.exe /X{46E7E808-5AD2-44B6-B52C-68EB15182D8A}

Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409

VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

 

======Hosts File======

 

127.0.0.1 localhost

 

Securitycenter WMI appears to be broken

 

======System event log======

 

Computer Name: ALOU

Event Code: 10

Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

 

Record Number: 47929

Source Name: redbook

Time Written: 20090918131954.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 10

Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

 

Record Number: 47928

Source Name: redbook

Time Written: 20090918131954.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 3095

Message: Cet ordinateur est configuré en tant que membre d'un groupe de travail,

et non en tant que membre d'un domaine. Il n'est pas nécessaire

d'exécuter le service Accès réseau dans cette configuration.

 

Record Number: 47927

Source Name: NETLOGON

Time Written: 20090918131953.000000+120

Event Type: erreur

User:

 

Computer Name: ALOU

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 47926

Source Name: EventLog

Time Written: 20090918131943.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

 

Record Number: 47925

Source Name: EventLog

Time Written: 20090918131943.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: ALOU

Event Code: 1003

Message: Le paramètre TraceFileName ne se trouve pas dans le Registre.

Le fichier de suivi utilisé par défaut est .

 

Record Number: 4267

Source Name: EvntAgnt

Time Written: 20090718230212.000000+120

Event Type: Avertissement

User:

 

Computer Name: ALOU

Event Code: 1

Message:

Record Number: 4266

Source Name: Bonjour Service

Time Written: 20090718230209.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 0

Message:

Record Number: 4265

Source Name: Capture Device Service

Time Written: 20090718230207.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 0

Message:

Record Number: 4264

Source Name: Capture Device Service

Time Written: 20090718230207.000000+120

Event Type: Informations

User:

 

Computer Name: ALOU

Event Code: 0

Message:

Record Number: 4263

Source Name: Capture Device Service

Time Written: 20090718230207.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Intel\DMIX;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0209

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"DEVMGR_SHOW_DETAILS"=1

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

A+

Posté(e)

Bonjour alou

 

Afin de poursuivre, il me manque :

 

1) Une réponse à ma question :

Ton Windows est une version nLite non officielle, je voudrais savoir si tu possèdes la licence avant de poursuivre...

2) Le contenu de log.txt ( rapport de RSIT )

Note : Les deux rapports sont également sauvegardés dans %systemroot%\rsit

 

@ suivre.

Posté(e)
Bonjour alou

 

Afin de poursuivre, il me manque :

 

1) Une réponse à ma question :

 

2) Le contenu de log.txt ( rapport de RSIT )

Note : Les deux rapports sont également sauvegardés dans %systemroot%\rsit

 

@ suivre.

 

 

RE..

 

je possède bien la licence;

 

2/ voici le rapport qu 'il te manque :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:07, on 25/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Anuman Interactive\Permis de construire Expert CAD\Permis de construire Expert CAD.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\ALI\Bureau\RSIT.exe

C:\Documents and Settings\ALI\Bureau\ALI.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: ””

O21 - SSODL: uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\System32\amw.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8706 bytes

 

 

Merci encore

Posté(e)

BOnsoir alou

 

RE..

 

je possède bien la licence;

OK :P

 

2/ voici le rapport qu 'il te manque :

C'est un rapport HijackThis et non le rapport log.txt, rapport de RSIT localisé dans C:\rsit\log.txt

 

Le rapport HijackThis n'est pas suffisant pour y voir clair afin de passer à la suite ...

 

@ suivre donc ...

Posté(e)
BOnsoir alou

 

 

OK :P

 

 

C'est un rapport HijackThis et non le rapport log.txt, rapport de RSIT localisé dans C:\rsit\log.txt

 

Le rapport HijackThis n'est pas suffisant pour y voir clair afin de passer à la suite ...

 

@ suivre donc ...

 

 

ello !

 

voici : le même, mais complété. thank' s !

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by ALI at 2009-09-25 15:35:05

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 51 GB (67%) free of 76 GB

Total RAM: 510 MB (58% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:07, on 25/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Anuman Interactive\Permis de construire Expert CAD\Permis de construire Expert CAD.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\ALI\Bureau\RSIT.exe

C:\Documents and Settings\ALI\Bureau\ALI.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: ””

O21 - SSODL: uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\System32\amw.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8706 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\HPpromotions journeysoftware.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"NWEReboot"= []

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

"Cloneur Expert Monitor"=C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe [2009-02-04 437675]

"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2009-02-04 61440]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-09-15 917504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

 

C:\Documents and Settings\ALI\Menu Démarrer\Programmes\Démarrage

IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="””"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\System32\amw.dll [2006-12-13 32768]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SynchronousMachineGroupPolicy"=0

"SynchronousUserGroupPolicy"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoStrCmpLogical"=0

"LockTaskbar"=0

"NoResolveTrack"=0

"NoResolveSearch"=0

"NoRun"=0

"NoFind"=0

"NoSMMyPictures"=0

"NoStartMenuMFUprogramsList"=0

"NoUserNameInStartMenu"=0

"NoStartMenuMorePrograms"=0

"MaxRecentDocs"=15

"NoInstrumentation"=0

"MemCheckBoxInRunDlg"=1

"NoSMBalloonTip"=0

"NoActiveDesktopChanges"=0

"NoSetActiveDesktop"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoSimpleStartMenu"=

"NoSetActiveDesktop"=

"NoActiveDesktopChanges"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\GT2002\gpstrack.exe"="C:\Program Files\GT2002\gpstrack.exe:*:Enabled:Gpstrack"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Documents and Settings\ALI\Local Settings\Temp\IXP001.TMP\garmin.exe"="C:\Documents and Settings\ALI\Local Settings\Temp\IXP001.TMP\garmin.exe:*:Enabled:Windows Messanger"

"C:\Documents and Settings\ALI\Local Settings\Temp\IXP000.TMP\garmin.exe"="C:\Documents and Settings\ALI\Local Settings\Temp\IXP000.TMP\garmin.exe:*:Enabled:Windows Messanger"

"C:\WINDOWS\system32\xvs.exe"="C:\WINDOWS\system32\xvs.exe:*:Enabled:ENABLE"

"C:\Documents and Settings\ALI\ddmgtf.exe"="C:\Documents and Settings\ALI\ddmgtf.exe:*:Enabled:ENABLE"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25cf0c22-c2ef-11dd-a6e5-0007e962e558}]

shell\AutoRun\command - H:\Setup.exe

 

 

======List of files/folders created in the last 3 months======

 

2009-09-25 09:38:41 ----D---- C:\rsit

2009-09-25 09:34:23 ----D---- C:\_OTM

2009-09-24 17:35:12 ----D---- C:\Program Files\Panda Security

2009-09-22 20:39:52 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-22 18:33:36 ----D---- C:\WINDOWS\system32\DirectX

2009-09-22 18:33:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-09-22 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-09-16 19:11:15 ----D---- C:\Program Files\Fichiers communs\Windows Live

2009-09-15 06:45:02 ----A---- C:\WINDOWS\system32\imon.dll

2009-09-11 08:07:09 ----D---- C:\Program Files\IKEA HomePlanner

2009-09-11 08:06:36 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-08-25 16:31:23 ----D---- C:\Program Files\iPod

2009-08-25 16:31:20 ----D---- C:\Program Files\iTunes

2009-08-25 16:30:55 ----D---- C:\Program Files\Apple Software Update

2009-08-25 16:30:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

2009-08-25 16:30:22 ----D---- C:\Program Files\Fichiers communs\Apple

2009-08-25 13:33:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-25 13:30:34 ----SHD---- C:\WINDOWS\CSC

2009-08-25 11:47:41 ----A---- C:\Documents and Settings\ALI\Application Data\install.txt

2009-08-25 09:01:44 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-25 08:34:12 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-24 18:56:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!

2009-08-19 07:21:41 ----D---- C:\Program Files\MSSOAP

2009-08-19 07:20:29 ----D---- C:\Program Files\Webroot

 

======List of files/folders modified in the last 3 months======

 

2009-09-25 14:40:02 ----D---- C:\WINDOWS\system32\inetsrv

2009-09-25 14:36:22 ----D---- C:\WINDOWS\system32\NtmsData

2009-09-25 12:00:39 ----A---- C:\WINDOWS\winamp.ini

2009-09-25 11:24:16 ----D---- C:\WINDOWS\Prefetch

2009-09-25 11:24:10 ----D---- C:\WINDOWS

2009-09-25 09:35:54 ----D---- C:\WINDOWS\Temp

2009-09-25 09:35:54 ----D---- C:\WINDOWS\system32

2009-09-24 17:35:21 ----D---- C:\WINDOWS\system32\drivers

2009-09-24 17:35:12 ----RD---- C:\Program Files

2009-09-24 17:35:12 ----HD---- C:\WINDOWS\inf

2009-09-24 17:34:52 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-09-23 07:37:05 ----D---- C:\WINDOWS\Debug

2009-09-22 20:39:22 ----D---- C:\WINDOWS\Minidump

2009-09-22 20:34:36 ----D---- C:\Program Files\Eset

2009-09-22 20:34:36 ----D---- C:\Config.Msi

2009-09-22 18:50:57 ----SHD---- C:\WINDOWS\Installer

2009-09-22 18:50:57 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2009-09-22 18:50:57 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-09-22 18:48:32 ----RSD---- C:\WINDOWS\assembly

2009-09-22 18:46:51 ----D---- C:\WINDOWS\WinSxS

2009-09-22 18:30:40 ----RSD---- C:\WINDOWS\Fonts

2009-09-16 19:11:15 ----D---- C:\Program Files\Fichiers communs

2009-09-04 14:39:22 ----D---- C:\Documents and Settings\ALI\Application Data\Apple Computer

2009-09-03 17:10:12 ----D---- C:\Documents and Settings\ALI\Application Data\BitTorrent

2009-09-01 18:26:01 ----A---- C:\WINDOWS\CSTBox.INI

2009-09-01 18:24:04 ----D---- C:\Documents and Settings\ALI\Application Data\Canon

2009-08-28 19:13:20 ----D---- C:\Program Files\eMule

2009-08-27 20:13:50 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt

2009-08-25 16:31:00 ----SD---- C:\WINDOWS\Tasks

2009-08-25 16:30:45 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-08-25 14:03:42 ----D---- C:\WINDOWS\security

2009-08-25 13:25:52 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2009-08-25 13:23:42 ----D---- C:\Program Files\Mozilla Firefox

2009-08-25 09:02:46 ----D---- C:\WINDOWS\system32\CatRoot

2009-08-25 08:00:12 ----D---- C:\WINDOWS\Registration

2009-08-19 18:02:13 ----D---- C:\Documents and Settings

2009-08-19 07:22:43 ----A---- C:\WINDOWS\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-12-13 40320]

R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-06 12032]

R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]

R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\system32\DRIVERS\rob_a.sys [2003-02-10 17664]

R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568]

R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-02-04 28768]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-12-13 60800]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-12-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-17 14604]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-12-13 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-12-13 57600]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-12-13 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S3 a4s9b2v1;a4s9b2v1; C:\WINDOWS\system32\drivers\a4s9b2v1.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-08-01 8320]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-12-13 10880]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-12-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-12-13 15360]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]

S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-13 26496]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2009-02-04 151552]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-09-15 495616]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-19 32768]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-19 8704]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

Posté(e)

Hello alou

 

C'est bon ce coup la. :P

 

Je te vois en bas de page :P , je regarde cela de plus près et te dis quoi faire sous peu.

 

@ de suite.

Posté(e)

Re

 

On continu :P

  • Double clique sur OTM.exe (sur ton Bureau) afin de lancer l'outil.
  • Copie la liste qui se trouve en citation ci-dessous :

:services

a4s9b2v1

 

:reg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"uMOlFo"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25cf0c22-c2ef-11dd-a6e5-0007e962e558}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\DNA\btdna.exe"=-

"C:\Program Files\BitTorrent\bittorrent.exe"=-

"C:\WINDOWS\system32\xvs.exe"=-

 

:files

C:\WINDOWS\System32\amw.dll

C:\WINDOWS\system32\drivers\a4s9b2v1.sys

C:\WINDOWS\system32\xvs.exe

C:\Program Files\DNA

C:\Program Files\BitTorrent

C:\Program Files\eMule

C:\Documents and Settings\ALI\Application Data\BitTorrent

C:\Documents and Settings\ALI\Application Data\DNA

C:\Documents and Settings\ALI\Application Data\eMule

 

:commands

[emptytemp]

[reboot]

  • et colle-la dans le cadre de gauche de OTM : "Paste instructions for item to be moved".
  • Clique sur le bouton MoveIt!
  • Attends la fin du travail de l'outil puis ferme OTM.

Note: Un redémarrage du PC pourra être nécessaire, clique sur Oui/Yes quand cela te sera demandé.

 

--> Poste en réponse :

 

* Le rapport de OTM (contenu du fichier Lecteur\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure) [Lecteur représente la partition depuis laquelle OTM a été lancé, généralement C:]

 

* Un nouveau rapport RSIT.

 

Dis moi aussi ce que cela donne, y a t il un mieux ? Qu'en est il du problème initial ?

 

@ suivre.

Posté(e)

voici,

 

 

All processes killed

========== SERVICES/DRIVERS ==========

Service\Driver a4s9b2v1 not found.

Service\Driver a4s9b2v1 not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|”” /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\uMOlFo deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25cf0c22-c2ef-11dd-a6e5-0007e962e558}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25cf0c22-c2ef-11dd-a6e5-0007e962e558}\ not found.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe not found.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe not found.

Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\xvs.exe not found.

========== FILES ==========

DllUnregisterServer procedure not found in C:\WINDOWS\System32\amw.dll

C:\WINDOWS\System32\amw.dll NOT unregistered.

File move failed. C:\WINDOWS\System32\amw.dll scheduled to be moved on reboot.

File/Folder C:\WINDOWS\system32\drivers\a4s9b2v1.sys not found.

File/Folder C:\WINDOWS\system32\xvs.exe not found.

File/Folder C:\Program Files\DNA not found.

File/Folder C:\Program Files\BitTorrent not found.

File/Folder C:\Program Files\eMule not found.

File/Folder C:\Documents and Settings\ALI\Application Data\BitTorrent not found.

File/Folder C:\Documents and Settings\ALI\Application Data\DNA not found.

File/Folder C:\Documents and Settings\ALI\Application Data\eMule not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

 

User: ALI

->Temp folder emptied: 9038 bytes

->Temporary Internet Files folder emptied: 1094864 bytes

->Java cache emptied: 0 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.AUTORITE NT

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33237 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.AUTORITE NT

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_23c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 49152 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,16 mb

 

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09262009_122128

 

Files moved on Reboot...

DllUnregisterServer procedure not found in C:\WINDOWS\System32\amw.dll

C:\WINDOWS\System32\amw.dll NOT unregistered.

File move failed. C:\WINDOWS\System32\amw.dll scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_23c.dat not found!

 

Registry entries deleted on Reboot...

 

le rapport RSIT :

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by ALI at 2009-09-26 12:28:43

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 51 GB (67%) free of 76 GB

Total RAM: 510 MB (32% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:28:50, on 26/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\system32\IcoSauve.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\ALI\Bureau\RSIT.exe

C:\Documents and Settings\ALI\Bureau\ALI.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.28/uploader2.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: ””

O21 - SSODL: uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\System32\amw.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 8478 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\HPpromotions journeysoftware.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"NWEReboot"= []

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

"Cloneur Expert Monitor"=C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe [2009-02-04 437675]

"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2009-02-04 61440]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]

"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-09-15 917504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

 

C:\Documents and Settings\ALI\Menu Démarrer\Programmes\Démarrage

IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="””"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

uMOlFo - {2496A76E-8E3C-0DC4-A958-343C5BE15689} - C:\WINDOWS\System32\amw.dll [2006-12-13 32768]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SynchronousMachineGroupPolicy"=0

"SynchronousUserGroupPolicy"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoStrCmpLogical"=0

"LockTaskbar"=0

"NoResolveTrack"=0

"NoResolveSearch"=0

"NoRun"=0

"NoFind"=0

"NoSMMyPictures"=0

"NoStartMenuMFUprogramsList"=0

"NoUserNameInStartMenu"=0

"NoStartMenuMorePrograms"=0

"MaxRecentDocs"=15

"NoInstrumentation"=0

"MemCheckBoxInRunDlg"=1

"NoSMBalloonTip"=0

"NoActiveDesktopChanges"=0

"NoSetActiveDesktop"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoSimpleStartMenu"=

"NoSetActiveDesktop"=

"NoActiveDesktopChanges"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\GT2002\gpstrack.exe"="C:\Program Files\GT2002\gpstrack.exe:*:Enabled:Gpstrack"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Documents and Settings\ALI\Local Settings\Temp\IXP001.TMP\garmin.exe"="C:\Documents and Settings\ALI\Local Settings\Temp\IXP001.TMP\garmin.exe:*:Enabled:Windows Messanger"

"C:\Documents and Settings\ALI\Local Settings\Temp\IXP000.TMP\garmin.exe"="C:\Documents and Settings\ALI\Local Settings\Temp\IXP000.TMP\garmin.exe:*:Enabled:Windows Messanger"

"C:\Documents and Settings\ALI\ddmgtf.exe"="C:\Documents and Settings\ALI\ddmgtf.exe:*:Enabled:ENABLE"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 3 months======

 

2009-09-25 09:38:41 ----D---- C:\rsit

2009-09-25 09:34:23 ----D---- C:\_OTM

2009-09-24 17:35:12 ----D---- C:\Program Files\Panda Security

2009-09-22 20:39:52 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-22 18:33:36 ----D---- C:\WINDOWS\system32\DirectX

2009-09-22 18:33:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-09-22 18:33:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-09-16 19:11:15 ----D---- C:\Program Files\Fichiers communs\Windows Live

2009-09-15 06:45:02 ----A---- C:\WINDOWS\system32\imon.dll

2009-09-11 08:07:09 ----D---- C:\Program Files\IKEA HomePlanner

2009-09-11 08:06:36 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-08-25 16:31:23 ----D---- C:\Program Files\iPod

2009-08-25 16:31:20 ----D---- C:\Program Files\iTunes

2009-08-25 16:30:55 ----D---- C:\Program Files\Apple Software Update

2009-08-25 16:30:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

2009-08-25 16:30:22 ----D---- C:\Program Files\Fichiers communs\Apple

2009-08-25 13:33:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-25 13:30:34 ----SHD---- C:\WINDOWS\CSC

2009-08-25 11:47:41 ----A---- C:\Documents and Settings\ALI\Application Data\install.txt

2009-08-25 09:01:44 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-25 08:34:12 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-24 18:56:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!

2009-08-19 07:21:41 ----D---- C:\Program Files\MSSOAP

2009-08-19 07:20:29 ----D---- C:\Program Files\Webroot

 

======List of files/folders modified in the last 3 months======

 

2009-09-26 12:26:38 ----D---- C:\WINDOWS\system32\inetsrv

2009-09-26 12:23:50 ----D---- C:\WINDOWS\system32\NtmsData

2009-09-26 12:21:34 ----D---- C:\WINDOWS\Temp

2009-09-26 12:01:33 ----RD---- C:\Program Files

2009-09-26 08:57:10 ----A---- C:\WINDOWS\winamp.ini

2009-09-26 08:00:01 ----D---- C:\WINDOWS\Prefetch

2009-09-25 11:24:10 ----D---- C:\WINDOWS

2009-09-25 09:35:54 ----D---- C:\WINDOWS\system32

2009-09-24 17:35:21 ----D---- C:\WINDOWS\system32\drivers

2009-09-24 17:35:12 ----HD---- C:\WINDOWS\inf

2009-09-24 17:34:52 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-09-23 07:37:05 ----D---- C:\WINDOWS\Debug

2009-09-22 20:39:22 ----D---- C:\WINDOWS\Minidump

2009-09-22 20:34:36 ----D---- C:\Program Files\Eset

2009-09-22 20:34:36 ----D---- C:\Config.Msi

2009-09-22 18:50:57 ----SHD---- C:\WINDOWS\Installer

2009-09-22 18:50:57 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2009-09-22 18:50:57 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-09-22 18:48:32 ----RSD---- C:\WINDOWS\assembly

2009-09-22 18:46:51 ----D---- C:\WINDOWS\WinSxS

2009-09-22 18:30:40 ----RSD---- C:\WINDOWS\Fonts

2009-09-16 19:11:15 ----D---- C:\Program Files\Fichiers communs

2009-09-04 14:39:22 ----D---- C:\Documents and Settings\ALI\Application Data\Apple Computer

2009-09-01 18:26:01 ----A---- C:\WINDOWS\CSTBox.INI

2009-09-01 18:24:04 ----D---- C:\Documents and Settings\ALI\Application Data\Canon

2009-08-27 20:13:50 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt

2009-08-25 16:31:00 ----SD---- C:\WINDOWS\Tasks

2009-08-25 16:30:45 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-08-25 14:03:42 ----D---- C:\WINDOWS\security

2009-08-25 13:25:52 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2009-08-25 13:23:42 ----D---- C:\Program Files\Mozilla Firefox

2009-08-25 09:02:46 ----D---- C:\WINDOWS\system32\CatRoot

2009-08-25 08:00:12 ----D---- C:\WINDOWS\Registration

2009-08-19 18:02:13 ----D---- C:\Documents and Settings

2009-08-19 07:22:43 ----A---- C:\WINDOWS\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-12-13 40320]

R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-06 12032]

R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]

R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\system32\DRIVERS\rob_a.sys [2003-02-10 17664]

R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568]

R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-02-04 28768]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-12-13 60800]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-12-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-17 14604]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-12-13 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-12-13 57600]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-12-13 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S3 a5mm1fss;a5mm1fss; C:\WINDOWS\system32\drivers\a5mm1fss.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-08-01 8320]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-12-13 10880]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-12-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-12-13 15360]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-12-13 26496]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2009-02-04 151552]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-09-15 495616]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-19 32768]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-19 8704]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...