J'ai fai ce que tu ma dit et jai eu c 2 rapports
RAPPORT 01
Logfile of random's system information tool 1.05 (written by random/random)
Run by ali at 2009-03-21 21:05:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 140 MB (1%) free of 20 GB
Total RAM: 383 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:33, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Windows\System32\bycool1\windo.exe
C:\Windows\System32\bycool\winacces.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ali\Mes documents\Downloads\Compressed\WLM.Lite.8.5.r7\WLM Lite 8.5.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ali\Mes documents\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ali.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [EPSON Stylus C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S12E.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [DRIVESYS1] C:\Windows\System32\bycool1\windo.exe
O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20" -"http://www.habbo.fr/client?wide=false"
O4 - HKLM\..\Policies\Explorer\Run: [UNICORNI-C74DB5] .vbe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O17 - HKLM\System\CCS\Services\Tcpip\..\{44A44BD1-F93B-4E4C-9144-9B324812F3A6}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
End of file - 6276 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-01-22 161200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-23 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-23 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-23 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-10 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-03-10 270336]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"EPSON Stylus C79 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE [2006-02-23 131072]
"DRIVESYS1"=C:\Windows\System32\bycool1\windo.exe [2008-08-13 1393777]
"DRIVESYS"=C:\Windows\System32\bycool\winacces.exe [2008-08-13 1133622]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 160768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"UNICORNI-C74DB5"=C:\WINDOWS\system32\.vbe [2009-02-24 10000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-01-23 2745776]
"kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-10-30 105096]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-03-18 110053]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE [2008-11-24 460216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Globe7]
C:\Program Files\Globe7\Globe7.exe [2008-05-13 763168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-06 190024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-23 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoxOx]
C:\Program Files\VoxOx\voxox.exe [2009-02-28 5087232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wizzl]
C:\Program Files\Wizzl\Wizzl.exe [2007-01-08 6154240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ali^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ali^Menu Démarrer^Programmes^Démarrage^Messenger-PRO 3.lnk]
C:\PROGRA~1\CLICKA~1\MESSEN~1.EXE [2005-08-26 1179733]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="MsgPlusLoader.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec5a2af-08e3-11de-b6e8-00e020a0134f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - G:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e5ea56e-1154-11de-b6f1-00e020a0134f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
shell\Ouvrir\command - G:\log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549c0933-df4b-11dd-b6bf-00e020a0134f}]
shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd3417c-e2f7-11dd-b6c0-000000000000}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b67fb434-e96d-11dd-b6c3-00e020a0134f}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc48ad8a-df31-11dd-87a8-806d6172696f}]
shell\AutoRun\command - C:\xih9.cmd
shell\explore\command - C:\xih9.cmd
shell\open\command - C:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc48ad8b-df31-11dd-87a8-806d6172696f}]
shell\AutoRun\command - D:\xih9.cmd
shell\explore\command - D:\xih9.cmd
shell\open\command - D:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f373f8-fdf3-11dd-b6d6-00e020a0134f}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff9d0cc3-f86f-11dd-b6d5-00e020a0134f}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff9d0cc4-f86f-11dd-b6d5-000000000000}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs
======List of files/folders created in the last 1 months======
2009-03-21 21:03:14 ----D---- C:\rsit
2009-03-21 21:03:14 ----D---- C:\Program Files\trend micro
2009-03-21 09:24:44 ----D---- C:\Documents and Settings\ali\Application Data\fltk.org
2009-03-21 09:02:58 ----A---- C:\WINDOWS\zlib1.dll
2009-03-21 09:02:54 ----A---- C:\WINDOWS\system32\zlib1.dll
2009-03-20 12:49:19 ----D---- C:\Documents and Settings\ali\Application Data\Hamachi
2009-03-20 12:48:49 ----D---- C:\WINDOWS\LastGood
2009-03-20 12:48:28 ----D---- C:\Program Files\Hamachi
2009-03-18 20:58:02 ----RSH---- C:\q0dhfjf.exe
2009-03-18 20:52:02 ----RSH---- C:\xih9.cmd
2009-03-18 20:52:02 ----RSH---- C:\uxkl0apt.bat
2009-03-18 20:48:50 ----SHD---- C:\FOUND.000
2009-03-18 11:25:19 ----D---- C:\Program Files\TeraCopy
2009-03-18 10:24:52 ----D---- C:\Program Files\Vahab Shalchian
2009-03-18 10:22:31 ----D---- C:\Program Files\Fichiers communs\Nero
2009-03-18 10:22:31 ----D---- C:\Documents and Settings\ali\Application Data\Nero
2009-03-18 10:22:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2009-03-18 10:12:42 ----A---- C:\WINDOWS\Nero Lite 9.2.6.0 Uninstall Log.txt
2009-03-18 10:00:15 ----D---- C:\Program Files\Nero
2009-03-18 09:59:24 ----A---- C:\WINDOWS\Nero Lite 9.2.6.0 Setup Log.txt
2009-03-12 00:13:15 ----D---- C:\Documents and Settings\ali\Application Data\VoxOx
2009-03-12 00:09:34 ----D---- C:\Program Files\VoxOx
2009-03-06 21:39:41 ----A---- C:\WINDOWS\system32\MsgPlusLoader.dll
2009-03-06 09:10:52 ----D---- C:\Documents and Settings\ali\Application Data\Messenger_for_Skype
2009-03-06 09:07:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2009-03-06 09:03:12 ----D---- C:\Program Files\Microsoft Windows Script
2009-03-06 09:01:26 ----D---- C:\Program Files\MessengerPlus! 3
2009-03-05 15:40:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\18189
2009-03-05 10:34:07 ----D---- C:\Program Files\adslTV
2009-03-05 09:22:36 ----D---- C:\Program Files\Windows Live
2009-03-04 18:40:40 ----SHD---- C:\WINDOWS\system32\f
2009-03-04 18:40:40 ----SHD---- C:\WINDOWS\system32\bycool
2009-03-04 18:40:38 ----SHD---- C:\WINDOWS\system32\bycool1
2009-03-03 21:12:01 ----D---- C:\Program Files\XP Codec Pack
2009-03-03 14:56:36 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-03-03 14:56:13 ----HD---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-02 14:06:28 ----D---- C:\Program Files\MSN Messenger
2009-03-02 06:57:34 ----D---- C:\Program Files\CCleaner
2009-02-27 13:38:45 ----D---- C:\WINDOWS\G2Runner
2009-02-25 20:16:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-25 17:53:04 ----RSH---- C:\qxty9be.cmd
2009-02-25 12:51:41 ----D---- C:\Program Files\Eidos Interactive
2009-02-24 21:47:45 ----D---- C:\Program Files\BurstCopy
2009-02-24 21:47:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\BurstCopy Labs
2009-02-24 21:39:46 ----D---- C:\Documents and Settings\ali\Application Data\TeraCopy
2009-02-22 13:42:40 ----D---- C:\WINDOWS\RegisteredPackages
======List of files/folders modified in the last 1 months======
2009-03-21 20:23:46 ----A---- C:\temp.txt
2009-03-21 18:10:50 ----SH---- C:\boot.ini
2009-03-21 18:10:50 ----A---- C:\WINDOWS\win.ini
2009-03-21 18:10:50 ----A---- C:\WINDOWS\system.ini
2009-03-18 20:57:36 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll
2009-03-18 20:57:34 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
2009-03-18 20:51:36 ----RSH---- C:\WINDOWS\system32\ckvo0.dll
2009-03-18 20:51:36 ----N---- C:\WINDOWS\system32\nmdfgds0.dll
2009-03-10 14:59:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-02 13:54:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-20 25280]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\slnt.sys [2003-11-20 18004]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-09 10197120]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-01-31 13824]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ali\LOCALS~1\Temp\mc22F8.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-23 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
RAPPORT 02
info.txt logfile of random's system information tool 1.05 2009-03-21 21:05:38
======Uninstall list======
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\Program Files\BearShare Applications\BearShare\UnwiseLauncher.exe /A C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Gangsters 2-->"C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters 2\Autorun.exe" /Uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Naruto Shippuden Mugen-->"C:\WINDOWS\Naruto Shippuden Mugen\uninstall.exe" "/U:C:\Program Files\Naruto Shippuden Mugen\Uninstall\uninstall.xml"
Nero Lite 9.2.6.0 Build.2.2-->"C:\Program Files\Nero\Uninstall\uninstall.exe" "/U:C:\Program Files\Nero\Uninstall\uninstall.xml"
Rapidshare Auto Downloader-->MsiExec.exe /I{18537D97-CC48-4263-B167-E86C467A4A03}
San Andreas Mod Installer-->"C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
StuffPlug-NG (Messenger Plus! Plugins)-->C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoxOx-->C:\Program Files\VoxOx\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinDS PRO-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\WinDS PRO\windsprox.exe" "/U:C:\Documents and Settings\All Users.WINDOWS\Application Data\WinDS PRO\windsprox.xml"
WinDS PRO-->"C:\Program Files\WinDS PRO\uninstall.exe" "/U:C:\Program Files\WinDS PRO\Uninstall\uninstall.xml"
Wizzl v0.151 Beta-->MsiExec.exe /I{0CD73FB5-D018-4FC9-BB0A-0ED90A6E9D82}
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
System event log
Computer Name: UNICORNI-C74DB5
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 3014
Source Name: Tcpip
Time Written: 20090221144408.000000+060
Event Type: Avertissement
User:
Computer Name: UNICORNI-C74DB5
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 3013
Source Name: Tcpip
Time Written: 20090221134740.000000+060
Event Type: Avertissement
User:
Computer Name: UNICORNI-C74DB5
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 3012
Source Name: Tcpip
Time Written: 20090221131550.000000+060
Event Type: Avertissement
User:
Computer Name: UNICORNI-C74DB5
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 3011
Source Name: Tcpip
Time Written: 20090221125204.000000+060
Event Type: Avertissement
User:
Computer Name: UNICORNI-C74DB5
Event Code: 1007
Message: Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 00E020A0134F. L'adresse IP utilisée est 169.254.61.63.
Record Number: 3010
Source Name: Dhcp
Time Written: 20090221123237.000000+060
Event Type: Avertissement
User:
Application event log
Computer Name: UNICORNI-C74DB5
Event Code: 102
Message: wuaueng.dll (3476) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 5
Source Name: ESENT
Time Written: 20090208094456.000000+060
Event Type: Informations
User:
Computer Name: UNICORNI-C74DB5
Event Code: 100
Message: wuauclt (3476) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 4
Source Name: ESENT
Time Written: 20090208094456.000000+060
Event Type: Informations
User:
Computer Name: UNICORNI-C74DB5
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 3
Source Name: SecurityCenter
Time Written: 20090208094419.000000+060
Event Type: Informations
User:
Computer Name: UNICORNI-C74DB5
Event Code: 1001
Message: Vérification du système de fichiers sur D:
Le type du système de fichiers est FAT32.
L'intégrité de l'un de vos disques doit être vérifiée.
Vous pouvez annuler cette vérification, mais son exécution est
fortement recommandée.
Windows va maintenant vérifier le disque.
Le numéro de série du volume est 14A9-8197
Windows a vérifié le système de fichiers sans trouver de problème.
19067824 Ko d'espace disque au total.
1424 Ko dans 68 fichiers cachés.
2640 Ko dans 162 dossiers.
12188544 Ko dans 4061 fichiers.
1600 Ko dans des secteurs défectueux.
6873600 Ko sont disponibles.
16384 octets dans chaque unité d'allocation.
1191739 unités d'allocation au total sur le disque.
429600 unités d'allocation disponibles sur le disque.
Record Number: 2
Source Name: Winlogon
Time Written: 20090208094353.000000+060
Event Type: Informations
User:
Computer Name: UNICORNI-C74DB5
Event Code: 1001
Message: Vérification du système de fichiers sur C:
Le type du système de fichiers est FAT32.
L'intégrité de l'un de vos disques doit être vérifiée.
Vous pouvez annuler cette vérification, mais son exécution est
fortement recommandée.
Windows va maintenant vérifier le disque.
Le numéro de série du volume est 30A0-8F08
19991104 Ko d'espace disque au total.
1019680 Ko dans 489 fichiers cachés.
52928 Ko dans 3233 dossiers.
17134016 Ko dans 28879 fichiers.
1784464 Ko sont disponibles.
16384 octets dans chaque unité d'allocation.
1249444 unités d'allocation au total sur le disque.
111529 unités d'allocation disponibles sur le disque.
Record Number: 1
Source Name: Winlogon
Time Written: 20090208094353.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Code d'erreur 8000401a messenger
