iexplorer bug et jump Fermé

Question

Bonjour,
apres avoir essayer plusieur chose, dont les programmes, conseiller sur les forums, jai toujours le meme probleme depuis une semaine 
1- Ordi es lent a s'executer 
2- ma page de demarage a changer 
3- win uptade dans iexplorer jump sur ma page de demarage en gardant l'adresse de win update 
4- Lors d'une recherche si je clic sur un liens, la page demander jump deux a trois fois 
5- Si je me rend par mes propre moyen sur le site de win update, je ne peux faire de mise a jours les page fonctionne pas 
bref sale probleme 
je joint mon log de Hijackthis: 
merci a vous tous John 


Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 20:42:54, on 20/01/2009 
Platform: Windows XP SP3 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\system32\brsvc01a.exe 
C:\WINDOWS\system32\brss01a.exe 
C:\WINDOWS\Explorer.EXE 
C:\Program Files\Trend Micro\BM\TMBMSRV.exe 
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe 
C:\Program Files\Java\jre6\bin\jqs.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe 
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe 
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard	marsvc.exe 
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe 
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe 
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe 
C:\WINDOWS\system32\wbem\wmiapsrv.exe 
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe 
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
C:\Program Files\Windows Live\Contacts\wlcomm.exe 
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
C:\WINDOWS\system32undll32.exe 
C:\WINDOWS\system32\spoolsv.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\Program Files\Windows Live\Toolbar\wltuser.exe 
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl 
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll 
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT 
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" 
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe 
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL 
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) 
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) 
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab 
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/ 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll 
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe 
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard	marsvc.exe 
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe 
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe 
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe 
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe 
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe 

End of file - 7558 bytes

V-X · Answer

Salut,

&#x25B6 Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

&#x25B6 Mets le à jour

&#x25B6 Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

&#x25B6 Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

&#x25B6 clique sur Rechercher

&#x25B6 Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

&#x25B6 Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

&#x25B6 Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

&#x25B6 Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune. 


Tutoriel pour MalwareByte's

john · Answer

merci j'essaie toute suite

john · Answer

voici le rapport la plus part des probleme sont corrigé reste le windows update qui lui es toujours defaillant meme sur internet PAGE INTROUVEBLA 
Merci Bc

 Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1673
Windows 5.1.2600 Service Pack 3

20/01/2009 22:18:28
mbam-log-2009-01-20 (22-18-21).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 106873
Temps écoulé: 29 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJDUnlJ.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBtusqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qnuhgm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c00EB04E.dat (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{163dcf1a-6648-4475-bd42-e8e54dd83c9c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{163dcf1a-6648-4475-bd42-e8e54dd83c9c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtusqo (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{759a6804-ab3f-429f-b72a-700a79639081} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{759a6804-ab3f-429f-b72a-700a79639081} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{163dcf1a-6648-4475-bd42-e8e54dd83c9c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{759a6804-ab3f-429f-b72a-700a79639081} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00eb04e (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdunlj -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjdunlj  -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJDUnlJ.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\JlnUDJjl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\JlnUDJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geBtusqO.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qnuhgm.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fctgsmfw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wfmsgtcf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32
bsyoayy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yyaoysbn.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Windows Live\Messengeriched20.dll (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32
jhfvbhw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32jfeuuqa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gaopdxxoykyorn.dll (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32	eojmr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ycugihuf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qqrhvd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\__c00EB04E.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\catsrvu.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\__c00880D1.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c00ADE24.exe (Trojan.Vundo) -> No action taken.

V-X · Answer

Re,

&#x25B6 Ouvre Malwarebyte,

&#x25B6 Clic sur l'onglet Quarantaine,

&#x25B6 Supprime tout ce que la quarantaine contient,

&#x25B6 Si il te propose de redémarrer ton PC =>Accepte

&#x25B6 Si il ne te le propose pas =>Redémarre normalement ton PC

&#x25B6 Poste le rapport suite à la suppression sur le forum.

Refait un log hijackthis.

john · Answer

apres avoir redemarrer j'ai eu une blue screen de windows et le pc a redemarrer normal 
au premier a bord clic sur windows update la page ne peux s'affiché 
deuxieme clic il me ramene a ma page de demagarage 
ma page de demarrage etant google l'option fr ne veux pas s'enregistrer dans mes cookie 
et lorsque que je clic sur update il m'amene a ma page de goolge mais en francais

V-X · Answer

&#x25B6 Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

&#x25B6 Double clique sur RSIT.exe pour lancer l'outil.

&#x25B6 Clique sur ' continue ' à l'écran Disclaimer.

&#x25B6 Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

&#x25B6 Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

john · Answer

merci je retourne au travail

john · Answer

voici le resultat

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-20 22:49:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 68 GB (85%) free of 80 GB
Total RAM: 1014 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:00, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard	marsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {375CEBC4-6F48-4877-B878-B010DBAEB239} - (no file)
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8B2EE422-15C4-4858-BA31-5F3F5522EEE2} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard	marsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

john · Answer

et le deuxieme

info.txt logfile of random's system information tool 1.05 2009-01-20 22:50:02

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Concord EyeQ Duo LCD Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E7B6F75-F7C1-46D6-B3C1-91D87587B014}\Setup.exe" -l0x9 
Concord EyeQ Duo LCD Memory Browser TWAIN Driver V1.00-->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\coachMB.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDFab Platinum 2.9.6.5-->"C:\Program Files\DVDFab Platinum\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c 
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) Network Connections 13.0.44.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update-->MsiExec.exe /I{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite-->MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Package de pilotes Windows - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0409
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Safecracker-->C:\Program Files\The Adventure Company\Safecracker\Uninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Securityemove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Virtual Earth 3D (Bêta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Nokia Modem  (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687
okbtmdm.inf
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Contrôle parental-->MsiExec.exe /X{EB8BAA0D-11EF-4EDC-A960-2AB7CA8F53F0}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1  localhost 

======Security center information======

AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

System event log

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 1621
Source Name: Service Control Manager
Time Written: 20080825165420.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 1620
Source Name: Service Control Manager
Time Written: 20080825165414.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 1619
Source Name: Service Control Manager
Time Written: 20080825165414.000000-240
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 1618
Source Name: Service Control Manager
Time Written: 20080825162250.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 1617
Source Name: Service Control Manager
Time Written: 20080825162244.000000-240
Event Type: Informations
User: 

Application event log

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (5000) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\johnboss2004@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21435
Source Name: ESENT
Time Written: 20090103070000.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 701
Message: msnmsgr (736) La défragmentation en ligne a terminé un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\genevieve-73@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21434
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 701
Message: msnmsgr (1416) La défragmentation en ligne a terminé un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\s.uzzie@hotmail.fr\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21433
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (736) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\genevieve-73@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21432
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (1416) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\s.uzzie@hotmail.fr\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21431
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

john · Answer

et le deuxieme

info.txt logfile of random's system information tool 1.05 2009-01-20 22:50:02

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Concord EyeQ Duo LCD Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E7B6F75-F7C1-46D6-B3C1-91D87587B014}\Setup.exe" -l0x9 
Concord EyeQ Duo LCD Memory Browser TWAIN Driver V1.00-->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\coachMB.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDFab Platinum 2.9.6.5-->"C:\Program Files\DVDFab Platinum\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c 
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) Network Connections 13.0.44.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update-->MsiExec.exe /I{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite-->MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Package de pilotes Windows - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0409
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Safecracker-->C:\Program Files\The Adventure Company\Safecracker\Uninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Securityemove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Virtual Earth 3D (Bêta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Nokia Modem  (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687
okbtmdm.inf
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Contrôle parental-->MsiExec.exe /X{EB8BAA0D-11EF-4EDC-A960-2AB7CA8F53F0}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1  localhost 

======Security center information======

AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

System event log

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 1621
Source Name: Service Control Manager
Time Written: 20080825165420.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 1620
Source Name: Service Control Manager
Time Written: 20080825165414.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 1619
Source Name: Service Control Manager
Time Written: 20080825165414.000000-240
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 1618
Source Name: Service Control Manager
Time Written: 20080825162250.000000-240
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 1617
Source Name: Service Control Manager
Time Written: 20080825162244.000000-240
Event Type: Informations
User: 

Application event log

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (5000) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\johnboss2004@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21435
Source Name: ESENT
Time Written: 20090103070000.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 701
Message: msnmsgr (736) La défragmentation en ligne a terminé un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\genevieve-73@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21434
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 701
Message: msnmsgr (1416) La défragmentation en ligne a terminé un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\s.uzzie@hotmail.fr\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21433
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (736) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\genevieve-73@hotmail.com\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21432
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

Computer Name: COMMISSI-CB7CAC
Event Code: 700
Message: msnmsgr (1416) La défragmentation en ligne commence un passage complet dans la base de données '\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\s.uzzie@hotmail.fr\SharingMetadata\Working\database_B610_849_1008_12D3\dfsr.db'.

Record Number: 21431
Source Name: ESENT
Time Written: 20090103060001.000000-300
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

V-X · Answer

Re,

Tu as bien supprimer la quarantaine de malwarebyte ?

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : 

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp 

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

john · Answer

oui suprimer et redemarrer manuelement apres
c suite au redemarrage que jai eu mon blue screen

V-X · Answer

Re,

Passe combo et suit bien les recommandations.

john · Answer

la console de récupération est crée je me lance pour le combos
je revien dans pas long
merci

john · Answer

desole du retard jai perdu ma connection internet
voila ce que tu m'as demander le combofix

"Administrateur" - 2009-01-20 23:21:26 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrateur\Bureau\"

((((((((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))))))

2009-01-20 23:08 <REP> dr-hs---- C:\cmdcons
2009-01-20 23:08 <REP> d-------- C:\WINDOWS\setup.pss
2009-01-20 22:49 <REP> d-------- C:\rsit
2009-01-20 21:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
2009-01-20 21:45 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-01-20 21:45 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-01-20 21:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-20 21:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-01-20 16:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
2009-01-19 22:42 <REP> d-------- C:\WINDOWS\%DownloadedProgramFiles%
2009-01-19 22:40 <REP> d-------- C:\WINDOWS\system32\crack
2009-01-19 20:06 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2009-01-19 20:06 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2009-01-19 20:06 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2009-01-19 20:06 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2009-01-19 20:06 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2009-01-19 20:06 <REP> d-------- C:\WINDOWS\kdefense
2009-01-19 20:03 <REP> d-------- C:\WINDOWS\LocalSSL
2009-01-19 20:02 50,192 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-19 20:02 144,912 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-19 20:00 <REP> d-------- C:\Program Files\Trend Micro
2009-01-19 13:12 5,777 --a------ C:\WINDOWS\system32\wfoswjod.dll
2009-01-19 10:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Live Writer
2009-01-18 22:31 <REP> d-------- C:\Documents and Settings\ADMINI~1\.housecall6.6
2009-01-18 22:31 <REP> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2009-01-18 17:22 16,384 --a------ C:\WINDOWS\DCEBoot.exe
2009-01-18 15:50 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2009-01-18 15:40 <REP> d-------- C:\WINDOWS\CSC
2009-01-18 15:34 3,526 --a------ C:\WINDOWS\system32\tmp.reg
2009-01-18 15:33 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2009-01-18 15:33 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2009-01-18 15:33 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2009-01-18 15:33 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2009-01-18 15:33 80,384 --a------ C:\WINDOWS\system32\o4Patch.exe
2009-01-18 15:33 78,336 --a------ C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-01-18 15:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2009-01-18 15:33 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2009-01-18 15:33 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2009-01-18 15:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2009-01-18 15:33 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2009-01-18 14:57 <REP> d-------- C:\Program Files\Navilog1
2009-01-18 13:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-01-17 18:26 <REP> d-------- C:\Program Files\Druide
2009-01-17 15:26 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Druide
2009-01-15 10:38 80,400 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-15 10:38 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-15 10:38 334,352 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-15 10:38 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-15 10:38 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-15 04:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-01-15 02:55 103,936 --a------ C:\WINDOWS\system32\uedxvobp.dll
2009-01-15 02:55 103,936 --a------ C:\WINDOWS\system32\ftnpax.dll
2009-01-14 10:41 <REP> d-------- C:\Program Files\Virtual Earth 3D
2009-01-06 12:47 <REP> d-------- C:\Program Files\Microsoft Silverlight
2009-01-06 12:46 55,136 --a------ C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
2009-01-06 12:46 <REP> d-------- C:\Program Files\Microsoft Sync Framework
2009-01-06 12:43 <REP> d-------- C:\Program Files\Windows Live SkyDrive
2009-01-06 12:35 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2009-01-05 17:25 <REP> d-------- C:\MappedFiles
2009-01-01 22:18 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2009-01-01 22:11 <REP> d-------- C:\WINDOWS\pss
2008-12-27 15:16 <REP> d-------- C:\ConvertTemp
2008-12-27 14:50 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
2008-12-27 14:46 87,936 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-12-27 14:46 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-12-27 14:46 14,976 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-12-27 14:46 12,160 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-12-27 14:46 12,160 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-12-27 14:46 12,160 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-12-27 14:46 12,160 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-12-27 14:46 114,304 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-12-27 14:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-12-27 14:45 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-12-27 14:45 <REP> d-------- C:\Program Files\Samsung
2008-12-21 01:41 <REP> d-------- C:\DOCUME~1\INVIT~1\APPLIC~1\PC Suite
2008-12-21 01:40 1,048,576 --ah----- C:\DOCUME~1\INVIT~1\NTUSER.DAT
2008-12-21 01:40 <REP> dr------- C:\DOCUME~1\INVIT~1\Mes documents
2008-12-21 01:40 <REP> dr------- C:\DOCUME~1\INVIT~1\Menu D‚marrer
2008-12-21 01:40 <REP> dr------- C:\DOCUME~1\INVIT~1\Favoris
2008-12-21 01:40 <REP> d--h----- C:\DOCUME~1\INVIT~1\Voisinage r‚seau
2008-12-21 01:40 <REP> d--h----- C:\DOCUME~1\INVIT~1\Voisinage d'impression
2008-12-21 01:40 <REP> d--h----- C:\DOCUME~1\INVIT~1\ModŠles
2008-12-21 01:40 <REP> d-------- C:\DOCUME~1\INVIT~1\Bureau

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-21 01:00:16 -------- d-----w C:\Program Files\Brother
2009-01-21 01:00:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-21 01:00:14 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2009-01-21 01:00:14 -------- d-----w C:\Program Files\Common Files
2009-01-21 00:58:57 71,596 ----a-w C:\WINDOWS\system32\perfc00C.dat
2009-01-21 00:58:57 458,562 ----a-w C:\WINDOWS\system32\perfh00C.dat
2009-01-20 21:11:30 -------- d-----w C:\Program Files\Messenger Plus! Live
2009-01-15 16:36:36 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2009-01-15 15:38:16 49,680 ----a-w C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-15 07:49:12 -------- d-----w C:\Program Files\LimeWire
2009-01-06 18:52:50 -------- d-----w C:\Program Files\Windows Live
2009-01-01 21:38:36 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2008-12-28 19:15:43 -------- d-----w C:\Program Files\Motorola Phone Tools
2008-12-27 19:46:30 -------- d-----w C:\Program Files\DIFX
2008-12-20 20:03:33 -------- d-----w C:\Program Files\DivX
2008-12-20 08:01:53 -------- d-----w C:\Program Files\Fichiers communs\Motorola Shared
2008-12-16 00:57:24 -------- d-----w C:\Program Files\Motorola
2008-12-15 01:33:31 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2008-12-14 19:34:50 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-12-05 05:11:14 308,584 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-12-04 20:49:35 -------- d-----r C:\DOCUME~1\ADMINI~1\APPLIC~1\Brother
2008-12-03 03:37:20 49,480 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-11-28 22:27:03 -------- d-----w C:\Program Files\MSECache
2008-11-23 05:00:04 -------- d-----w C:\Program Files\PokerStars.NET
2008-11-23 01:18:51 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\DataLayer
2008-11-21 21:47:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-11-21 21:47:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 21:46:10 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-11-21 21:46:10 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-11-21 21:45:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-11-21 21:45:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-11-21 21:45:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 21:45:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-11-21 21:45:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 21:45:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-11-21 21:45:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-11-21 21:45:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-11-21 21:45:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 21:45:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 21:45:08 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 21:45:08 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 21:45:06 684,032 ----a-w C:\WINDOWS\system32\DivX.dll
2008-11-21 21:44:38 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44:16 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{43C6D902-A1C5-45c9-91F6-FD9E90337E18}=C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2008-08-13 05:22]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 14:34]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 13:47]
{DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 14:34]
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}=C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 17:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 16:11]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-15 10:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-15 10:38]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-08-11 22:51]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=C:\WINDOWS\pss\Outil de notification Live Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"brmfrmps"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent

Contents of the 'Scheduled Tasks' folder
2009-01-21 04:00:00 C:\WINDOWS\tasks\youockmt.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 23:22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxskrlmxxs.sys"

Completion time: 2009-01-20 23:23:42

--- E O F ---

john · Answer

Je dirais qu'il y a qque chose qui bloque ma connection internet car je peux meme pas aller mettre mon antivirus a jour. Il me demande de verifier ma connection internet.

V-X · Answer

Re,

ICI=>>https://www.pcastuces.com/newsletter/adj/1943.htm

Et fait ceci également:

Télécharge se petit soft , ZEB_RESTORE :

ici http://telechargement.zebulon.fr/zeb-restore.html
ou https://forum.zebulon.fr/index.php?act=attach&type=blogentry&id=1153

Enregistre ce fichier sur ton bureau.

-Clique droit Zeb-Restore.zip ==> "Extraire tout" choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clique sur Zeb-Restore.exe
---> Coche les cases devant ( et uniquement celles-ci ! ) :

* regedit : rétablis l'editeur de registre
* clés run : réactive les valeurs bloquant l'utilisation de celles-ci
* Bouton Arrêter : rétablit le bouton Arrêter
* Windows Update : rétablit la fonction Windows Update
* Gestionnaire des tâches : réactive le gestionnaire des tâches
* Panneau de configuration : réactive le Panneau de configuration
* Ajout/Suppression de programmes : restaure la fonction Ajout-Suppression de programmes
* Policies : remet en place des éléments désactivés par "Policies"
* Bureau : réactive le bureau
* Réparation IE : répare Internet Exploreur (pages de recherche)
* Extension des fichiers : répare les extensions des fichiers .exe .bat .reg .pif .cmd .scr .com
* Sites de confiance et sensibles : efface le contenu de ces zones (à utiliser si vous êtes infecté par des malwares)
* Préfixes et Protocoles Internet : restore les clés des protocoles Internet (ZoneMap etc.)
* Réinitialiser Fichier Hosts : réinitialise le fichier Hosts
* restauration du système : répare l'option "restauration du système" ...

-Clique sur : " Restaurer " et laisse faire ....

--> Une fois finit, redémarre ton PC .

==>>Refait un scan rapide en mode sans échec avec malwarebyte.

Iexplorer bug et jump

17 réponses

Discussions similaires