Torjans => ecran bleu

Résolu/Fermé
H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   -  
 gen-hackman -
Bonjour,
est ce que l'existance des torjans particulièrement et des virus généralement peut provoquer des ecrans bleus de plantage windows? merci d'avance

--
;-)
Configuration: Windows XP
Internet Explorer 8.0

55 réponses

  • 1
  • 2
  • 3
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Peut être .

    Bonsoir,

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Ensuite :

    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Renomme Hijackthis en Tutu

    Double-clique sur HJTInstall.exe (tutu) pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      voici mon rapport qu'est ce que tu en penses :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:32:12, on 05/04/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
      C:\Program Files\LG Electronics\Modem USB LG Electronics\IEUM.exe
      C:\Program Files\AVG\AVG8\avgui.exe
      C:\Program Files\AVG\AVG8\avgscanx.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\hamid\Bureau\TrueTransparency\TrueTransparency.exe"
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E7630D6C-A1B1-4321-B10D-AC00671693ED}: NameServer = 192.168.50.55 196.12.209.5
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharge GenProc sur ton bureau

    Double-clique sur GenProc.exe

    et poste le contenu du rapport qui s'ouvre

    Voir comment utiliser GenProc

    Pour ceux qui ont Vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      Rapport GenProc 2.516 [1] - 05/04/2009 à 13:28:51 - Windows XP

      GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :




      et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

      ----------------------------------------------------------------------
      Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
      ----------------------------------------------------------------------

      0
  3. smed_79 Messages postés 1298 Date d'inscription   Statut Contributeur Dernière intervention   850
     
    vous avez quoi comme message d'erreur (error stop) sur ecrans bleus ?
    0
  4. gen-hackman
     
    bonjour a tous

    True Transparancy a tendance a planter les system......à voir
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    De retour, fais moi quand même ceci :

    Télécharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´installe; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    Clic maintenant sur l´onglet recherche et coche la case : "exécuter un examen complet".

    Puis clic sur "rechercher".

    Laisse le scanner le pc...

    Si des éléments on été trouvés > clic sur supprimer la selection.

    si il t´es demandé de redémarrer > clic sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1656
      Windows 5.1.2600 Service Pack 2

      06/04/2009 15:42:24
      mbam-log-2009-04-06 (15-42-24).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
      Eléments examinés: 95673
      Temps écoulé: 54 minute(s), 0 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\Microsoft\bits.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        et après, que dois-je faire svp pour que cet ecran bleu n'apparait pas à nouveau?
        0
  7. gen-hackman
     
    pour avancer desinstalle true transparency
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      chose faite
      0
  8. gen-hackman
     
    *****************************************************
    ************** Option 1 (Recherche) **************
    *****************************************************

    Télécharge FindyKill ( de Chiquitine29) sur ton bureau :

    ! Déconnecte toi et ferme toutes applications en cours !

    * Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

    * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

    * Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    Laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin , sur le forum ...

    ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Aides en images ( Installation )
    Aides en images ( Recherche ) --
    G3и-н@¢км@и™©®
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      OUI OUI t'as raison, parce que à chaque fois que j'effectue un scan avec n'importe quel antivirus, mon ordi plante (barre de tâches devient inactive, fenêtres bloquées..., etc) ou me fait un ecran bleu, et tout cela avant de terminer le nettoyage, j'ai tester avec plusieurs antivirus (AVG, NOD32, Avira antivir) et avec chacun je rencontre le même problème.
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        que dois je faire pour terminer le scan???
        0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      ############################## [ FindyKill V4.722 ]

      # User : hamid (Administrateurs) # UNICORNI-854CF8
      # Update on 04/04/09 by Chiquitine29
      # Start at: 16:25:04 | 06/04/2009
      # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

      # Intel(R) Pentium(R) 4 CPU 3.00GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      # Internet Explorer 8.0.6001.18702
      # Windows Firewall Status : Disabled
      # AV : BitDefender Antivirus 12.0 [ (!) Disabled | (!) Outdated ]
      # AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 35,15 Go (14,16 Go free) # NTFS
      # D:\ # Disque fixe local # 39,37 Go (38,74 Go free) # NTFS
      # E:\ # Disque CD-ROM
      # F:\ # Disque CD-ROM

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

      Found ! C:\WINDOWS\Prefetch\AUTOPATCH.EXE-23FF3CC9.pf

      ################## [ C:\WINDOWS\System32... ]


      ################## [ C:\Documents and Settings\hamid\Application Data ]


      ################## [ C:\Documents and Settings\hamid...\Temp Files... ]


      ################## [ Registre / Clés infectieuses ]



      ################## [ Recherche dans supports amovibles]

      # Recherche fichiers connus :


      ################## [ Registre / Mountpoint2 ]

      # -> Not found !

      ################## [ ! Fin du rapport # FindyKill V4.722 ! ]

      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        et après stp :-(
        0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Pour avancer gen-hackman

    FindyKill XP : nettoyage

    ▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal,choisi l option 2 (Suppression)

    /!\ il y aura un redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    ▶ ensuite post le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    * Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

    A lire :

    le danger des cracks

    bagle/beagle
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      ############################## [ FindyKill V4.722 ]

      # User : hamid (Administrateurs) # UNICORNI-854CF8
      # Update on 04/04/09 by Chiquitine29
      # Start at: 22:03:22 | 07/04/2009
      # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

      # Intel(R) Pentium(R) 4 CPU 3.00GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      # Internet Explorer 8.0.6001.18702
      # Windows Firewall Status : Enabled
      # AV : BitDefender Antivirus 12.0 [ (!) Disabled | (!) Outdated ]
      # AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 35,15 Go (14,16 Go free) # NTFS
      # D:\ # Disque fixe local # 39,37 Go (38,74 Go free) # NTFS
      # E:\ # Disque CD-ROM
      # F:\ # Disque CD-ROM

      ############################## [ Active Processes ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

      Deleted ! C:\WINDOWS\Prefetch\AUTOPATCH.EXE-23FF3CC9.pf
      Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

      ################## [ C:\WINDOWS\System32... ]


      ################## [ C:\Users\...\AppData\Roaming ]


      ################## [ Cleaning .. Temp Files... ]


      ################## [ Registry / Infected keys ]


      ################## [ Cleaning Removable drives ]

      # Deleting Files :


      ################## [ Registry / Mountpoint2 ]

      # -> Not found !

      ################## [ States / Restarting of services ]

      # Services : [ Auto=2 / Request=3 / Disable=4 ]

      # Ndisuio -> # Type of startup =3
      # Ip6Fw -> # Type of startup =2
      # SharedAccess -> # Type of startup =2
      # wuauserv -> # Type of startup =2
      # wscsvc -> # Type of startup =2

      ################## [ Searching Other Infections ]

      # -> Nothing found.

      ################## [ ! End of Report # FindyKill V4.722 ! ]

      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        est ce que maintenant je peux faire le scan normalement et est ce qu'il va se terminer sans s'interrompre par des blocages ou des ecrans bleus? répondez moi svp!
        0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    De rien.
    0
  11. gen-hackman
     
    je pense :

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    ! Déconnecte toi et ferme toutes tes applications en cours !

    Double-clique sur " RSIT.exe " pour le lancer .

    -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    * Devant l'option "List files/folders created ..." , tu choisis : 2 months

    * clique ensuite sur " Continue " pour lancer l'analyse ...

    -> laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by hamid at 2009-04-08 17:19:08
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 15 GB (42%) free of 36 GB
      Total RAM: 511 MB (51% free)

      HijackThis download failed

      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
      IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-09-01 153008]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
      Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
      JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
      "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
      "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
      "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
      "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
      "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
      "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
      "nwiz"=nwiz.exe /install []
      "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
      "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
      "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
      "UMService"=C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe [2008-05-09 28672]
      "ares"=C:\Program Files\Ares\Ares.exe -h []
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe []
      "TrueTransparency"=C:\Documents and Settings\hamid\Bureau\TrueTransparency\TrueTransparency.exe []
      "fsm"= []

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe [2008-10-05 235936]

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
      WgaLogon.dll []

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
      "system"=C:\WINDOWS\system32\svcnost.exe, []

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "DisableTaskMgr"=0

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "HonorAutoRunSetting"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
      "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
      "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
      "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
      "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
      "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

      ======List of files/folders created in the last 2 months======

      2009-04-08 17:19:08 ----D---- C:\rsit
      2009-04-07 22:03:17 ----A---- C:\FindyKill.txt
      2009-04-06 16:24:19 ----D---- C:\FindyKill
      2009-04-06 15:25:28 ----D---- C:\Program Files\Avira
      2009-04-06 15:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
      2009-04-05 13:26:19 ----D---- C:\GenProc
      2009-04-05 11:31:34 ----D---- C:\Program Files\Trend Micro
      2009-04-04 17:02:11 ----HD---- C:\$AVG8.VAULT$
      2009-04-03 11:45:38 ----A---- C:\WINDOWS\is169084.exe
      2009-04-02 21:58:25 ----D---- C:\Program Files\AVG
      2009-04-02 14:20:20 ----D---- C:\Documents and Settings\hamid\Application Data\ESET
      2009-04-01 15:08:15 ----D---- C:\Program Files\BitDefender
      2009-04-01 15:07:13 ----D---- C:\Program Files\Fichiers communs\BitDefender
      2009-03-29 11:32:23 ----HDC---- C:\WINDOWS\ie8
      2009-03-27 16:07:48 ----D---- C:\Program Files\Fichiers communs\Vbox
      2009-03-27 11:11:27 ----A---- C:\WINDOWS\system32\javaws.exe
      2009-03-27 11:11:27 ----A---- C:\WINDOWS\system32\javaw.exe
      2009-03-27 11:11:26 ----A---- C:\WINDOWS\system32\java.exe
      2009-03-26 18:24:45 ----D---- C:\WINDOWS\ie8updates
      2009-03-13 20:05:42 ----A---- C:\WINDOWS\system32\xmltok.dll
      2009-03-13 20:05:42 ----A---- C:\WINDOWS\system32\xmlparse.dll
      2009-03-13 20:05:42 ----A---- C:\WINDOWS\system32\xmlinst.exe
      2009-03-13 20:05:42 ----A---- C:\WINDOWS\system32\VB5DB.DLL
      2009-03-13 20:05:42 ----A---- C:\WINDOWS\system32\msxml3a.dll
      2009-03-13 19:56:38 ----D---- C:\Program Files\Ubisoft
      2009-03-11 16:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
      2009-03-11 16:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
      2009-03-11 15:32:32 ----D---- C:\Program Files\Windows Live Safety Center
      2009-03-08 14:17:46 ----N---- C:\WINDOWS\system32\msrating.dll.mui
      2009-03-08 14:17:30 ----N---- C:\WINDOWS\system32\mshta.exe.mui
      2009-03-08 14:16:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
      2009-03-08 14:15:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
      2009-03-03 15:50:42 ----D---- C:\Program Files\Fichiers communs\Rtools
      2009-03-03 15:50:38 ----D---- C:\Program Files\Qoraani
      2009-03-01 12:23:39 ----D---- C:\Program Files\Software Informer
      2009-03-01 12:10:04 ----D---- C:\Downloads
      2009-03-01 12:07:04 ----D---- C:\Program Files\FlashGet
      2009-02-25 15:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
      2009-02-19 22:10:57 ----D---- C:\Program Files\MSXML 6.0
      2009-02-19 11:57:43 ----A---- C:\WINDOWS\system32\wdmioctl.dll
      2009-02-19 11:57:42 ----A---- C:\WINDOWS\system32\SMMedia.dll
      2009-02-19 11:57:39 ----A---- C:\WINDOWS\SynthCoreA.Dll
      2009-02-19 11:57:39 ----A---- C:\WINDOWS\SynCor.exe
      2009-02-19 11:57:38 ----A---- C:\WINDOWS\system32\Syncor11.dll
      2009-02-19 11:57:37 ----D---- C:\WINDOWS\VirtualEar
      2009-02-19 11:57:37 ----A---- C:\WINDOWS\system32\virtear.dll
      2009-02-19 11:57:37 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll
      2009-02-19 11:57:37 ----A---- C:\WINDOWS\system32\S11thk32.dll
      2009-02-19 11:57:37 ----A---- C:\WINDOWS\system32\Audio3d.dll
      2009-02-19 11:57:36 ----A---- C:\WINDOWS\system32\DSndUp.exe
      2009-02-19 11:57:36 ----A---- C:\WINDOWS\system32\CleanUp.exe
      2009-02-19 11:27:50 ----D---- C:\Documents and Settings\hamid\Application Data\Uniblue
      2009-02-19 11:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
      2009-02-18 12:09:16 ----A---- C:\WINDOWS\Alcrmv.exe
      2009-02-18 12:08:33 ----A---- C:\WINDOWS\system32\ksuser.dll
      2009-02-18 12:07:45 ----D---- C:\Program Files\Realtek AC97
      2009-02-18 12:07:43 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
      2009-02-18 12:07:36 ----A---- C:\WINDOWS\SOUNDMAN.EXE
      2009-02-18 12:07:35 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
      2009-02-18 12:07:32 ----A---- C:\WINDOWS\alcupd.exe
      2009-02-17 13:08:55 ----A---- C:\WINDOWS\UPGRADE.TXT
      2009-02-17 13:08:50 ----D---- C:\WINDOWS\setup.pss
      2009-02-17 13:03:26 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
      2009-02-17 12:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
      2009-02-16 19:46:57 ----D---- C:\Program Files\winflash
      2009-02-16 10:47:04 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2009-02-16 10:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
      2009-02-15 20:47:18 ----D---- C:\WINDOWS\nview
      2009-02-15 20:47:18 ----A---- C:\WINDOWS\system32\nvudisp.exe
      2009-02-15 20:46:53 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
      2009-02-15 20:46:16 ----D---- C:\NVIDIA
      2009-02-15 15:32:27 ----D---- C:\Program Files\ma-config.com
      2009-02-15 15:32:27 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
      2009-02-14 20:42:51 ----D---- C:\Program Files\Conquete 2.0
      2009-02-14 19:11:53 ----D---- C:\WINDOWS\system32\CatRoot2
      2009-02-14 11:54:22 ----D---- C:\Program Files\Lavalys
      2009-02-13 15:29:32 ----D---- C:\WINDOWS\system32\NtmsData
      2009-02-10 21:45:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
      2009-02-09 16:00:32 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
      2009-02-09 16:00:32 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
      2009-02-09 16:00:21 ----A---- C:\WINDOWS\system32\lame_enc.dll
      2009-02-09 16:00:20 ----D---- C:\Program Files\Free Audio Pack
      2009-02-09 15:40:37 ----A---- C:\WINDOWS\system32\WMAFile.dll
      2009-02-09 15:40:37 ----A---- C:\WINDOWS\system32\AudPlayer.dll
      2009-02-09 15:40:37 ----A---- C:\WINDOWS\system32\AudioVisu.dll
      2009-02-09 15:40:37 ----A---- C:\WINDOWS\system32\AudioRecord.dll
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\inetfr.DLL
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\AudioInfos.dll
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\AudFile.dll
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\AudDisplay.dll
      2009-02-09 15:40:36 ----A---- C:\WINDOWS\system32\AudDesign.dll
      2009-02-09 15:40:35 ----A---- C:\WINDOWS\system32\VB6FR.DLL
      2009-02-09 15:40:35 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
      2009-02-09 15:40:33 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
      2009-02-09 15:40:33 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
      2009-02-09 15:40:33 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL

      ======List of files/folders modified in the last 2 months======

      2009-04-08 17:17:52 ----A---- C:\WINDOWS\ModemLog_LGE EVDO USB Modem.txt
      2009-04-08 17:16:07 ----D---- C:\Documents and Settings\hamid\Application Data\DMCache
      2009-04-08 17:02:30 ----D---- C:\WINDOWS\Prefetch
      2009-04-08 17:01:11 ----D---- C:\WINDOWS\system32
      2009-04-08 17:01:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2009-04-08 16:57:36 ----D---- C:\WINDOWS\Temp
      2009-04-08 16:56:53 ----D---- C:\WINDOWS
      2009-04-07 22:01:35 ----A---- C:\WINDOWS\SchedLgU.Txt
      2009-04-06 15:42:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
      2009-04-06 15:26:17 ----D---- C:\WINDOWS\system32\drivers
      2009-04-06 15:26:16 ----HD---- C:\WINDOWS\inf
      2009-04-06 15:25:28 ----RD---- C:\Program Files
      2009-04-06 15:22:04 ----SHD---- C:\WINDOWS\Installer
      2009-04-06 15:22:04 ----D---- C:\Config.Msi
      2009-04-06 15:22:03 ----D---- C:\WINDOWS\WinSxS
      2009-04-06 14:42:05 ----D---- C:\Program Files\Messenger Plus! Live
      2009-04-04 17:59:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2009-04-04 17:59:14 ----D---- C:\WINDOWS\Debug
      2009-04-03 17:16:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
      2009-04-03 16:14:18 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
      2009-04-03 11:48:17 ----SD---- C:\Documents and Settings\hamid\Application Data\Microsoft
      2009-04-02 15:07:43 ----D---- C:\WINDOWS\system32\CatRoot
      2009-04-02 15:06:24 ----D---- C:\Program Files\LG Electronics
      2009-04-02 15:06:18 ----HD---- C:\Program Files\InstallShield Installation Information
      2009-04-02 14:56:10 ----D---- C:\Program Files\ESET
      2009-04-02 14:18:29 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
      2009-04-01 15:07:13 ----D---- C:\Program Files\Fichiers communs
      2009-04-01 11:48:57 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
      2009-04-01 11:45:15 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
      2009-04-01 11:35:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
      2009-03-31 12:21:55 ----SD---- C:\WINDOWS\Tasks
      2009-03-31 12:21:23 ----D---- C:\Program Files\Mozilla Firefox
      2009-03-29 16:20:04 ----A---- C:\WINDOWS\NeroDigital.ini
      2009-03-29 11:36:11 ----D---- C:\WINDOWS\system32\fr-fr
      2009-03-29 11:36:10 ----D---- C:\WINDOWS\Media
      2009-03-29 11:36:10 ----D---- C:\WINDOWS\Help
      2009-03-29 11:36:10 ----D---- C:\Program Files\Internet Explorer
      2009-03-28 16:12:41 ----D---- C:\WINDOWS\network diagnostic
      2009-03-28 13:14:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
      2009-03-28 13:11:54 ----D---- C:\Documents and Settings\hamid\Application Data\Adobe
      2009-03-27 16:07:38 ----D---- C:\Program Files\Fichiers communs\Adobe
      2009-03-27 11:11:17 ----D---- C:\Program Files\Java
      2009-03-27 11:07:47 ----D---- C:\Program Files\Google
      2009-03-26 18:33:02 ----D---- C:\Documents and Settings\All Users\Application Data\Google
      2009-03-26 18:24:34 ----HD---- C:\WINDOWS\$hf_mig$
      2009-03-25 16:32:54 ----D---- C:\Documents and Settings\hamid\Application Data\Google
      2009-03-11 16:15:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2009-03-11 11:59:37 ----A---- C:\WINDOWS\ModemLog_LGE EVDO USB Modem #2.txt
      2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll
      2009-03-08 14:18:02 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
      2009-03-08 14:16:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
      2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
      2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
      2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
      2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
      2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
      2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
      2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
      2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
      2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
      2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
      2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
      2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
      2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
      2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
      2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
      2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
      2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
      2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
      2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
      2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
      2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
      2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
      2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
      2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
      2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
      2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
      2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
      2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
      2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
      2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
      2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
      2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
      2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
      2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
      2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
      2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
      2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
      2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
      2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
      2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
      2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
      2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
      2009-03-03 19:57:36 ----D---- C:\Program Files\Spybot - Search & Destroy
      2009-03-03 15:50:42 ----RSD---- C:\WINDOWS\Fonts
      2009-03-03 12:01:18 ----A---- C:\WINDOWS\win.ini
      2009-03-03 12:00:56 ----D---- C:\Program Files\Windows Media Player
      2009-03-02 20:49:16 ----D---- C:\Program Files\Internet Download Manager
      2009-03-02 17:48:20 ----D---- C:\Documents and Settings\hamid\Application Data\IDM
      2009-03-02 17:42:11 ----D---- C:\Program Files\LimeWire
      2009-02-27 17:45:01 ----D---- C:\Documents and Settings\hamid\Application Data\LimeWire
      2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
      2009-02-21 13:37:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
      2009-02-21 11:15:53 ----D---- C:\Program Files\Outlook Express
      2009-02-19 12:17:23 ----D---- C:\WINDOWS\system32\config
      2009-02-19 11:57:37 ----D---- C:\WINDOWS\system
      2009-02-19 11:57:36 ----D---- C:\Program Files\Analog Devices
      2009-02-19 11:57:35 ----A---- C:\WINDOWS\system32\msssc.dll
      2009-02-16 09:18:50 ----D---- C:\Program Files\Thoosje Vista Sidebar
      2009-02-15 20:47:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
      2009-02-15 15:33:59 ----SD---- C:\WINDOWS\Downloaded Program Files
      2009-02-13 15:08:48 ----D---- C:\Program Files\VisualTaskTips
      2009-02-10 21:45:04 ----D---- C:\WINDOWS\ie7updates

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
      R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40320]
      R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
      R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
      R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
      R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
      R3 ALI5261;Pilote NT de base Ethernet ALi; C:\WINDOWS\system32\DRIVERS\ALI5261.SYS [2001-08-17 27678]
      R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
      R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
      R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
      R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-19 602880]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
      R3 UsbEvdoAtc;LGE EVDO USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgevdoatc.sys [2007-08-28 19840]
      R3 usbevdobus;LGE EVDO Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgevdobus.sys [2007-08-28 12800]
      R3 UsbEvdoDiag;LGE EVDO USB Serial DM Port; C:\WINDOWS\system32\DRIVERS\lgevdodiag.sys [2007-08-28 19840]
      R3 USBEVDOModem;LGE EVDO USB Modem; C:\WINDOWS\system32\DRIVERS\lgevdomodem.sys [2007-08-28 21632]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
      R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
      S1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
      S3 atidgllk;atidgllk; \??\C:\Program Files\winflash\atidgllk.sys []
      S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
      S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
      S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
      S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
      S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
      S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
      S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
      S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
      R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
      R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
      R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
      R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
      R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
      S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
      S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

      -----------------EOF-----------------
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        info.txt logfile of random's system information tool 1.06 2009-04-08 17:19:16

        ======Uninstall list======

        -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
        2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
        Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
        Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
        Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
        Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
        ALi AGP Driver 2.10-->C:\WINDOWS\system32\UnAGP.EXE RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC16B64A-38A7-4D7D-BA2E-671ED441304F}\Setup.exe" -uninst
        Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
        Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
        CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
        Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
        Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
        Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
        Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
        EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
        Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
        FindyKill-->C:\FindyKill\Uninstal.exe
        Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
        GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
        HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
        Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
        Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
        Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
        Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
        Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
        K-Lite Mega Codec Pack 4.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
        Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
        Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
        Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
        Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
        Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
        Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
        Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
        Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
        Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
        Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
        Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
        Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
        Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
        Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
        Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
        Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
        Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
        Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
        Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
        Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
        Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
        Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
        Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
        Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
        Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
        Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
        Modem USB LG Electronics-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DC6E06A-F0F7-47F7-8479-FFCAF60F538F}\setup.exe" -l0x40c -removeonly
        MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
        MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
        neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
        NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)-->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
        NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
        Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
        Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
        Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
        Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
        Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
        Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
        Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
        Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
        Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
        SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
        SPSS 11.5.1 pour Windows-->C:\WINDOWS\uninst.exe -f"C:\Program Files\SPSS\DeIsL1.isu" -c"C:\Program Files\SPSS\uninst.dll
        Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
        ÞÑÂäí v1.23-->"C:\Program Files\Qoraani\unins000.exe"
        Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
        Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
        Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
        VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
        Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
        Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
        Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
        Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
        Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
        Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
        Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
        Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
        WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

        Hosts File Missing
        ======Security center information======

        AV: BitDefender Antivirus (disabled) (outdated)
        AV: AntiVir Desktop

        ======System event log======

        Computer Name: UNICORNI-854CF8
        Event Code: 7036
        Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

        Record Number: 8900
        Source Name: Service Control Manager
        Time Written: 20090325195758.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 7036
        Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

        Record Number: 8899
        Source Name: Service Control Manager
        Time Written: 20090325195758.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 7035
        Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

        Record Number: 8898
        Source Name: Service Control Manager
        Time Written: 20090325195758.000000+000
        Event Type: Informations
        User: AUTORITE NT\SYSTEM

        Computer Name: UNICORNI-854CF8
        Event Code: 7036
        Message: Le service NMIndexingService est entré dans l'état : en cours d'exécution.

        Record Number: 8897
        Source Name: Service Control Manager
        Time Written: 20090325195757.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 7035
        Message: Un contrôle Démarrer a correctement été envoyé au service NMIndexingService.

        Record Number: 8896
        Source Name: Service Control Manager
        Time Written: 20090325195757.000000+000
        Event Type: Informations
        User: AUTORITE NT\SYSTEM

        =====Application event log=====

        Computer Name: UNICORNI-854CF8
        Event Code: 103
        Message: msnmsgr (1588) \\.\C:\Documents and Settings\hamid\Local Settings\Application Data\Microsoft\Messenger\abdelhamid.elmrabet@live.fr\SharingMetadata\Working\database_A488_EEA6_88EE_7668\dfsr.db: Le moteur de base de données a arrêté une instance (0).

        Record Number: 3004
        Source Name: ESENT
        Time Written: 20090216180823.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 1000
        Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.
        Les données d'enregistrement contiennent les nouvelles valeurs d'index
        assignées à ce service.

        Record Number: 3003
        Source Name: LoadPerf
        Time Written: 20090216172149.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 1001
        Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.
        Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
        et les dernières entrées du registre d'aide.

        Record Number: 3002
        Source Name: LoadPerf
        Time Written: 20090216172148.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 102
        Message: msnmsgr (1588) \\.\C:\Documents and Settings\hamid\Local Settings\Application Data\Microsoft\Messenger\abdelhamid.elmrabet@live.fr\SharingMetadata\Working\database_A488_EEA6_88EE_7668\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

        Record Number: 3001
        Source Name: ESENT
        Time Written: 20090216172002.000000+000
        Event Type: Informations
        User:

        Computer Name: UNICORNI-854CF8
        Event Code: 100
        Message: msnmsgr (1588) Le moteur de base de données 5.01.2600.2180 est démarré.

        Record Number: 3000
        Source Name: ESENT
        Time Written: 20090216172002.000000+000
        Event Type: Informations
        User:

        ======Environment variables======

        "ComSpec"=%SystemRoot%\system32\cmd.exe
        "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
        "windir"=%SystemRoot%
        "FP_NO_HOST_CHECK"=NO
        "OS"=Windows_NT
        "PROCESSOR_ARCHITECTURE"=x86
        "PROCESSOR_LEVEL"=15
        "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
        "PROCESSOR_REVISION"=0401
        "NUMBER_OF_PROCESSORS"=2
        "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        "TEMP"=%SystemRoot%\TEMP
        "TMP"=%SystemRoot%\TEMP

        -----------------EOF-----------------
        0
      2. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        quoi d'autre et pourquoi tout ça? ce que je veux moi c'est juste faire fin aux ecrans bleus récurrents et qui apparaissent sans arrêt.
        0
  12. gen-hackman
     
    salut tu as la reponse dans ta question

    Mets-toi a jour avec le SP3 !!!!

    desinstalle findykill (tu le relances et option 3)

    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :



    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\svcnost.exe
    C:\GenProc
    C:\WINDOWS\is169084.exe
    C:\Program Files\AVG
    C:\Documents and Settings\hamid\Application Data\ESET
    C:\Program Files\BitDefender
    C:\Program Files\Fichiers communs\BitDefender
    C:\$AVG8.VAULT$
    C:\Program Files\ESET
    C:\Documents and Settings\All Users\Application Data\ESET
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=-
    "MSPY2002"=-
    "PHIME2002ASync"=-
    "PHIME2002A"=-
    "Adobe Reader Speed Launcher"=-
    "nwiz"=-
    "SunJavaUpdateSched"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ares"=-
    "TrueTransparency"=-
    "fsm"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system"=""

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder C:\WINDOWS\system32\svcnost.exe not found.
      C:\GenProc\Page\GenProcPage moved successfully.
      C:\GenProc\Page moved successfully.
      C:\GenProc\outil moved successfully.
      C:\GenProc\ChangeLog moved successfully.
      C:\GenProc\Canned moved successfully.
      C:\GenProc\Arguments moved successfully.
      C:\GenProc moved successfully.
      C:\WINDOWS\is169084.exe moved successfully.
      File/Folder C:\Program Files\AVG not found.
      C:\Documents and Settings\hamid\Application Data\ESET\ESET Smart Security\Antispam moved successfully.
      C:\Documents and Settings\hamid\Application Data\ESET\ESET Smart Security moved successfully.
      C:\Documents and Settings\hamid\Application Data\ESET moved successfully.
      File/Folder C:\Program Files\BitDefender not found.
      C:\Program Files\Fichiers communs\BitDefender\Setup Information moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_11359\Plugins moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_11359 moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_11358\Plugins moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_11358 moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall moved successfully.
      C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server moved successfully.
      C:\Program Files\Fichiers communs\BitDefender moved successfully.
      C:\$AVG8.VAULT$ moved successfully.
      C:\Program Files\ESET\ESET NOD32 Antivirus moved successfully.
      C:\Program Files\ESET moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Antispam moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus moved successfully.
      C:\Documents and Settings\All Users\Application Data\ESET moved successfully.
      ========== REGISTRY ==========
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002ASync deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002A deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TrueTransparency deleted successfully.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"system"|"" /E : value set successfully!
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF1CD.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF464B.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF49D0.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF65AD.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFE95D.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFE9F8.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZR1K29LV\affich-11847123-torjans-ecran-bleu[1].htm scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\FP1RR50E\MsgrConfig[1].asmx scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04092009_161002

      Files moved on Reboot...
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF1CD.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF464B.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF49D0.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF65AD.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFE95D.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFE9F8.tmp not found!
      File C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZR1K29LV\affich-11847123-torjans-ecran-bleu[1].htm not found!
      C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\FP1RR50E\MsgrConfig[1].asmx moved successfully.
      C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
      C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat moved successfully.
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        comment tu explique ceci :

        File C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZR1K29LV\affich-11847123-torjans-ecran-bleu[1].htm not found!

        je crois que ce qui nous interesse ne s'est pas supprimé.
        0
      2. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        pour essayer de trouver le fichier (poste 31) j'ai refait le travail et j'ai trouvé ceci :

        ========== PROCESSES ==========
        Process explorer.exe killed successfully.
        ========== FILES ==========
        File/Folder C:\WINDOWS\system32\svcnost.exe not found.
        File/Folder C:\GenProc not found.
        File/Folder C:\WINDOWS\is169084.exe not found.
        File/Folder C:\Program Files\AVG not found.
        File/Folder C:\Documents and Settings\hamid\Application Data\ESET not found.
        File/Folder C:\Program Files\BitDefender not found.
        File/Folder C:\Program Files\Fichiers communs\BitDefender not found.
        File/Folder C:\$AVG8.VAULT$ not found.
        File/Folder C:\Program Files\ESET not found.
        File/Folder C:\Documents and Settings\All Users\Application Data\ESET not found.
        ========== REGISTRY ==========
        Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
        Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002ASync not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002A not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
        Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
        Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares not found.
        Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TrueTransparency not found.
        Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm not found.
        Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"system"|"" /E : value set successfully!
        ========== COMMANDS ==========
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF8313.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFED1F.tmp scheduled to be deleted on reboot.
        User's Temp folder emptied.
        User's Internet Explorer cache folder emptied.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZB55MI73\affich-11847123-torjans-ecran-bleu[1].htm scheduled to be deleted on reboot.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
        User's Temporary Internet Files folder emptied.
        Local Service Temp folder emptied.
        File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
        Local Service Temporary Internet Files folder emptied.
        Network Service Temp folder emptied.
        Network Service Temporary Internet Files folder emptied.
        File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat scheduled to be deleted on reboot.
        Windows Temp folder emptied.
        Java cache emptied.
        Temp folders emptied.
        Explorer started successfully

        OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04092009_162335

        Files moved on Reboot...
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF8313.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFED1F.tmp not found!
        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZB55MI73\affich-11847123-torjans-ecran-bleu[1].htm moved successfully.
        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
        File C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat not found!
        0
      3. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        alors j'ai eu ''moved successfully'' au lieu de ''not found''

        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\ZB55MI73\affich-11847123-torjans-ecran-bleu[1].htm moved successfully.

        est ce que ça n'aura aucun effet?
        est ce que ça peut pas être une erreur matériel?
        0
  13. gen-hackman
     
    ecoutes si tu prends les initiatives tout seul comment veux-tu que j y comprenne quelque chose ??????

    dans ce cas tu peux finir ta desinfection tout seul !!!
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      je suis vraiment désolé. on peut continuer stp?
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        mais avant de continuer je veux juste t'informer que j'ai effectué un scan mais cette fois ça a marché jusqu'à la fin, grâce à toi, lol! ;-) j'ai trouvé 8 infections et je les ai supprimé, désolé parce que j'ai pris aussi cette initiative tout seul. mais le scan ne s'est pas bloqué par un écran bleu, j'espère qu'il ne reviendra plus jamais. j'ajoute que j'ai fait le scan tout en se déconnectant et débranchant le modem car j'en doutait...
        0
      2. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        s'il y a d'autres étapes à suivre je suis prêt, on peut continuer.
        0
      3. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        j'ai oublié de te filer le rapport d'avira :



        Avira AntiVir Personal
        Report file date: jeudi 9 avril 2009 16:56

        Scanning for 1346250 virus strains and unwanted programs.

        Licensee : Avira AntiVir Personal - FREE Antivirus
        Serial number : 0000149996-ADJIE-0000001
        Platform : Windows XP
        Windows version : (Service Pack 2) [5.1.2600]
        Boot mode : Normally booted
        Username : SYSTEM
        Computer name : UNICORNI-854CF8

        Version information:
        BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
        AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 12:13:26
        AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24
        LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49
        LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52
        ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
        ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 20:33:26
        ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 15:47:30
        ANTIVIR3.VDF : 7.1.3.40 158720 Bytes 09/04/2009 16:55:45
        Engineversion : 8.2.0.138
        AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 17:36:42
        AESCRIPT.DLL : 8.1.1.73 373114 Bytes 06/04/2009 15:48:06
        AESCN.DLL : 8.1.1.10 127348 Bytes 06/04/2009 15:48:01
        AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 18:24:41
        AEPACK.DLL : 8.1.3.12 397687 Bytes 06/04/2009 15:47:59
        AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 20:01:56
        AEHEUR.DLL : 8.1.0.114 1700214 Bytes 06/04/2009 15:47:55
        AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 20:01:56
        AEGEN.DLL : 8.1.1.33 340340 Bytes 06/04/2009 15:47:39
        AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 14:32:40
        AECORE.DLL : 8.1.6.7 176502 Bytes 06/04/2009 15:47:36
        AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40
        AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
        AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 10:32:15
        AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
        AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09
        AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 07:52:24
        AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08
        SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
        SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33
        NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10
        RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 11:45:45
        RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 15:55:12

        Configuration settings for the scan:
        Jobname.............................: Complete system scan
        Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
        Logging.............................: low
        Primary action......................: interactive
        Secondary action....................: ignore
        Scan master boot sector.............: on
        Scan boot sector....................: on
        Boot sectors........................: C:, D:,
        Process scan........................: on
        Scan registry.......................: on
        Search for rootkits.................: on
        Integrity checking of system files..: off
        Scan all files......................: All files
        Scan archives.......................: on
        Recursion depth.....................: 20
        Smart extensions....................: on
        Macro heuristic.....................: on
        File heuristic......................: medium

        Start of the scan: jeudi 9 avril 2009 16:56

        Starting search for hidden objects.
        '32179' objects were checked, '0' hidden objects were found.

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
        Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
        Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
        Scan process 'iexplore.exe' - '1' Module(s) have been scanned
        Scan process 'iexplore.exe' - '1' Module(s) have been scanned
        Scan process 'IEUM.exe' - '1' Module(s) have been scanned
        Scan process 'UMAService.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'jqs.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        29 processes with 29 modules were scanned

        Starting master boot sector scan:

        Start scanning boot sectors:

        Starting to scan executable files (registry).
        The registry was scanned ( '44' files ).


        Starting the file scan:

        Begin scan in 'C:\'
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        [NOTE] This file is a Windows system file.
        [NOTE] This file cannot be opened for scanning.
        C:\Documents and Settings\hamid\Mes documents\Downloads\Compressed\Google--Earth--2009--.rar
        [0] Archive type: RAR
        --> Crack.exe
        [DETECTION] Contains recognition pattern of the ADSPY/LinkReplacer.C adware or spyware
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Incomplete\T-3545427-entre toi et moi papa ap.mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Incomplete\T-3545427-صوامت تركية [cd rip].mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Saved\hahia mchat said bouskir.mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
        [0] Archive type: CAB (Microsoft)
        --> JSByteCodeWin.bin
        [WARNING] The file could not be written!
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP197\A0203559.dll
        [DETECTION] Is the TR/Downloader.Gen Trojan
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP199\A0204604.exe
        [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP202\A0209771.dll
        [DETECTION] Is the TR/Downloader.Gen Trojan
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP202\A0209772.dll
        [DETECTION] Is the TR/Trash.Gen Trojan
        Begin scan in 'D:\'

        Beginning disinfection:
        C:\Documents and Settings\hamid\Mes documents\Downloads\Compressed\Google--Earth--2009--.rar
        [NOTE] The file was moved to '4a4d3108.qua'!
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Incomplete\T-3545427-entre toi et moi papa ap.mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        [NOTE] The file was moved to '4a1130c8.qua'!
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Incomplete\T-3545427-صوامت تركية [cd rip].mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        [NOTE] The file was moved to '4a1130ca.qua'!
        C:\Documents and Settings\hamid\Mes documents\LimeWire\Saved\hahia mchat said bouskir.mp3
        [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
        [NOTE] The file was moved to '4a4630fe.qua'!
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP197\A0203559.dll
        [DETECTION] Is the TR/Downloader.Gen Trojan
        [NOTE] The file was moved to '4a1030ce.qua'!
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP199\A0204604.exe
        [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
        [NOTE] The file was moved to '4b97f48f.qua'!
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP202\A0209771.dll
        [DETECTION] Is the TR/Downloader.Gen Trojan
        [NOTE] The file was moved to '4b67c0a7.qua'!
        C:\System Volume Information\_restore{135811AC-6D4A-42CD-8461-36E4FE5C0632}\RP202\A0209772.dll
        [DETECTION] Is the TR/Trash.Gen Trojan
        [NOTE] The file was moved to '4b92ad97.qua'!


        End of the scan: jeudi 9 avril 2009 17:30
        Used time: 33:08 Minute(s)

        The scan has been done completely.

        3581 Scanned directories
        232277 Files were scanned
        8 Viruses and/or unwanted programs were found
        0 Files were classified as suspicious
        0 files were deleted
        0 Viruses and unwanted programs were repaired
        8 Files were moved to quarantine
        0 Files were renamed
        1 Files cannot be scanned
        232268 Files not concerned
        1981 Archives were scanned
        2 Warnings
        9 Notes
        32179 Objects were scanned with rootkit scan
        0 Hidden objects were found

        0
  14. gen-hackman
     
    au post 12 tu m as dit avoir viré true transprancy et j ai du te le faire sauter au post 30

    si tu n es pas honnete non plus on s en sortira pas
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      oui je l'ai supprimé true transparency
      0
  15. gen-hackman
     
    ok j'ai remarqué certains dossiers dans ton pc écrits en arabe mais je pense que cela est normal vu ton pseudo(en cas contraire avertis moi dans le plus bref delai)je ne voudrais pas te faire sauter des dossiers ou fichiers perso

    ensuite relances rsit (Random system Information Tool)
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      l'écran bleu est revenu avec ce code 0x0000008E
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        j'ai relancé rsit voici le rapport :

        Logfile of random's system information tool 1.06 (written by random/random)
        Run by hamid at 2009-04-10 15:20:42
        Microsoft Windows XP Professionnel Service Pack 2
        System drive C: has 16 GB (46%) free of 36 GB
        Total RAM: 511 MB (33% free)

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:21:04, on 10/04/2009
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir Desktop\sched.exe
        C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
        C:\Program Files\LG Electronics\Modem USB LG Electronics\IEUM.exe
        C:\program files\internet explorer\iexplore.exe
        C:\program files\internet explorer\iexplore.exe
        C:\program files\internet explorer\iexplore.exe
        C:\Documents and Settings\hamid\Bureau\RSIT.exe
        C:\Program Files\trend micro\hamid.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
        O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
        O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
        O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
        O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E7630D6C-A1B1-4321-B10D-AC00671693ED}: NameServer = 192.168.50.55 196.12.209.5
        O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
        O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        0
  16. gen-hackman
     
    tu n as pas repondu a ma question du post 41

    réouvre hijackthis
    fais scan only
    coches ces lignes sur leur gauche:

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

    tu les coches et tu clic sur "fix checked"

    et tu fermes le programme.

    ensuite :


    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    atidgllk

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "Default_Search_URL"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
    "(Default)"=""

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      oui j suis marocain, il ya des fichiers en arabe, mais s'ils doivent etre supprimé pas de problème.
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        ========== PROCESSES ==========
        Process explorer.exe killed successfully.
        ========== SERVICES/DRIVERS ==========

        Service\Driver atidgllk deleted successfully.
        ========== REGISTRY ==========
        HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"Default_Search_URL"|"" /E : value set successfully!
        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\"(Default)"|"" /E : value set successfully!
        ========== COMMANDS ==========
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF4753.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF7060.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF7324.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFB348.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFB35A.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFD1D3.tmp scheduled to be deleted on reboot.
        User's Temp folder emptied.
        User's Internet Explorer cache folder emptied.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\S814HR6Z\MsgrConfig[1].asmx scheduled to be deleted on reboot.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\RMH2VUR1\affich-11847123-torjans-ecran-bleu[1].htm scheduled to be deleted on reboot.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
        File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
        User's Temporary Internet Files folder emptied.
        Local Service Temp folder emptied.
        File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
        Local Service Temporary Internet Files folder emptied.
        Network Service Temp folder emptied.
        Network Service Temporary Internet Files folder emptied.
        File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_598.dat scheduled to be deleted on reboot.
        Windows Temp folder emptied.
        Java cache emptied.
        Temp folders emptied.
        Explorer started successfully

        OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04102009_162004

        Files moved on Reboot...
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF4753.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF7060.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF7324.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFB348.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFB35A.tmp not found!
        File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFD1D3.tmp not found!
        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\S814HR6Z\MsgrConfig[1].asmx moved successfully.
        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\RMH2VUR1\affich-11847123-torjans-ecran-bleu[1].htm moved successfully.
        C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
        File C:\WINDOWS\temp\Perflib_Perfdata_598.dat not found!
        0
  17. gen-hackman
     
    non c est bon juste pour savoir ils n ont pas l air infectés :)
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      ok, j'ai posté le rapport, quoi d'autre? ça a l'air long, est ce qu'il en reste beaucoup?
      0
  18. gen-hackman
     
    ok petit oubli

    relances otmoveit et colle ca dedans



    :processes
    explorer.exe

    :files
    C:\Program Files\AskSearch

    :commands
    [purity]
    [emptytemp]


    puis "Moveit !"
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      C:\Program Files\AskSearch\bin moved successfully.
      C:\Program Files\AskSearch moved successfully.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\BIT1.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF23AD.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF2831.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF42F0.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFC6D0.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFC72A.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFD8AA.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\21TC8A8M\affich-11847123-torjans-ecran-bleu[1].htm scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      Temp folders emptied.

      OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04102009_163017

      Files moved on Reboot...
      C:\DOCUME~1\hamid\LOCALS~1\Temp\BIT1.tmp moved successfully.
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF23AD.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF2831.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DF42F0.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFC6D0.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFC72A.tmp not found!
      File C:\DOCUME~1\hamid\LOCALS~1\Temp\~DFD8AA.tmp not found!
      C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\Content.IE5\21TC8A8M\affich-11847123-torjans-ecran-bleu[1].htm moved successfully.
      C:\Documents and Settings\hamid\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
      File C:\WINDOWS\temp\Perflib_Perfdata_574.dat not found!
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        quoi d'autre? est ce que tu es sûr que ce n'est pas une erreur matériel???
        0
  19. gen-hackman
     
    relances rsit stp
    0
    1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14
       
      j l'ai relancé et voici le rapport :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by hamid at 2009-04-10 16:50:12
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 16 GB (46%) free of 36 GB
      Total RAM: 511 MB (37% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:50:27, on 10/04/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\LG Electronics\Modem USB LG Electronics\IEUM.exe
      C:\program files\internet explorer\iexplore.exe
      C:\program files\internet explorer\iexplore.exe
      C:\program files\internet explorer\iexplore.exe
      C:\Documents and Settings\hamid\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\hamid.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E7630D6C-A1B1-4321-B10D-AC00671693ED}: NameServer = 192.168.50.55 196.12.209.5
      O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
      1. H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention   14 > H__ami__D Messages postés 836 Date d'inscription   Statut Membre Dernière intervention  
         
        cet ecran est devenu insupportable, il vient de m'afficher une nouvelle fois, j'en peut plus, je te remercirai 1000 fois si tu m'aideras à y faire fin
        0
  • 1
  • 2
  • 3