j ai un rapport de hijack ? quelqun peu m'aid Fermé

Question

Bonjour,
mon ordi est infecte de pub 
? y a du virus dans l'air !!!! alors j ai donc telecharger hijack, mais le probleme c'est que j'y comprends rien !
je voudrais pas enlever quelques chose d'important !y a t-il quelequn qui peu m'aider.


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:58, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar	bu05139\ecobar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.com/en
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: fcc1cc6b600 - C:\WINDOWS\System32\dpnmodem32.dll
O20 - Winlogon Notify: __c005D7A6 - C:\WINDOWS\system32\__c005D7A6.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

Ced_King · Answer

Salut,

On va véifier car hijackthis n'est plus aussi performant :

Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports

eZula · Answer

.

Ced_King · Answer

Re,

Voilà pourquoi je préféres aussi demander RSIT --> afin de vérifier si aucunes lignes n'a été fixé, et là c'est bien le cas --> =====HijackThis Backups===== 

Fixer les lignes n'a jamais supprimé les infections ( ce serait un peu trop facile)

                                          ------------------------------

Télécharges et installes  ccleaner 
- Durant l'installation, n'installe pas la barre d'outils yahoo ( décoches la case) et celle proposant --> " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner
- clic >> option >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h
- Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...
--------------------------- 

Telecharges Combofix et enregistres le sur ton bureau

/!\ Désactive la garde résidente de ton antivirus et celle de ton antispyware /!\

- Déconnectes toi et fermes toutes les applications en cours

- Double clic sur Combofix.exe >> un message apparait > réponds " oui "

- ( Il est conseillé d'installer la console de récupérations) 

- Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

- A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisses le faire

- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

Ced_King · Answer

Ce n'est pas terminé, peux tu poster le rapport stp

- Combofix est un outil puissant qu'il ne faut pas utiliser à la légère, tu pourrais planté l'ordi

--> le rapport C:\combofix.txt se trouve à la racine du disque dur

Ced_King · Answer

Peux-tu utiliser le cadre [ répondre ] stp lorsque tu postes, afin que le topic est un sens il faut répondre à la suite...

- Ton pc est encore infecté, Yoog search entre autre etc...

Rends toi sur ce site :https://www.virustotal.com/gui/

- Cliques sur <parcourir> et cherches ces fichiers :

c:\windows\xfduc50240.exe

c:\windows\tjoo53238.exe

- Cliques sur <Send File>.

- Un rapport va s'élaborer ligne à ligne.

- Attends la fin. Il doit comprendre la taille du fichier envoyé.

- Sauvegardes le rapport avec le bloc-note et copies le dans ta réponse.

Ced_King · Answer

Pas de soucis ;))

Ced_King · Answer

Je l'ai bien mis ? oui tu as raison il est encore infecté ? mais est ce que c'est resolus 

--> j'attends le 2ème...

mrco72 · Answer

ok desole voila le second

  Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations... 

Fichier kfuaa07573.exe reçu le 2009.05.28 12:46:04 (UTC)
Situation actuelle: terminé 

Résultat: 7/39 (17.95%)
 Formaté Impression des résultats  Antivirus Version Dernière mise à jour Résultat 
a-squared 4.0.0.101 2009.05.28 - 
AhnLab-V3 5.0.0.2 2009.05.28 - 
AntiVir 7.9.0.180 2009.05.28 - 
Antiy-AVL 2.0.3.1 2009.05.27 - 
Authentium 5.1.2.4 2009.05.28 - 
Avast 4.8.1335.0 2009.05.27 - 
AVG 8.5.0.339 2009.05.28 - 
BitDefender 7.2 2009.05.28 - 
CAT-QuickHeal 10.00 2009.05.28 - 
ClamAV 0.94.1 2009.05.28 - 
Comodo 1210 2009.05.28 TrojWare.Win32.TrojanDropper.Agent.~RBP 
DrWeb 5.0.0.12182 2009.05.28 - 
eSafe 7.0.17.0 2009.05.27 Win32.MaliciousSoftw 
eTrust-Vet 31.6.6526 2009.05.28 - 
F-Prot 4.4.4.56 2009.05.28 - 
F-Secure 8.0.14470.0 2009.05.28 Suspicious:W32/Malware!Gemini 
Fortinet 3.117.0.0 2009.05.28 - 
GData 19 2009.05.28 - 
Ikarus T3.1.1.57.0 2009.05.28 - 
K7AntiVirus 7.10.746 2009.05.27 - 
Kaspersky 7.0.0.125 2009.05.28 - 
McAfee 5628 2009.05.27 - 
McAfee+Artemis 5628 2009.05.27 - 
McAfee-GW-Edition 6.7.6 2009.05.28 - 
Microsoft 1.4701 2009.05.28 - 
NOD32 4111 2009.05.28 - 
Norman 6.01.05 2009.05.28 - 
nProtect 2009.1.8.0 2009.05.28 - 
Panda 10.0.0.14 2009.05.28 Suspicious file 
PCTools 4.4.2.0 2009.05.21 - 
Prevx 3.0 2009.05.28 Medium Risk Malware 
Rising 21.31.21.00 2009.05.27 - 
Sophos 4.42.0 2009.05.28 - 
Sunbelt 3.2.1858.2 2009.05.28 - 
Symantec 1.4.4.12 2009.05.28 - 
TheHacker 6.3.4.3.333 2009.05.28 - 
TrendMicro 8.950.0.1092 2009.05.28 TROJ_AGENT.ASB 
VBA32 3.12.10.6 2009.05.27 - 
ViRobot 2009.5.28.1758 2009.05.28 Spyware.Lwsta.Do.69697 
Information additionnelle 
File size: 69697 bytes 
MD5   : 71f29a6ce4c9907783301376c7b7a214 
SHA1  : 3165aaf5ca7e6f91541794a721c0d235aef432fa 
SHA256: c72e5f8b875dc7c83a3ccac924701d4089017227da07add3e6bb95b652aa138c 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30E3
timedatestamp.....: 0x48A737EC (Sat Aug 16 22:26:20 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5B68 0x5C00 6.49 6bfa289fc453f683cf6ad42723acbb61
.rdata 0x7000 0x129C 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25C58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6
.ndata 0x2F000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x37000 0xA68 0xC00 3.47 d211484d2bd0bc7cd9fa8208a56e2ff4

( 0 imports )


( 0 exports )
 
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
ssdeep: 1536:jYTmwVUsW7dtJMHy0DxmJXNQdHnydrHIepHaLEYdVN25+QB:US17XJiDxmJXK1ydrNhsNzQB 
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=53CB81C141695ED410F40121E4A6000025BCB8E1 
PEiD  : - 
CWSandbox: http://research.sunbelt-software.com/... 
RDS   : NSRL Reference Data Set
 
toujours infecter ?

Ced_King · Answer

Télécharges ATF Cleaner par Atribune sur ton bureau : http://www.atribune.org/ccount/click.php?id=1 - Démarres ATF-Cleaner et coche toutes les cases. - Cliques sur et au message "Done Cleaning" sur NB : Si tu utilises Firefox ou Opera : - Cliques sur Firefox ou Opera en haut puis choisis

mrco72 · Answer

desole il a fallu sortir le chien !!!!! :).
on y aura passer tout la journee ! j espere que c'est fini ?

voila le raport : c est 

ComboFix 09-06-05.09 - marco 06/06/2009 18:39.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.510.198 [GMT 1:00]
Running from: c:\documents and settings\marco\My Documents\windows\ComboFix.exe
Command switches used :: c:\documents and settings\marco\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((   Files Created from 2009-05-06 to 2009-06-06  )))))))))))))))))))))))))))))))
.

2009-06-06 17:37 . 2009-06-06 17:37	--------	d-----w-	C:\32788R22FWJFW.0.tmp
2009-06-06 15:31 . 2009-03-08 03:21	89104	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVENG.SYS
2009-06-06 15:31 . 2009-03-08 03:21	876144	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVEX15.SYS
2009-06-06 15:31 . 2009-03-08 03:21	371248	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\EECTRL.SYS
2009-06-06 15:31 . 2009-03-08 03:21	259368	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\ECMSVR32.DLL
2009-06-06 15:31 . 2009-03-08 03:21	2414128	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\CCERASER.DLL
2009-06-06 15:31 . 2009-03-08 03:21	177520	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVENG32.DLL
2009-06-06 15:31 . 2009-03-08 03:21	1181040	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVEX32A.DLL
2009-06-06 15:31 . 2009-03-08 03:21	101936	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\ERASER.SYS
2009-06-06 12:24 . 2009-03-12 09:03	165240	----a-r-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-06 11:22 . 2009-06-06 11:23	--------	d-----w-	C:sit
2009-06-06 10:53 . 2009-06-06 10:53	--------	d-----w-	C:\Yoog_Fix
2009-06-06 10:49 . 2009-06-06 10:49	--------	d-----w-	C:\ToolBar SD
2009-06-06 10:44 . 2009-06-06 10:55	--------	d-----w-	c:\program files\Navilog1
2009-06-06 10:34 . 2009-06-06 10:34	--------	d-----w-	C:\GenProc
2009-06-05 08:01 . 2009-06-05 08:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Documents
2009-06-04 08:16 . 2009-06-04 08:16	--------	d-----w-	c:\documents and settings\marco\Application Data\Yahoo!
2009-06-04 08:16 . 2009-06-04 08:36	--------	d-----w-	c:\program files\Yahoo!
2009-06-04 08:16 . 2009-06-04 08:16	--------	d-----w-	c:\program files\CCleaner
2009-06-03 12:08 . 2009-06-03 12:08	--------	d-----w-	c:\program files\Trend Micro
2009-06-03 08:34 . 2009-06-03 08:34	--------	d-----w-	c:\windows\system32\wbem\Repository
2009-06-03 08:34 . 2009-06-03 08:34	--------	d-----w-	c:\program files\Bonjour
2009-05-29 18:43 . 2009-03-16 20:03	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
2009-05-29 18:43 . 2009-01-29 21:50	276344	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys
2009-05-29 18:43 . 2009-01-29 21:50	292912	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
2009-05-29 18:43 . 2009-01-29 21:50	447864	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
2009-05-29 18:43 . 2009-01-29 21:50	396848	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys
2009-05-26 16:23 . 2009-05-26 16:23	--------	d-----w-	c:\program files\Veoh Networks
2009-05-21 13:48 . 2009-05-21 13:48	--------	d-----w-	c:\documents and settings\marco\Local Settings\Application Data\Ahead
2009-05-21 13:38 . 2009-05-21 14:26	--------	d-----w-	c:\documents and settings\marco\Application Data\Any Video Converter
2009-05-21 13:38 . 2009-05-21 13:39	--------	d-----w-	c:\program files\Any Video Converter
2009-05-21 13:06 . 2000-06-26 10:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll
2009-05-21 13:06 . 2004-07-26 16:16	471040	------w-	c:\windows\system32\ImagXRA7.dll
2009-05-21 13:06 . 2004-07-26 16:16	262144	------w-	c:\windows\system32\ImagXR7.dll
2009-05-21 13:06 . 2004-07-26 16:16	476320	------w-	c:\windows\system32\ImagXpr7.dll
2009-05-21 13:06 . 2004-07-26 16:16	1568768	------w-	c:\windows\system32\ImagX7.dll
2009-05-21 13:06 . 2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2009-05-19 19:00 . 2009-03-16 20:03	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
2009-05-19 19:00 . 2009-01-29 21:50	276344	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
2009-05-19 19:00 . 2009-01-29 21:50	292912	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
2009-05-19 19:00 . 2009-01-29 21:50	447864	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
2009-05-19 19:00 . 2009-01-29 21:50	396848	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
2009-05-14 16:11 . 2009-05-14 16:11	--------	d-----w-	c:\windows\ie8
2009-05-14 15:47 . 2009-06-03 10:27	--------	d-sh--w-	c:\windows\system32\SystemService32(3)
2009-05-14 15:01 . 2009-06-03 09:38	--------	d-----w-	c:\windows\system32\SystemService32(2)
2009-05-14 14:42 . 2009-05-14 14:42	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-14 14:13 . 2009-05-14 14:13	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Leadertech
2009-05-14 13:53 . 2009-05-14 16:11	--------	d-----w-	c:\program files\Common Files\Sonic Shared(2)
2009-05-14 12:23 . 2009-05-14 12:23	--------	d-----w-	c:\program files\Dell
2009-05-12 12:13 . 2009-05-12 12:13	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2009-05-11 20:31 . 2009-02-20 18:09	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-05-11 20:31 . 2009-02-20 18:09	78336	----a-w-	c:\windows\system32\dllcache\ieencode.dll
2009-05-11 17:02 . 2009-05-14 16:25	--------	d-----w-	c:\program files\Sonic
2009-05-11 11:42 . 2009-05-11 11:42	93696	----a-w-	c:\windows\xfduc50240.exe
2009-05-11 10:36 . 2009-05-11 10:36	--------	d-----w-	c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple
2009-05-11 09:55 . 2009-05-11 09:59	--------	d-----w-	c:\documents and settings\marco\Application Data\Ahead
2009-05-11 09:41 . 2009-05-11 09:41	--------	d-----w-	c:\program files\Common Files\Nero
2009-05-11 09:39 . 2001-03-08 18:30	24064	------w-	c:\windows\system32\msxml3a.dll
2009-05-11 09:38 . 2009-05-11 09:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ahead
2009-05-11 09:38 . 2009-05-21 13:06	--------	d-----w-	c:\program files\Common Files\Ahead
2009-05-11 09:38 . 2009-05-21 13:06	--------	d-----w-	c:\program files\Ahead
2009-05-10 13:54 . 2009-05-10 13:54	--------	d-----w-	c:\documents and settings\marco\Local Settings\Application Data\Identities
2009-05-09 12:10 . 2009-05-09 12:10	--------	d-----w-	c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-05-09 10:48 . 2009-03-19 15:32	23400	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-09 10:48 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2009-05-09 10:47 . 2009-06-05 16:50	--------	d-----w-	c:\program files\iPod
2009-05-09 10:46 . 2009-05-09 10:48	--------	d-----w-	c:\program files\iTunes
2009-05-09 10:46 . 2009-05-09 10:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 10:42 . 2009-05-09 10:44	--------	d-----w-	c:\program files\QuickTime
2009-05-09 10:42 . 2009-05-09 10:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-08 21:56 . 2009-05-08 21:56	13440	----a-w-	c:\windows\system32\drivers\USBCRFT.SYS
2009-05-08 21:56 . 2004-05-28 01:06	266240	------w-	c:\windows\Dit.DLL
2009-05-08 21:56 . 2004-01-29 08:31	86016	----a-w-	c:\windows\Dit.exe
2009-05-08 21:56 . 2003-07-11 09:31	61440	----a-w-	c:\windows\DitExp.exe
2009-05-08 21:50 . 2009-05-08 21:50	--------	d-----w-	c:\program files\Multimedia Card Reader
2009-05-08 21:48 . 2009-05-08 21:48	--------	d-----w-	c:\program files\MUSICMATCH
2009-05-08 21:45 . 1998-10-29 15:45	306688	----a-w-	c:\windows\IsUninst.exe
2009-05-08 21:45 . 2009-05-08 21:46	--------	d-----w-	c:\program files\CyberLink

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 17:50 . 2008-10-26 18:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kontiki
2009-06-05 15:00 . 2008-12-05 19:24	--------	d-----w-	c:\documents and settings\marco\Application Data\dvdcss
2009-06-03 09:44 . 2008-10-21 21:08	--------	d-----w-	c:\program files\Symantec
2009-06-01 09:24 . 2008-11-06 22:08	--------	d-----w-	c:\program files\Common Files\Apple
2009-05-14 16:27 . 2008-10-19 14:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-14 16:23 . 2008-10-19 15:57	--------	d-----w-	c:\program files\DivX
2009-05-11 07:51 . 2008-10-18 21:49	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-05-09 10:49 . 2008-11-06 22:11	--------	d-----w-	c:\documents and settings\marco\Application Data\Apple Computer
2009-05-08 21:56 . 2008-10-18 19:45	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-05-08 21:37 . 2008-10-18 17:14	26856	----a-w-	c:\documents and settings\marco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 13:05 . 2008-10-19 14:25	--------	d-----w-	c:\program files\Microsoft Works
2009-05-07 12:20 . 2009-05-07 12:20	--------	d-----w-	c:\program files\MSBuild
2009-05-07 12:20 . 2009-05-07 12:20	--------	d-----w-	c:\program files\Reference Assemblies
2009-05-06 18:43 . 2009-05-06 18:43	--------	d-----w-	c:\program files\Boots F2CD
2009-04-22 09:32 . 2008-10-23 19:24	--------	d-----w-	c:\program files\Java
2009-04-22 07:01 . 2009-04-22 07:01	152576	----a-w-	c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 20:41 . 2009-04-19 20:41	905670	----a-w-	c:\windows\lvif3683.exe
2009-04-19 20:40 . 2009-04-19 20:40	69697	----a-w-	c:\windows	joo53238.exe
2009-04-19 20:39 . 2009-04-19 20:39	201171	----a-w-	c:\windows\ajhs5668.exe
2009-04-02 15:29 . 2009-04-02 15:29	75048	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-20 14:22 . 2008-10-21 21:08	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2009-03-20 14:22 . 2008-10-21 21:08	124464	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-19 15:32 . 2009-03-19 15:32	23400	----a-w-	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-18 21:53 . 2009-03-18 21:53	503808	----a-w-	c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcp71.dll
2009-03-18 21:53 . 2009-03-18 21:53	499712	----a-w-	c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\jmc.dll
2009-03-18 21:53 . 2009-03-18 21:53	348160	----a-w-	c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcr71.dll
2009-03-18 21:52 . 2009-02-19 18:11	152576	----a-w-	c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-16 20:03 . 2009-03-16 20:03	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-12 09:03 . 2008-12-11 11:28	36400	----a-r-	c:\windows\system32\drivers\SymIM.sys
2009-03-12 09:03 . 2008-10-23 20:10	554352	----a-r-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-03-09 04:19 . 2008-10-23 19:25	410984	----a-w-	c:\windows\system32\deploytk.dll
2008-10-18 17:29 . 2008-10-18 17:29	278528	----a-w-	c:\program files\Common Files\FDEUnInstaller.exe
.

------- Sigcheck -------

[7] 2008-06-23 16:01	827904	C66402A06B83B036C195242C0C8CF83C	c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08	827904	77C192FE56A70D7FA0247BA0A6201C32	c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24	827904	0D5B75171FF51775B630A431B6C667E8	c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56	827904	044E0A4E9FE97C0FB9AFE9C89E2A82E6	c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17	828416	C8667854873938CA13C986F16B0CD183	c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2004-08-10 11:00	656384	C0823FC5469663BA63E7DB88F9919D70	c:\windows\ie7\wininet.dll
[7] 2007-08-13 17:54	818688	A4A0FC92358F39538A6494C42EF99FE9	c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57	826368	8C13D4A7479FA0A026EDA8ABCE82C0ED	c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24	826368	EF8EBA98145BFA44E80D17A3B3453300	c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38	826368	6741EAF7B7F110E803A6E38F6E5FA6B0	c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15	826368	A82935D32D0672E8FF4E91AE398E901C	c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-04-14 00:12	666112	7A4F775ABB2F1C97DEF3E73AFA2FAEDD	c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-08 03:34	914944	6CE32F7778061CCC5814D5E0F282D369	c:\windows\system32\wininet.dll
[-] 2009-03-08 03:34	914944	6CE32F7778061CCC5814D5E0F282D369	c:\windows\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\Kontiki\KService.exe"=
"c:\Program Files\MSN Messenger\msnmsgr.exe"=
"c:\Program Files\MSN Messenger\livecall.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [20/03/2009 15:22 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [20/03/2009 15:22 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [20/03/2009 15:21 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [29/05/2009 19:43 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [20/03/2009 15:21 115560]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/05/2009 22:56 13440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/02/2009 10:00 101936]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32undll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\documents and settings\marco\Application Data\Mozilla\Firefox\Profiles\fq4w4wdk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 18:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4228)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-06 18:55
ComboFix-quarantined-files.txt  2009-06-06 17:55
ComboFix2.txt  2009-06-06 12:40

Pre-Run: 35,603,185,664 bytes free
Post-Run: 35,575,881,728 bytes free

230	--- E O F ---	2009-05-14 16:27

Ced_King · Answer

Bon, ça n'a pas l'air d'avoir fonctionner,on va faire autrement :

- Telecharges Malwarebytes' Anti-Malware :


- Installes le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour

- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes

- Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)

- A la fin du scan clic sur " Afficher les resultats ",

- si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "

- Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes

- Un rapport s'etablira, postes son contenu.

Ced_King · Answer

Tu peux me dire ce que c'est que cette analyse : 

http://www.commentcamarche.net/forum/affich 12759386 j ai un rapport de hijack quelqun peu m aid?#14

 Fichier kfuaa07573.exe reçu le 2009.05.28 12:46:04 (UTC)

mrco72 · Answer

j'en est aucune idee ???? c'est quoi t'en as une idee ? mais que veux dire (utc) ?

merci pour tout ce que tu fais ......
marco.

Ced_King · Answer

Et là tu comprends mieux ?

Fichier kfuaa07573.exe reçu le 2009.05.28 12:46:04 (UTC)
Situation actuelle: terminé

Résultat: 7/39 (17.95%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.28 -
AhnLab-V3 5.0.0.2 2009.05.28 -
AntiVir 7.9.0.180 2009.05.28 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.28 -
Avast 4.8.1335.0 2009.05.27 -
AVG 8.5.0.339 2009.05.28 -
BitDefender 7.2 2009.05.28 -
CAT-QuickHeal 10.00 2009.05.28 -
ClamAV 0.94.1 2009.05.28 -
Comodo 1210 2009.05.28 TrojWare.Win32.TrojanDropper.Agent.~RBP
DrWeb 5.0.0.12182 2009.05.28 -
eSafe 7.0.17.0 2009.05.27Win32.MaliciousSoftw 

* Le nom du fichier

* La date de l'analyse

* Les dates de mises à jour virale

 Voici les fichiers que je t'ai demandé d'analyser ( aujourd'hui)

c:\windows\xfduc50240.exe

c:\windows	joo53238.exe


???

Ced_King · Answer

Bonjour,


1) Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe
- Cliques sur :

--> Recherche
Puis,
--> Suppression.

Postes le rapport qui se trouve aussi dans C:\TCleaner.txt

Ced_King · Answer

Ok,

Clique sur Démarrer puis Exécuter. Tape combofix /u dans la zone de saisie puis OK.
- ( il y a un espace entre combofix et /u)

Ensuite,

/!\Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort./!\

* Télécharge OTM (OldTimer) sur ton Bureau.

- Double- Clique sur OTM.exe

- Copie (Ctrl+C) le texte en gras ci-dessous :

:processes
explorer.exe

:Files
c:\windows\xfduc50240.exe
c:\windows\ajhs5668.exe

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> le rapport est situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

*pour poster les rapports, tu vas utiliser ci-joint :

http://www.cijoint.fr/

Clique sur <Parcourir> et cherche le fichier C:\_OTM\MovedFiles\

Clique sur <Ouvrir>.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien te sera présenté, Copie le dans ta prochaine réponse

Ced_King · Answer

Bonjour,

le site fichier.fr ne prends pas en compte les fichiers exe ?

De quel fichier parles-tu ? je t'ai demandé de m'envoyer le rapport OTM avec ci-joint..

mrco72 · Answer

j ai un rapport de rsi ? quelelquun peu m'aider, j ai de grave probleme sur mon ordi.

merci !


info.txt logfile of random's system information tool 1.06 2009-07-08 12:37:16

======Uninstall list======

-->C:\Program Files\Ahead
ero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
7 in 1 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9  -wUninst
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Any Video Converter 2.5.8-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c  /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" 
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX5000_CX4900 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire PRO 4.12.3-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9  /remove
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{13B97BA0-1765-4EBA-8902-C6E30291F67B} 
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.135\InstStub.exe /X
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB20 PC Camera-268-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: JACK
Event Code: 7005
Message: The LoadUserProfile call failed with the following error: 
Incorrect function.


Record Number: 23901
Source Name: Service Control Manager
Time Written: 20090609002258.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 7005
Message: The LoadUserProfile call failed with the following error: 
Incorrect function.


Record Number: 23890
Source Name: Service Control Manager
Time Written: 20090608235013.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 7000
Message: The iPod Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


Record Number: 23889
Source Name: Service Control Manager
Time Written: 20090608234951.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Record Number: 23888
Source Name: Service Control Manager
Time Written: 20090608234951.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Record Number: 23887
Source Name: DCOM
Time Written: 20090608234951.000000+060
Event Type: error
User: JACK\marco

=====Application event log=====

Computer Name: JACK
Event Code: 1002
Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9105
Source Name: Application Hang
Time Written: 20090522165720.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9088
Source Name: Application Hang
Time Written: 20090522134733.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9087
Source Name: Application Hang
Time Written: 20090522134720.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 215
Message: wlmail (4164) WindowsLiveMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Record Number: 9074
Source Name: ESENT
Time Written: 20090522092146.000000+060
Event Type: error
User: 

Computer Name: JACK
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. 


DETAIL - Incorrect function. 

Record Number: 9065
Source Name: Userenv
Time Written: 20090521191622.000000+060
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0403
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

J ai un rapport de hijack ? quelqun peu m'aid

18 réponses

Discussions similaires