Sujet Précédent Sujet Suivant

Erreur de communication avec le noyau

Fermé
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009 - 26 juil. 2009 à 17:14
 zelfalieb - 11 sept. 2010 à 07:59
Bonjour,

Je vous expose premièrement mon problème :

Lorsque Windows démarre, mon antivirus ne boot pas, j'obtient un message d'erreur :

"Erreur de communication avec le noyau" de ESET Smart Security 4.

Après plusieurs recherche, je suppose avoir été victime d'un virus qui cible mon antivirus lui même. (Peut être un virus du genre Bagle???).

J'ai suivi d'abord votre méthode préliminaire de désinfection sur ce lien ci :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc


Je vous poste donc tous les rapports que j'ai obtenus !

1/ Random's System Information Tool :

- log.txt
http://www.cijoint.fr/cjlink.php?file=cj200907/cijQAvCb92.txt
- info.txt
http://www.cijoint.fr/cjlink.php?file=cj200907/cij45UiHDE.txt

2/ Scan avec un Anti-Malware

- mbam-log-2009-07-26 (16-11-49).txt
http://www.cijoint.fr/cjlink.php?file=cj200907/cijeIeIek2.txt

3/ Scan Bit Defender

Je n'ai pas encore scanner mon ordinateur avec cet antivirus en ligne, néanmoins, je l'ai fais avec mon propre antivirus, il détecte 1 ou 2 infiltrations, nettoyés par suppression. Nod32 ne me fournis pas de rapport xD
------------------

Voila, mon problème est exposé,j'espère m'être bien exprimé, j'attends avec impatience votre réponse, et je vous remercie.

PS : Dans le but d'apprendre, s'il vous plaît, détaillez moi également comment vous procédez pour analyser ces rapports, ect...

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
27 juil. 2009 à 11:49
slt remets un rapport rsit ici directement
0
Réponse 2 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
27 juil. 2009 à 13:37
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-07-26 15:58:59
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 49 GB (65%) free of 76 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:00, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\¤ X-name ¤\Downloads\Programs\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\system32\winupd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ESET GUI] C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 3 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
27 juil. 2009 à 13:40
info.txt logfile of random's system information tool 1.06 2009-07-26 11:08:07

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
AP Tuner 3.08-->"C:\Program Files\AP Tuner\AP Tuner 3.08\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Juarez - Bound in Blood-->C:\Program Files\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CopyTrans Suite désinstallation uniquement-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
K-Lite Codec Pack 4.6.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NodEnabler 3.1-->C:\Program Files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pilote vidéo Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SnagIt 8-->MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Stickies 6.7a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.7a
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vegas Pro 9.0-->MsiExec.exe /X{DC785DB7-D389-48C3-B146-96FE99BF4E2B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinASO Registry Optimizer 4.2-->"C:\Program Files\WinASO\Registry Optimizer\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

======Security center information======

AV: ESET Smart Security 4.0
FW: Pare-feu personnel d'ESET

======System event log======

Computer Name: ENTREPRISE-M09
Event Code: 15007
Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée.

Record Number: 5
Source Name: HTTP
Time Written: 20090710131847.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers ENTREPRISE-M09.

Record Number: 4
Source Name: EventLog
Time Written: 20090710131601.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

Record Number: 3
Source Name: Serial
Time Written: 20090710151046.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20090710151032.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090710151032.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: ENTREPRISE-M09
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090710131710.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090710131707.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090710131625.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090710131613.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090710131606.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
0
Réponse 4 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
27 juil. 2009 à 14:05
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
27 juil. 2009 à 18:13
Voila qui est fait, j'ai désactivé tous les logicielles présents dans la barre de tâche, une fois que combofix a terminé, j'ai fermé le rapport et j'ai rebooté mon PC !
Ensuite, dans mon disque C: se trouve un nouveau dossier du nom de 'Qoobox', je ne sais pas trop ce que c'est.

Je te donne donc le rapport : http://www.cijoint.fr/cjlink.php?file=cj200907/cijoax1YYu.txt

----------------------

ComboFix 09-07-26.01 - Admin 27/07/2009 17:58.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1639 [GMT 2:00]
Running from: c:\documents and settings\Admin\Bureau\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-26 14:00 . 2009-07-26 14:00 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-07-26 14:00 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 14:00 . 2009-07-26 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 14:00 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 14:00 . 2009-07-26 14:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 09:07 . 2009-07-26 13:59 -------- d-----w- c:\program files\trend micro
2009-07-26 09:07 . 2009-07-26 14:12 -------- d-----w- C:\rsit
2009-07-24 23:19 . 2009-07-25 12:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2009-07-24 23:19 . 2009-03-19 14:32 23400 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-24 23:19 . 2008-04-17 10:12 107368 ------w- c:\windows\system32\GEARAspi.dll
2009-07-24 23:10 . 2009-07-24 23:10 -------- d-----w- c:\program files\WindSolutions
2009-07-24 23:10 . 2009-07-24 23:15 -------- d-----w- c:\documents and settings\Admin\Application Data\WindSolutions
2009-07-24 23:10 . 2009-07-24 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-07-23 20:32 . 2009-07-23 20:33 -------- d-----w- c:\documents and settings\Admin\Application Data\iLibs
2009-07-23 20:30 . 2009-07-23 20:32 -------- d-----w- c:\documents and settings\Admin\Application Data\CopyTransPhoto
2009-07-23 20:30 . 2009-07-23 20:30 -------- d-----w- c:\program files\AIMP2
2009-07-23 20:26 . 2009-07-24 23:12 -------- d-----w- c:\documents and settings\Admin\Application Data\CopyTrans
2009-07-21 22:21 . 2009-07-21 22:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Publish Providers
2009-07-21 21:27 . 2009-07-21 22:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony
2009-07-21 21:27 . 2009-07-21 21:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sony
2009-07-21 21:16 . 2009-07-21 21:16 -------- d-----w- c:\program files\MSBuild
2009-07-21 21:16 . 2009-07-21 21:16 153904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-21 21:14 . 2009-07-21 21:14 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 21:14 . 2009-07-21 21:14 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 21:14 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-21 21:12 . 2009-07-21 21:12 52770576 ----a-w- c:\documents and settings\Admin\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-21 21:12 . 2009-07-21 21:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony Setup
2009-07-21 18:31 . 2009-07-21 18:31 -------- d-----w- c:\documents and settings\Admin\Application Data\DivX
2009-07-21 18:27 . 2009-07-21 18:27 29926 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2009-07-21 18:27 . 2005-09-23 21:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2009-07-21 18:26 . 2009-07-21 18:26 -------- d-----w- c:\program files\Fichiers communs\Pinnacle
2009-07-21 18:26 . 2009-07-21 18:26 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Downloaded Installations
2009-07-21 18:22 . 2009-07-26 09:16 -------- d-----w- c:\program files\Pinnacle
2009-07-21 18:17 . 2009-07-26 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-07-20 19:13 . 2009-07-20 19:13 604416 ------w- c:\windows\system32\TUProgSt.exe
2009-07-20 19:13 . 2009-04-27 12:21 28928 ------w- c:\windows\system32\uxtuneup.dll
2009-07-20 19:13 . 2009-07-20 19:13 361216 ------w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:11 . 2009-07-20 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-20 19:11 . 2009-07-20 19:17 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 19:11 . 2009-07-20 19:11 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-20 18:57 . 2009-07-20 18:57 198064 ----a-w- c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-20 18:57 . 2009-07-27 15:56 -------- d-----w- c:\documents and settings\Admin\Application Data\DMCache
2009-07-20 18:57 . 2009-07-21 09:08 -------- d-----w- c:\documents and settings\Admin\Application Data\IDM
2009-07-20 18:57 . 2009-07-20 18:58 -------- d-----w- c:\program files\Internet Download Manager
2009-07-20 16:40 . 2009-07-20 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-18 15:50 . 2009-07-18 15:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Help
2009-07-17 17:02 . 2009-07-17 17:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ESET
2009-07-17 16:26 . 2009-07-21 14:48 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2009-07-17 15:54 . 2009-07-17 15:54 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 12:50 . 2009-07-16 12:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe
2009-07-14 11:46 . 2009-07-14 11:46 -------- d-----w- c:\program files\uTorrent
2009-07-14 11:44 . 2009-07-14 11:48 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2009-07-14 05:25 . 2008-04-13 15:33 159232 ------w- c:\windows\system32\ptpusd.dll
2009-07-14 05:25 . 2001-08-23 13:47 5632 ------w- c:\windows\system32\ptpusb.dll
2009-07-14 05:25 . 2008-04-13 07:45 15104 ------w- c:\windows\system32\drivers\usbscan.sys
2009-07-13 16:03 . 2009-07-13 16:03 112128 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}\Icon55367664.exe
2009-07-13 16:02 . 2009-07-13 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-13 16:02 . 2009-07-13 16:02 -------- d-----w- c:\program files\TechSmith
2009-07-13 16:02 . 2009-07-13 16:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\TechSmith
2009-07-13 14:18 . 2009-07-14 14:37 -------- d-----w- c:\documents and settings\Admin\Application Data\Hamachi
2009-07-13 14:18 . 2009-07-13 14:18 25280 ------w- c:\windows\system32\drivers\hamachi.sys
2009-07-13 14:18 . 2009-07-13 14:18 -------- d-----w- c:\program files\Hamachi
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-12 14:36 . 2009-07-12 14:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities
2009-07-11 21:15 . 2009-07-27 15:56 -------- d-----w- c:\documents and settings\Admin\Application Data\stickies
2009-07-11 21:14 . 2009-07-11 21:14 -------- d-----w- c:\program files\Stickies
2009-07-11 20:47 . 2009-07-17 20:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Corel
2009-07-11 20:47 . 2009-07-17 20:16 88 ------w- c:\windows\system32\49C697427A.sys
2009-07-11 20:47 . 2009-07-11 20:47 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel
2009-07-11 20:46 . 2009-07-11 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-07-11 20:45 . 2009-07-11 20:46 -------- d-----w- c:\program files\Fichiers communs\Corel
2009-07-11 20:45 . 2009-07-11 20:45 -------- d-----w- c:\program files\Corel
2009-07-11 20:41 . 2009-07-17 20:16 2984 ------w- c:\windows\system32\KGyGaAvL.sys
2009-07-11 16:26 . 2009-07-11 16:26 -------- d-----w- C:\Intel
2009-07-11 16:23 . 2009-07-11 16:23 -------- d-----w- c:\program files\AP Tuner
2009-07-11 16:21 . 2009-03-03 18:18 73728 ------w- c:\windows\system32\RtNicProp32.dll
2009-07-11 15:39 . 2009-07-11 15:39 -------- d-----w- c:\program files\ma-config.com
2009-07-11 15:39 . 2009-07-11 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-11 14:29 . 2009-07-11 14:29 56 ------w- c:\windows\system32\ezsidmv.dat
2009-07-11 14:29 . 2009-07-24 15:26 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2009-07-11 14:24 . 2009-07-24 16:54 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2009-07-11 14:24 . 2009-07-11 14:24 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-11 14:24 . 2009-07-11 17:32 -------- d-----r- c:\program files\Skype
2009-07-11 14:24 . 2009-07-11 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-11 11:31 . 2009-07-22 11:38 -------- d-----w- c:\documents and settings\Admin\Application Data\Spotify
2009-07-11 11:31 . 2009-07-22 11:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Spotify
2009-07-11 11:31 . 2009-07-11 11:31 -------- d-----w- c:\program files\Spotify
2009-07-11 10:12 . 2007-03-05 10:42 15128 ------w- c:\windows\system32\x3daudio1_1.dll
2009-07-11 10:01 . 2009-07-11 10:01 -------- d-----w- c:\program files\Ubisoft
2009-07-11 08:17 . 2008-05-30 12:11 3850760 ----a-w- c:\windows\system\d3dx9_38.dll
2009-07-11 08:15 . 2009-07-11 08:15 68888 ----a-w- c:\windows\system\xinput1_3.dll
2009-07-11 08:11 . 2009-07-27 15:57 -------- d-----w- c:\program files\SuperCopier2
2009-07-11 08:04 . 2009-07-11 08:04 -------- d-----w- c:\documents and settings\Admin\Application Data\ESET
2009-07-11 08:03 . 2009-07-11 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-11 07:45 . 2009-07-11 07:45 -------- d-----w- c:\program files\PopCap Games
2009-07-11 07:28 . 2009-07-11 07:28 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
2009-07-11 07:27 . 2009-07-17 12:06 -------- d-----w- c:\program files\World of Warcraft
2009-07-10 20:41 . 2009-07-10 20:41 -------- d-----w- c:\program files\Lavalys
2009-07-10 20:28 . 2009-07-10 20:28 -------- d--h--w- c:\windows\PIF
2009-07-10 20:24 . 2009-07-27 15:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-10 20:24 . 2009-07-27 15:55 -------- d-----w- c:\program files\Fraps
2009-07-10 20:08 . 2009-07-10 20:08 -------- d-----w- c:\documents and settings\Admin\Application Data\Media Player Classic
2009-07-10 20:05 . 2009-07-10 20:05 -------- d-----w- c:\program files\Alcohol Soft
2009-07-10 20:02 . 2009-07-10 20:02 685816 ------w- c:\windows\system32\drivers\sptd.sys
2009-07-10 15:02 . 2003-06-18 23:31 17920 ------w- c:\windows\system32\mdimon.dll
2009-07-10 15:01 . 2009-07-10 15:01 -------- d-----w- c:\program files\Microsoft.NET
2009-07-10 15:01 . 2009-07-10 15:01 -------- d-----w- c:\windows\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 23:20 . 2009-07-24 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-24 23:19 . 2009-07-24 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-24 23:19 . 2009-07-24 23:19 -------- d-----w- c:\program files\iTunes
2009-07-24 23:19 . 2009-07-24 23:19 -------- d-----w- c:\program files\iPod
2009-07-24 23:19 . 2009-07-24 23:19 -------- d-----w- c:\program files\Bonjour
2009-07-24 23:19 . 2009-07-24 23:18 -------- d-----w- c:\program files\QuickTime
2009-07-24 23:18 . 2009-07-24 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-24 23:18 . 2009-07-24 23:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-24 23:18 . 2009-07-24 23:18 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-24 09:00 . 2009-07-08 18:08 -------- d-----w- c:\program files\Trine
2009-07-22 12:55 . 2009-07-10 11:55 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-21 21:41 . 2009-07-10 11:23 70960 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 21:16 . 2004-08-05 12:00 79268 ------w- c:\windows\system32\perfc00C.dat
2009-07-21 21:16 . 2004-08-05 12:00 495068 ------w- c:\windows\system32\perfh00C.dat
2009-07-20 22:33 . 2009-07-20 22:33 67904 ----a-w- c:\windows\Fonts\Dungeon.TTF
2009-07-20 19:41 . 2009-07-10 12:20 2287104 ------w- c:\windows\system32\TUKernel.exe
2009-07-20 19:00 . 2009-07-10 11:42 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-18 16:14 . 2009-07-10 11:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 15:49 . 2009-07-10 11:28 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-07-12 14:24 . 2009-07-10 11:19 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 20:52 . 2009-07-11 20:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ESET
2009-07-11 16:24 . 2009-07-10 11:28 -------- d-----w- c:\program files\Realtek
2009-07-11 08:03 . 2009-07-10 13:41 -------- d-----w- c:\program files\ESET
2009-07-10 15:53 . 2009-07-10 11:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-10 12:48 . 2009-07-10 12:47 -------- d-----w- c:\program files\AIDA32 - Personal System Information
2009-07-10 12:17 . 2009-07-10 12:17 -------- d-----w- c:\program files\OO Software
2009-07-10 12:07 . 2009-07-10 12:07 -------- d-----w- c:\documents and settings\Admin\Application Data\TuneUp Software
2009-07-10 12:04 . 2009-07-10 12:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2009-07-10 12:03 . 2009-07-10 12:02 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-10 12:02 . 2009-07-10 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-10 12:02 . 2009-07-10 12:02 -------- d-----w- c:\program files\Nero
2009-07-10 11:56 . 2009-07-10 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-10 11:55 . 2009-07-10 11:55 -------- d-----w- c:\program files\CyberLink
2009-07-10 11:54 . 2009-07-10 11:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-10 11:53 . 2009-07-10 11:53 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-07-10 11:53 . 2009-07-10 11:53 -------- d-----w- c:\program files\VideoLAN
2009-07-10 11:52 . 2009-07-10 11:52 -------- d-----w- c:\program files\WinASO
2009-07-10 11:50 . 2009-07-10 11:50 -------- d-----w- c:\program files\CCleaner
2009-07-10 11:50 . 2009-07-10 11:50 -------- d-----w- c:\documents and settings\Admin\Application Data\UnH Solutions
2009-07-10 11:50 . 2009-07-10 11:50 -------- d-----w- c:\program files\UnH Solutions
2009-07-10 11:48 . 2009-07-10 11:48 -------- d-----w- c:\program files\Microsoft
2009-07-10 11:48 . 2009-07-10 11:47 -------- d-----w- c:\program files\Windows Live
2009-07-10 11:48 . 2009-07-10 11:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-10 11:46 . 2009-07-10 11:46 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-10 11:42 . 2009-07-10 11:42 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-10 11:34 . 2009-07-10 11:34 0 ----a-w- c:\windows\nsreg.dat
2009-07-10 11:28 . 2009-07-10 11:28 315392 ----a-w- c:\windows\HideWin.exe
2009-07-10 11:27 . 2009-07-10 11:27 -------- d-----w- c:\program files\Intel
2009-07-10 11:26 . 2009-07-10 11:26 16608 ----a-w- c:\windows\gdrv.sys
2009-07-10 11:20 . 2009-07-10 11:20 -------- d-----w- c:\program files\microsoft frontpage
2009-07-10 11:18 . 2009-07-10 11:18 -------- d-----w- c:\program files\Services en ligne
2009-07-10 11:17 . 2009-07-10 11:17 21892 ------w- c:\windows\system32\emptyregdb.dat
2009-07-09 10:16 . 2009-07-24 23:18 39424 ------w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-07-24 23:18 2060288 ------w- c:\windows\system32\usbaaplrc.dll
2009-06-21 06:46 . 2009-07-10 11:41 485920 ------w- c:\windows\system32\NVUNINST.EXE
2009-06-16 10:05 . 2009-07-10 11:27 53248 ------w- c:\windows\system32\CSVer.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ------w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ------w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ------w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ------w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ------w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ------w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ------w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ------w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-07-10 11:41 457248 ------w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 9998336 ------w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-06-10 04:03 815104 ------w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-06-10 04:03 8087712 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2009-06-10 04:03 671744 ------w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 5908608 ------w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2009-06-10 04:03 1720320 ------w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ------w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 151552 ------w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ------w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ------w- c:\windows\system32\nvcuvenc.dll
2009-06-05 13:16 . 2009-07-10 11:29 142336 ------w- c:\windows\system32\drivers\Rtenicxp.sys
2009-05-14 13:49 . 2009-05-14 13:49 55768 ------w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ------w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ------w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ------w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ------w- c:\windows\system32\drivers\eamon.sys
2009-05-08 14:02 . 2009-05-08 14:02 140288 ------w- c:\windows\system32\sfc_os.dll
2009-05-08 14:01 . 2009-05-08 14:01 360320 ------w- c:\windows\system32\drivers\tcpip.sys
2009-05-08 11:58 . 2009-05-08 11:58 1571840 ------w- c:\windows\system32\sfcfiles.dll
2009-05-08 11:49 . 2001-08-23 15:47 59392 ------w- c:\windows\system32\dvdplay.exe
2009-05-08 11:31 . 2009-05-08 11:34 1013248 ------w- c:\windows\system32\syssetup.dll
2009-05-08 11:31 . 2009-05-08 11:31 24576 ------w- c:\windows\system32\nlsdl.dll
2009-05-08 11:31 . 2009-05-08 11:31 23552 ------w- c:\windows\system32\normaliz.dll
2009-05-08 11:31 . 2009-05-08 11:31 26112 ------w- c:\windows\system32\idndl.dll
2009-05-08 11:30 . 2009-05-08 11:30 45568 ------w- c:\windows\system32\mshta.exe
2009-05-08 11:30 . 2009-05-08 11:30 818688 ------w- c:\windows\system32\wininet.dll
2009-05-08 11:30 . 2009-05-08 11:30 156160 ------w- c:\windows\system32\msls31.dll
2009-05-08 11:30 . 2009-05-08 11:30 48128 ------w- c:\windows\system32\mshtmler.dll
2009-05-08 11:29 . 2009-05-08 11:29 40960 ------w- c:\windows\system32\licmgr10.dll
2009-05-08 11:29 . 2009-05-08 11:29 36352 ------w- c:\windows\system32\imgutil.dll
2009-05-08 11:29 . 2009-05-08 11:29 55296 ------w- c:\windows\system32\iesetup.dll
2009-05-08 11:29 . 2009-05-08 11:29 78336 ------w- c:\windows\system32\ieencode.dll
2009-05-08 11:28 . 2009-05-08 11:28 17408 ------w- c:\windows\system32\corpol.dll
2009-05-08 11:28 . 2009-05-08 11:28 71680 ------w- c:\windows\system32\admparse.dll
2009-05-08 11:09 . 2009-05-08 11:09 44 ------w- c:\windows\system32\nlite.cmd
2009-07-23 10:43 . 2009-07-10 11:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2009-05-08 14:01 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2009-05-08 09:49 1408512 0AF023D93C7432A03F8FB91A38CFF80E c:\windows\explorer.exe

[-] 2009-05-08 11:58 1571840 99D5EA4690D4A39846C3FF867B8D6F7E c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-04-27 163072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ESET GUI"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-10-02 3309224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-05-08 123904]

c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [20/07/2009 21:13 604416]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\589yxb1j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?source=fhig
FF - component: c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,33,43,bf,88,4c,
b2,bc,7a,2e,e8,e1,00,eb,16,2b,de,20,21,f5,b1,f7,e8,e4,8a,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,ae,55,bf,e6,6f,
9c,e4,f6,46,47,15,b0,92,4b,c7,ef,96,78,96,4c,aa,c2,a4,99,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,af,1c,6e,0a,38,
0c,67,94,7a,45,05,fd,91,e8,6f,31,05,9e,4f,41,a5,67,75,8d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,74,3f,3c,70,4b,
6c,f9,05,6b,65,49,6a,7e,99,74,f7,fb,52,c1,8a,05,b4,ef,dd,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,90,29,b4,ba,35,
cf,1e,f7,e9,02,6c,fa,fb,1d,47,57,a5,24,08,52,e9,8a,6a,4b,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,71,f4,c1,67,e9,
eb,32,18,50,93,e5,ab,ec,6a,4e,ab,51,19,70,a1,86,cc,86,7d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f4,99,ee,e0,33,
36,86,13,97,20,4e,9a,c7,f1,35,ee,1f,24,30,ec,0c,33,4a,ec,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,03,66,c1,0b,83,
dc,6a,ac,aa,52,c6,00,84,3c,26,64,e4,45,0e,ef,eb,48,92,6e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,27,8d,66,1f,5a,
d2,3e,1d,b2,46,9a,e2,1b,fe,1b,94,9e,4e,e9,bc,12,bf,78,cd,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e9,66,8d,e0,5d,
2b,39,08,37,a4,aa,c3,a6,15,56,0a,b6,89,21,97,e4,f9,3b,28,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,51,e7,40,48,94,
5a,db,02,f8,31,0f,a9,5f,a0,ec,fb,66,97,ce,9d,64,3d,83,24,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,dd,17,b8,db,b1,
cc,32,d5,05,73,21,dd,54,d8,4a,c5,11,0a,e2,46,a1,2b,77,3a,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="D61C9B7175105653746E3A00F151D666811C6466892EC1C214532C9D51EBD1B2FEA448336C2AF8DCBFAC2437CC367520068AEB7976ABE8B53DA9BC10E3E20DA438D8543CE4B4ED0761345A902107BCA079DD376F2330AABFEC0479D76A28D8F1373DCC82A183D58B542EFDCCCE4C30FC41821976A29C0C7112B685AED58D5C47132DC36C0B001AD4F89B33A15325967BA63F64FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A6171C11EC38DE3DDE82C48F78B2ED550F1D6DCF9DC311CEB993667D2E088FEF997BB1DA189D549D790099198933A701E6DDC4A782CE5FE1A76F16153C9CED880D44DAFBDD5237B58CCC507D7E24B8ACAB18EB58F9C104423F1705FE19F0078C76FDBE4C01A42491B72B4ABCF93D9812CA247A4185BF3A5D5B9C1F1D412EF93B3C93B9CF1AE6BFDE0FFD7B99D21B92F026FE9708584D91A24835E11366E4BAD43A14404BF7D183511A4C6C1B943FC48E11C981145AD2ED08493CDECAEB8692203D32D9C99CFE3F9F5643B80DFB0CA232D6490A90A69F088414AEBE716A691FE50AC522193CEE1303B23291FC7CCAF1A63167946F0C64EA9653AEB9F82EC6D074D848C64BC085743B140DBA403D294EBB542F1C631036763DA3831E1539BFEB1E52590CB748092E8AD16B0CEC1835264564D12E65678E5E7E1914CF403F5509B696BCC97624A5DD383789725D9A653C9BF826EAB180CA2AE237EFC3B6A86D9619B7D6EA67D8E9750E85C8ED328910281A21A288C7782CB576F9C804F91254D2A23EB56EABA14A395B702A934DD974D29F5D664E6BA4D8314ACF75304FCBB5D335A38668A9EA9D44F120D60A56B5B07D90A0319CA58B5AA072186EF8BFD92503B5D81B7E8B569E852AAF1C0F397DC9B8D3D6676243689C5A082BD2A59776191D8EBEECECBF3A6EBC5CB068F124C1A76C565B12A5D22C718C27536311698C6D312E2E9583F89D8F00E8264F180AC9975206805F002AF810B4F14C07270A3DDDA504F0D3A42C42E83AB2080A7823104A7B580A1F9E60278FA70C4AC76D125D0F3308C78AC81495C6A79E437320E9C3D2484331C6C1D142EE0D9DF25177DE7585E53263C0792E3F57DA19370B2F9D46AB71C3A26EBF9D898FDF535E787092C0AD9E016CA1D6BD98303B1037765AC030AE805901D38229EFB4F1DF1D329711B1D413757CFB94482F46FEF50C7C691CC81D5307DF57069D1E0AE47430973D03EB2CCA16A442F91843F537C0720939B9121C1F55C97F5B646F9CB14D0E67C9D6474C236C668C62BBCBFE43EC992CB868BBB4684E39722930F15D24251F8236BDD02F4D85B914BB04F205DB782699EC3C2ED00C8322FD27736A225A3CC3EF112CC932CCF287B80B0893"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\sfc_os.dll

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-27 18:02
ComboFix-quarantined-files.txt 2009-07-27 16:02

Pre-Run: 51 610 808 320 octets libres
Post-Run: 51 600 113 664 octets libres

395



------------------------


Pour mon propre savoir, pourrais tu m'expliquer comment tu procède quand tu analyse le rapport et comment agis tu en conséquence ?


En tout cas, je te remercie de prêter attention à mon topic ! Merci ;)
0
Réponse 6 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
2 août 2009 à 18:39
Un petit Up pour pas qu'on ne m'oublie =)
0
Réponse 7 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
3 août 2009 à 21:30
remets un rapport rsit et dis tes soucis actuels
0
Réponse 8 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
3 août 2009 à 22:33
Problème : Antivirus Eset Smart Security qui ne le lance pas au démarage : Erreur de communication avec le noyau.

Je suppose, et pense que je suis affecté, aussi, lorsque j'installe un programme, on me demande de fermer certaine application. Jusqu'ici, tout est normal, sauf que le programme d'installation me demande de fermer Internet Explorer avant de pouvoir poursuivre, hors, je n'utilise et ne lance jamais Internet Explorer, ce dernier doit être l'un de mes processus actif mais je ne le vois pas ....
0
Réponse 9 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
3 août 2009 à 22:40
log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-03 22:28:59
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 38 GB (50%) free of 76 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:09, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Fichiers communs\Nero\AdvrCntr4\NeroPatentActivation.exe
C:\Program Files\Nero\Nero 9\Nero Vision\NeroVision.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spotify\spotify.exe
D:\¤ X-name ¤\Downloads\Programs\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Documents and Settings\Admin\Local Settings\temp\nro.tmp\"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ESET GUI] C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
0
Réponse 10 / 12
X-name Messages postés 8 Date d'inscription dimanche 26 juillet 2009 Statut Membre Dernière intervention 3 août 2009
3 août 2009 à 22:40
info.txt

info.txt logfile of random's system information tool 1.06 2009-08-03 22:29:13

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Premiere Elements 7.0-->msiexec /I {D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336} REMOVEPREFS=1
Adobe Premiere Elements 7.0-->MsiExec.exe /I{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
AP Tuner 3.08-->"C:\Program Files\AP Tuner\AP Tuner 3.08\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Juarez - Bound in Blood-->C:\Program Files\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CopyTrans Suite désinstallation uniquement-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F19D07BC-6240-49D3-BA5C-59B015DF8916}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESPRX520 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\ESPRX520\USE_G\DOCUNINS.EXE
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
K-Lite Codec Pack 4.6.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51036}
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NodEnabler 3.1-->C:\Program Files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pilote vidéo Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks for Premiere Elements-->"C:\Program Files\InstallShield Installation Information\{F6234880-85BE-4DCB-8A45-1FF85A1A8552}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks for Premiere Elements-->MsiExec.exe /I{F6234880-85BE-4DCB-8A45-1FF85A1A8552}
SnagIt 8-->MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stickies 6.7a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.7a
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinASO Registry Optimizer 4.2-->"C:\Program Files\WinASO\Registry Optimizer\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET Smart Security 4.0
FW: Pare-feu personnel d'ESET

======System event log======

Computer Name: ENTREPRISE-M09
Event Code: 7031
Message: Le service NOD32 Kernel Service s'est terminé de manière inattendue. Ceci s'est produit 6 fois. L'action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Record Number: 218
Source Name: Service Control Manager
Time Written: 20090710152213.000000+120
Event Type: erreur
User:

Computer Name: ENTREPRISE-M09
Event Code: 7036
Message: Le service NOD32 Kernel Service est entré dans l'état : en cours d'exécution.

Record Number: 217
Source Name: Service Control Manager
Time Written: 20090710152202.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 7031
Message: Le service NOD32 Kernel Service s'est terminé de manière inattendue. Ceci s'est produit 5 fois. L'action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Record Number: 216
Source Name: Service Control Manager
Time Written: 20090710152202.000000+120
Event Type: erreur
User:

Computer Name: ENTREPRISE-M09
Event Code: 7036
Message: Le service NOD32 Kernel Service est entré dans l'état : en cours d'exécution.

Record Number: 215
Source Name: Service Control Manager
Time Written: 20090710152158.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 7031
Message: Le service NOD32 Kernel Service s'est terminé de manière inattendue. Ceci s'est produit 4 fois. L'action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Record Number: 214
Source Name: Service Control Manager
Time Written: 20090710152157.000000+120
Event Type: erreur
User:

=====Application event log=====

Computer Name: ENTREPRISE-M09
Event Code: 1017
Message: Start registering ASP.NET (version 2.0.50727.0) (internal flag: 0x00000406)

Record Number: 365
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090721201548.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 101
Message: wuauclt (3736) Le moteur de base de données est arrêté.

Record Number: 364
Source Name: ESENT
Time Written: 20090721105111.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 103
Message: wuaueng.dll (3736) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).

Record Number: 363
Source Name: ESENT
Time Written: 20090721105111.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 102
Message: wuaueng.dll (3736) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 362
Source Name: ESENT
Time Written: 20090721104610.000000+120
Event Type: Informations
User:

Computer Name: ENTREPRISE-M09
Event Code: 100
Message: wuauclt (3736) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 361
Source Name: ESENT
Time Written: 20090721104610.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
0
Réponse 11 / 12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 août 2009 à 20:19
colle le rapport avec un scan en ligne de chez kaspersky ou bitdefender
0
Réponse 12 / 12
zelfalieb
11 sept. 2010 à 07:59
erreur de communicationavec le noyau
0

Discussions similaires

chaima csc
chaima -
chaima -

1 réponse
adele
marine carnet-pantier -
irongege -

2 réponses
Erreur de lecture des tv film et series sur mon appli iptv smarters pro
Constantenzostanley -
glandu -

1 réponse
décodeur Fransat bloqué
anne59 -
jeff06 -

68 réponses
code erreur fransat
feugi -
Zephyr59710fr -

7 réponses