Votre question

Email Hello + Internet explorer en erreur

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Mars 2009 12:41:17

Bonjour,

J'ai la chance :-( d'avoir tous mes contacts qui ont recu un message "hello" de ma part. De plus IE7 (meme 8 depuis que j'ai reinstalle) ne peux pas fermer sans message d'erreur. Enfin mon PC tourne on ne peu plus lentement.
J'ai fait un rapport RSIT.
Merci d'avance pour votre aide.


INFO TXT :
info.txt logfile of random's system information tool 1.05 2009-03-03 12:25:40

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Active Ports-->C:\WINDOWS\unvise32.exe C:\Program Files\Active Ports\uninstal.log
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AT&T Network Client-->C:\Program Files\AT&T Network Client\NetUN.exe
Backgammon 3D-->C:\WINDOWS\UnGins.exe "C:\Program Files\Backgammon 3D\install.log"
Boilsoft Video Joiner 5.24-->"C:\Program Files\Boilsoft Video Joiner\unins000.exe"
Brouf_SuDoKu 1.0-->"C:\Program Files\Brouf_Soft\SuDoKu\unins000.exe"
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Casino-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0C4B4C3-2216-4932-A569-70E0E9ACBA48}\SETUP.EXE" -l0x40c
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2-->MsiExec.exe /X{057f6911-35fd-4c8d-883f-11b8814480c9}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Client Security Solution-->MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ILvVen5a.inf
CreveBoules-->"C:\Program Files\CreveBoules\unins000.exe"
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x40c ControlPanel
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"
FLV Player-->C:\Program Files\FLV Player\uninstall.exe
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Mp3 Wma Converter V 1.5.5-->"C:\Program Files\Free Audio Pack\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.48\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA\UIU32m.exe -U -ILVVEN5Km.inf
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 2.0 (KB922981)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {A1D5A6B2-B620-41F9-B435-10A4FF3C18A2} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IBM Dynamic Content Delivery (DCDClient-ISSI)-->C:\Program Files\IBM\tivoli\dcd\client\ISSI\_uninst\uninstaller.exe
IBM Infoprint Select-->C:\Program Files\InstallShield Installation Information\{6928A265-9EED-4F8A-8016-483A4668016A}\setup.exe -runfromtemp -l0x0009 -removeonly
IBM Lotus Sametime Connect 7.5.1-->MsiExec.exe /X{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}
Integrated Camera-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IPM Client Migration Utility-->C:\Program Files\IBM\IPM Client Migration Utility\uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jeux de Pions 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD1C0415-70FD-449D-A15A-9BADF182763D}\SETUP.EXE" -l0x40c
Le compte est bon V 1.0.0-->"C:\Program Files\comptestbon\unins000.exe"
Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe
Lexmark 1200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
Lotus Notes 7.0.2-->MsiExec.exe /I{3DFB275E-92F1-4D4A-A546-C5475917FA41}
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Micro Application - Jeux de Pions-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Jeux de Pions\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Noe-->MsiExec.exe /I{0D11B712-AD1C-487D-80D6-073FDFDA5B76}
Noiseware Community Edition-->MsiExec.exe /I{CB3B7C24-30A1-4961-8039-94919F5ED2EE}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_fre_web.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PLUS800-->C:\WINDOWS\uninst.exe -f"C:\Program Files\SSP\PLUS800\DeIsL1.isu" -c"C:\Program Files\SSP\PLUS800\_ISREG32.DLL"
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Pro Backgammon-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinGames.Inc\ProBack\Uninst.isu"
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
Puissance4 Version 1-->"C:\Program Files\Puissance4\unins000.exe"
Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe"
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Serif PhotoPlus SE-->MsiExec.exe /X{09234F0D-5971-4701-94EE-89CB6926E273}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUDOKU-->MsiExec.exe /I{E1D1DD15-3273-E74C-8CA5-8D8034D53905}
SymmTime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE33741B-7899-4938-A3C0-E1CBC116F6A3}\Setup.exe"
System Migration Assistant-->MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad TrackPoint Driver-->C:\WINDOWS\system32\tp4unins.exe
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Ugrib RC1-->"C:\Program Files\GRIB.US\unins000.exe"
Update for Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VRTool 2009 (build 0.95.05feb09)-->"C:\Program Files\VRTool\unins000.exe"
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-2-->"C:\Program Files\WinHTTrack\unins000.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

System event log

Computer Name: HTM002823
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AB9EEC50-8D3E-4098-93CB-40A79803061A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 48098
Source Name: Tcpip
Time Written: 20090216050851.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AB9EEC50-8D3E-4098-93CB-40A79803061A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 48097
Source Name: Tcpip
Time Written: 20090216050731.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AB9EEC50-8D3E-4098-93CB-40A79803061A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 48096
Source Name: Tcpip
Time Written: 20090216050636.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AB9EEC50-8D3E-4098-93CB-40A79803061A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 48095
Source Name: Tcpip
Time Written: 20090216050611.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AB9EEC50-8D3E-4098-93CB-40A79803061A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 48094
Source Name: Tcpip
Time Written: 20090216050451.000000+060
Event Type: information
User:

Application event log

Computer Name: HTM002823
Event Code: 0
Message:
Record Number: 5
Source Name: gusvc
Time Written: 20090225205437.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 0
Message:
Record Number: 4
Source Name: gupdate1c987981eb01aea
Time Written: 20090225205437.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 2
Message: The Diskeeper Control Center has been started.
Diskeeper service started

Record Number: 3
Source Name: Diskeeper
Time Written: 20090225205437.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 0
Message:
Record Number: 2
Source Name: EvtEng
Time Written: 20090225205437.000000+060
Event Type: information
User:

Computer Name: HTM002823
Event Code: 0
Message:
Record Number: 1
Source Name: btwdins
Time Written: 20090225205422.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\IBM\Infoprint Select;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Samsung\Samsung PC Studio 3\;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TPCCommon"=C:\PROGRA~1\THINKV~1\PrdCtr
"SMA"=C:\Program Files\ThinkVantage\SMA\
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"PD_SOCKET"=6874
"PDBASE"=C:\Program Files\IBM\Infoprint Select

-----------------EOF-----------------

LOG TXT

Logfile of random's system information tool 1.05 (written by random/random)
Run by user at 2009-03-03 12:25:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 58 GB (53%) free of 109 GB
Total RAM: 1014 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:34, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\user\Start Menu\Programs\Startup\ctfmon.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://tssmail02.harte-hanks.be/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vnc.webex.com/client/wbs25-vzbprodins/webex/iea...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c987981eb01aea) (gupdate1c987981eb01aea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 15636 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-11-29 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-01-31 796224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-09 58416]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2007-04-26 91184]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-30 181808]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-16 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-16 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-16 138008]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-02-08 536576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-26 136600]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-28 81920]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-22 120368]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-19 196696]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-01-31 2618944]
"ISSI EZUpdate Service"=c:\sdwork\issimsvc.exe [2008-10-10 210944]
"w32msgr"=C:\sdwork\w32main2.exe [2008-11-19 278016]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-20 286720]
"defergui"=c:/sdwork/defergui.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MMAgent"=C:\Program Files\Mobile Master\MMAgent.exe []
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Infoprint Select Notification.lnk - C:\Program Files\IBM\Infoprint Select\ipnotify.exe

C:\Documents and Settings\user\Start Menu\Programs\Startup
ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
C:\WINDOWS\system32\ckpNotify.dll [2007-05-24 24665]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-02 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\Program Files\AT&T Network Client\NetClient.exe"="C:\Program Files\AT&T Network Client\NetClient.exe:*:Enabled:Network access client"
"C:\sdwork\W32MAIN2.EXE"="C:\sdwork\W32MAIN2.EXE:*:Enabled:o SP Windows 32-bit ESD API"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe"="C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0047df9f-a65a-11dc-a503-5461d0e9d809}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d40094c-fa70-11dd-a5da-5461d0e9d809}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a69fda5-d62f-11dc-a560-5461d0e9d809}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - E:\Recycled\ctfmon.exe


======List of files/folders created in the last 3 months======

2009-03-03 12:25:15 ----D---- C:\Program Files\trend micro
2009-03-03 12:25:11 ----D---- C:\rsit
2009-03-01 14:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-27 15:11:05 ----D---- C:\Documents and Settings\user\Application Data\Serif
2009-02-27 15:10:07 ----D---- C:\Program Files\Serif
2009-02-27 15:01:18 ----D---- C:\Program Files\Imagenomic
2009-02-25 12:32:20 ----D---- C:\WINDOWS\ie8updates
2009-02-25 12:29:20 ----HDC---- C:\WINDOWS\ie8
2009-02-20 12:44:20 ----D---- C:\Program Files\Mozilla Firefox
2009-02-11 20:17:55 ----D---- C:\Program Files\TVAnts
2009-02-11 09:01:00 ----D---- C:\Program Files\VRTool
2009-02-10 13:09:27 ----D---- C:\Program Files\WinHTTrack
2009-02-05 14:48:27 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-02-05 14:45:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-03 21:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-03 21:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-03 21:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-03 21:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-03 21:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-03 12:12:20 ----D---- C:\Documents and Settings\user\Application Data\SmartDraw
2009-01-28 19:00:16 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2009-01-26 16:20:57 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-26 16:20:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-26 16:20:57 ----A---- C:\WINDOWS\system32\java.exe
2009-01-26 16:20:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-15 02:22:22 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 02:22:00 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21:44 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 02:19:02 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-15 02:12:12 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 02:06:22 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 02:02:50 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 02:02:40 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 02:01:42 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 02:01:40 ----N---- C:\WINDOWS\system32\icardie.dll
2009-01-15 01:50:50 ----N---- C:\WINDOWS\system32\ieui.dll
2009-01-15 01:35:10 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2009-01-14 12:21:24 ----D---- C:\Program Files\Lavasoft
2009-01-14 12:20:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-05 11:10:37 ----A---- C:\WINDOWS\wgidll.ini
2009-01-05 11:10:37 ----A---- C:\WINDOWS\ProBack.INI
2008-12-31 18:36:01 ----D---- C:\Program Files\SSP
2008-12-31 18:21:47 ----D---- C:\Program Files\WinGames.Inc
2008-12-31 18:21:06 ----A---- C:\WINDOWS\bkg.ini
2008-12-31 18:12:36 ----D---- C:\Program Files\Backgammon 3D
2008-12-31 18:12:36 ----A---- C:\WINDOWS\UnGins.exe
2008-12-30 19:33:50 ----A---- C:\WINDOWS\system32\PolarZIPLight.dll
2008-12-30 19:32:24 ----A---- C:\WINDOWS\system32\mstext35.dll
2008-12-30 19:32:24 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2008-12-30 19:32:24 ----A---- C:\WINDOWS\system32\mspdox35.dll
2008-12-30 19:32:24 ----A---- C:\WINDOWS\system32\msltus35.dll
2008-12-30 19:32:24 ----A---- C:\WINDOWS\system32\msexcl35.dll
2008-12-30 19:32:23 ----A---- C:\WINDOWS\system32\msxbse35.dll
2008-12-30 19:32:23 ----A---- C:\WINDOWS\system32\msrepl35.dll
2008-12-30 19:32:23 ----A---- C:\WINDOWS\system32\msjet35.dll
2008-12-30 19:32:22 ----A---- C:\WINDOWS\system32\vbar332.dll
2008-12-30 19:32:22 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2008-12-30 19:32:22 ----A---- C:\WINDOWS\system32\msjter35.dll
2008-12-30 19:32:22 ----A---- C:\WINDOWS\system32\Msjint35.dll
2008-12-30 19:32:05 ----A---- C:\WINDOWS\IsUn040c.exe
2008-12-30 19:30:29 ----D---- C:\Program Files\Micro Application
2008-12-30 19:30:07 ----A---- C:\WINDOWS\NAVIGMA.INI
2008-12-28 15:26:47 ----D---- C:\Program Files\Boilsoft Video Joiner
2008-12-27 10:37:13 ----D---- C:\Downloads
2008-12-27 10:33:43 ----D---- C:\Documents and Settings\user\Application Data\Free Download Manager
2008-12-27 10:33:38 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-12-27 10:33:37 ----D---- C:\Program Files\Free Download Manager
2008-12-19 03:43:32 ----D---- C:\Program Files\Adobe
2008-12-19 01:53:27 ----D---- C:\Documents and Settings\user\Application Data\IDM

======List of files/folders modified in the last 3 months======

2009-03-03 12:25:15 ----RD---- C:\Program Files
2009-03-03 12:25:03 ----D---- C:\WINDOWS\Prefetch
2009-03-03 09:49:43 ----D---- C:\WINDOWS\Temp
2009-03-03 09:30:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-03 02:51:23 ----A---- C:\WINDOWS\win.ini
2009-03-03 00:29:21 ----SD---- C:\WINDOWS\Tasks
2009-03-02 22:37:43 ----D---- C:\sdwork
2009-03-02 22:07:10 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-03-02 22:07:06 ----AD---- C:\WINDOWS
2009-03-02 22:07:04 ----AD----

Autres pages sur : email hello internet explorer erreur

a c 296 8 Sécurité
3 Mars 2009 12:51:19

Salut,

  • Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.

  • Double-clique sur SmitfraudFix.exe pour le lancer.

  • Choisis l'option 1 puis Entrée.

  • Un rapport sera généré, poste-le dans ta prochaine réponse.

    /!\ process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus./!\

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
    3 Mars 2009 13:38:16

    Merci Destrio5
    Voic le rapport Smitfraud

    SmitFraudFix v2.398

    Scan done at 13:35:14.60, 03/03/2009
    Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\System32\svchost.exe
    c:\sdwork\issimsvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\tp4serv.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\lotus\notes\NLNOTES.EXE
    C:\Program Files\lotus\notes\ntaskldr.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\lotus\notes\stconnagent30.exe
    C:\Documents and Settings\user\Desktop\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\autorun.inf FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\Tasks\At?.job FOUND !
    C:\WINDOWS\Tasks\At??.job FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\LOCALS~1\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom NetLink (TM) Gigabit Ethernet - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.202.5

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5C5F6CA9-E07E-444B-AD0E-F956793BAD09}: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5C5F6CA9-E07E-444B-AD0E-F956793BAD09}: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.202.5


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
    Contenus similaires
    a c 296 8 Sécurité
    3 Mars 2009 13:38:58

  • Redémarre l'ordinateur en mode sans échec (au démarrage de l'ordinateur, tapote F8).
  • Double-clique sur SmitfraudFix.exe
  • Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
  • A la question : Voulez-vous nettoyer le registre ? réponds O (oui) et presse Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.
  • Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt
  • Copie-colle le rapport dans ton prochain message.
    3 Mars 2009 14:00:51

    Merci encore, voici le rapport
    SmitFraudFix v2.398

    Scan done at 13:51:36.29, 03/03/2009
    Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\autorun.inf Deleted
    C:\WINDOWS\Tasks\At?.job Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5C5F6CA9-E07E-444B-AD0E-F956793BAD09}: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5C5F6CA9-E07E-444B-AD0E-F956793BAD09}: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.202.5
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.202.5


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    a c 296 8 Sécurité
    3 Mars 2009 14:13:07

  • Supprime SmitfraudFix.

    Message édité par Destrio5.
    3 Mars 2009 14:16:45

    Citation :
    Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.


    Je suis en deplacement, je n'ai que ma souris. Sinon j'utilise une cle USB a la maison et mon imprimante.
    Je fais quand meme le nettoyage maintenant?
    a c 296 8 Sécurité
    3 Mars 2009 14:17:37

    Oui.
    3 Mars 2009 14:32:42

    Et voila


    -------------- UsbFix V2.414.3 ---------------

    * User : user - HTM002823
    * Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 14:24:40 le 03/03/2009
    * Windows Xp - Internet Explorer 8.0.6001.18372


    --------------- [ Processus actifs ] ----------------


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    c:\sdwork\issimsvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\WINDOWS\system32\userinit.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\netwk.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\ipconfig.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Fixed Drive

    Z: - Remote/Network Drive


    +- Contenu de l'autorun : C:\autorun.inf

    [autorun]
    shellexecute=Recycled\Recycled\ctfmon.exe
    shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe
    shell=Open(&0)


    +- Contenu de l'autorun : Z:\autorun.inf



    --------------- [ Lecteur C ] ----------------

    C: - Fixed Drive


    +- Listing des fichiers présents :

    [30/04/2006 08:13][---------] C:\AUTOEXEC.BAT
    [04/08/2004 13:00][-r-hs----] C:\NTDETECT.COM
    [20/11/2007 03:50][-r-hs----] C:\boot.ini
    [03/03/2009 13:56][-r-hs----] C:\autorun.inf
    [03/03/2009 13:56][-r-hs----] C:\dsbHSM.inf
    [03/03/2009 13:52][--a------] C:\rapport.txt
    [03/03/2009 13:52][--a------] C:\TPHKLOCK.TXT
    [03/03/2009 13:52][--a------] C:\UsbFix.txt
    [30/04/2006 08:13][---------] C:\CONFIG.SYS
    [30/04/2006 08:13][---------] C:\hiberfil.sys
    [30/04/2006 08:13][---------] C:\IO.SYS
    [30/04/2006 08:13][---------] C:\MSDOS.SYS
    [30/04/2006 08:13][---------] C:\pagefile.sys

    --------------- [ Lecteur Z ] ----------------

    Z: - Remote/Network Drive


    +- Listing des fichiers présents :

    [19/05/2008 23:00][--a------] Z:\ncsetup690.exe
    [19/05/2008 23:00][--a------] Z:\notes.exe
    [19/05/2008 23:00][--a------] Z:\RRT.exe
    [25/10/2007 12:12][--a------] Z:\MDb_preAndprod_Qmfsdf8.ini
    [11/02/2009 08:16][-r-hs----] Z:\Autorun.inf
    [02/03/2009 10:27][--a------] Z:\att.rox.txt
    [02/03/2009 10:27][--a------] Z:\avgrep.txt
    [02/03/2009 10:27][--a------] Z:\ererwer.txt
    [02/03/2009 10:27][--a------] Z:\Uninstall.txt

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    MMAgent=C:\Program Files\Mobile Master\MMAgent.exe
    Uniblue RegistryBooster 2=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    PWRMGRTR=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    BLOG=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    TPFNF7=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    TrackPointSrv=tp4serv.exe
    TPHOTKEY=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    <NO NAME>=
    TpShocks=TpShocks.exe
    EZEJMNAP=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    IgfxTray=C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
    Persistence=C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    DLA=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    AwaySch=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    LPManager=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    AMSG=C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
    DiskeeperSystray="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    cssauth="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    ISSI EZUpdate Service="c:\sdwork\issimsvc.exe"
    w32msgr=C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
    PCSuiteTrayApplication=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    Lexmark 1200 Series="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    defergui=c:/sdwork/defergui.exe
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0047df9f-a65a-11dc-a503-5461d0e9d809}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d40094c-fa70-11dd-a5da-5461d0e9d809}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a69fda5-d62f-11dc-a560-5461d0e9d809}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - [03/03/2009 13:51][--a------] C:\WINDOWS\system32\tmp.reg
    Supprimé ! - [03/03/2009 13:51][--a------] C:\WINDOWS\system32\tmp.txt
    Supprimé ! - [25/10/2006 16:13][-r-hs----] C:\Recycled\ctfmon.exe
    Supprimé ! - [12/10/2008 11:02][dr-hs----] C:\Recycled\Recycled
    Supprimé ! - [25/10/2006 16:13][-r-hs----] Z:\Recycled\ctfmon.exe
    Supprimé ! - [11/02/2009 08:16][-r-hs----] Z:\autorun.inf

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [30/04/2006 08:13][---------] C:\AUTOEXEC.BAT
    [04/08/2004 13:00][-r-hs----] C:\NTDETECT.COM
    [20/11/2007 03:50][-r-hs----] C:\boot.ini
    [14/04/2006 06:55][---------] C:\dsbHSM.inf
    [19/05/2008 23:00][--a------] Z:\ncsetup690.exe
    [19/05/2008 23:00][--a------] Z:\notes.exe
    [19/05/2008 23:00][--a------] Z:\RRT.exe
    [25/10/2007 12:12][--a------] Z:\MDb_preAndprod_Qmfsdf8.ini

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    Z:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------
    a c 296 8 Sécurité
    3 Mars 2009 14:34:19

    Quels sont ces fichiers ?

    Z:\ncsetup690.exe
    Z:\notes.exe
    Z:\RRT.exe
    3 Mars 2009 14:43:24

    Z: est un serveur d'entreprise. Ce sont des appli utilisees mais pas par moi
    Pour ton info, j'ai enormement de latence en tapant ce message.
    a c 296 8 Sécurité
    3 Mars 2009 14:57:42

  • Désinstalle UsbFix.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    3 Mars 2009 17:27:22

    Desole pour le retard.
    Voici le rapport
    Malwarebytes' Anti-Malware 1.34
    Database version: 1814
    Windows 5.1.2600 Service Pack 2

    03/03/2009 17:25:14
    mbam-log-2009-03-03 (17-25-14).txt

    Scan type: Quick Scan
    Objects scanned: 75188
    Time elapsed: 5 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Merci
    a c 296 8 Sécurité
    4 Mars 2009 03:36:37

  • Relance MBAM, va dans Quarantaine et supprime tout.

    Change ton mot de passe MSN.
    4 Mars 2009 10:17:25

    Voila, c'est fait
    Merci Destrio.
    Encore un probleme resolu par toi.
    Bravo a toute votre equipe de benevoles
    A bientot
    Topic clos
    a c 296 8 Sécurité
    4 Mars 2009 16:05:32

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 6
    - Java 6 Update 11
    - Java 6 Update 3
    - Java 6 Update 5

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

  • En bas à droite, clique sur Démarrer Online-scanner.

  • Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

  • Accepte les Contrôles ActiveX.

  • Choisis Poste de travail pour le scan.

  • Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

  • Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    4 Mars 2009 23:55:18

    Voila le rapport Kaspersky
    Est ce que je dois selectionner quelque chose, laisser l'analyse ouverte ou je peux la fermer?

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, March 04, 2009 11:49:26 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 4/03/2009
    Enregistrements dans la base antivirus Kaspersky : 1687147
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\

    Statistiques de l'analyse:
    Total d'objets analysés: 94866
    Nombre de virus trouvés: 6
    Nombre d'objets infectés: 11 / 0
    Nombre d'objets suspects: 2
    Durée de l'analyse: 03:02:41

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBaqt.zip/ctfmon.exe Suspect : Password-protected-EXE ignoré
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBaqt.zip ZIP: suspect - 1 ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_41c.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\3a43988f-28873cf4 Infecté : Exploit.Java.ByteVerify ignoré
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-585a2f07/OP.class Infecté : Trojan-Downloader.Java.OpenStream.ac ignoré
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-585a2f07 ZIP: infecté - 1 ignoré
    C:\Documents and Settings\user\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\IETldCache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6F967C43-08F0-11DE-A5EB-5461D0E9D809}.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0FF3C7CE-08F1-11DE-A5EB-5461D0E9D809}.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6F967C44-08F0-11DE-A5EB-5461D0E9D809}.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Archive\0DEA0A5B-00000182.eml/[From "Volksbanken Raiffeisenbanken AG 2006" <support-reference507373][Date 7 Apr 2006 16:32:51][Subj Volksbanken Raiffeisenbanken Banking [Fri, 07 Apr 2006 18:31:53]/cox.gif Infecté : Trojan-Spy.HTML.Bankfraud.ot ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Archive\0DEA0A5B-00000182.eml Mail: infecté - 1 ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\0lf656jd.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temp\Free Download Manager\tic15.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temp\Free Download Manager\tic2E.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temp\~DF2369.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temp\~DF2F92.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temp\~DFB47.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\user\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\user\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\default-000004.log L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\default-000004.logaccount_ptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\default-000004.loginitial_ptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\default-000004.logLuuidDB L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\default-000004.logptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000028.log L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000028.logaccount_ptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000028.loginitial_ptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000028.logLuuidDB L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000028.logptr L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\sr_gui_tde.log L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log L'objet est verrouillé ignoré
    C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log L'objet est verrouillé ignoré
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\msg_client.log L'objet est verrouillé ignoré
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_client.log L'objet est verrouillé ignoré
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_clientservice_start.err L'objet est verrouillé ignoré
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_clientservice_start.out L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG L'objet est verrouillé ignoré
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_247.trc L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP321\A0050462.exe Infecté : Trojan.Win32.VB.aqt ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0057114.inf Infecté : Trojan.Win32.VB.aqt ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0057152.inf Infecté : Worm.Win32.VB.fi ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0057153.exe Infecté : Trojan.Win32.VB.aqt ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0057154.exe Infecté : Trojan.Win32.VB.aqt ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0057157.exe Infecté : Trojan.Win32.VB.aqt ignoré
    C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP347\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\ckpNotify.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_354.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_730.dat L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    a c 296 8 Sécurité
    5 Mars 2009 01:32:42

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\3a43988f-28873cf4
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-585a2f07
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Archive\0DEA0A5B-00000182.eml/[From "Volksbanken Raiffeisenbanken AG 2006" <support-reference507373][Date 7 Apr 2006 16:32:51][Subj Volksbanken Raiffeisenbanken Banking [Fri, 07 Apr 2006 18:31:53]/cox.gif

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    5 Mars 2009 07:20:45

    J'ai eu :
    Invalid Time Flag
    Must be numerical

    Voici ce qu'il a reussi a faire:
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\3a43988f-28873cf4 moved successfully.
    C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-585a2f07 moved successfully.

    Mais j'ai pas eu ni de reboot ni de message. J'ai ferme l'appli.
    a c 296 8 Sécurité
    5 Mars 2009 15:23:39

    Ok.

    Plus de souci ?
    5 Mars 2009 15:41:38

    Apparement avec le message d'erreur que j'ai eu lors du dernier process, il n'a pas detruit

    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Archive\0DEA0A5B-00000182.eml/[From "Volksbanken Raiffeisenbanken AG 2006" <support-reference507373][Date 7 Apr 2006 16:32:51][Subj Volksbanken Raiffeisenbanken Banking [Fri, 07 Apr 2006 18:31:53]/cox.gif


    Est important?
    Aussi, j'ai toujours IE qui ferme mal avec systematique le message de Microsoft "envoyer", "ne pas envoyer" lorsqu'une application se ferme mal.
    Chaque nouvel onglet mets un temps fou a s'ouvrir.
    Je vide regulierement les temps.... mais rien n'y fait.
    Enfin, je ne sais pas si c'est le site qui fait ca, (il n'y a que la que j'ai remarque cela) mais j'ai bien 10 secondes entre ma frappe sur le clavier et l'affichage dans la reponse de ce forum.

    Globalement le pc est tres lent. Mais je ne sais pas si on peut faire quelque chose.
    a c 296 8 Sécurité
    5 Mars 2009 15:56:09

    Tu as 1Go de RAM et 1 tonne de programmes qui se lance au démarrage.
    5 Mars 2009 16:02:28

    que me conseille tu?
    Ou dois je aller pour empecher les programmes de demarrer?
    Mais la grosse lenteur est surtout apres. J'ai l'impression que je n'ai pas de Ram justement.
    Une appli met un temps fou a se charger (excell, word par exemple). Une page internet c'est la meme chose etc.
    Est-ce que je dois reposter ou bien tu peux voir cela?
    Merci encore
    a c 296 8 Sécurité
    5 Mars 2009 16:08:18

    Tu peux désactiver des programmes avec CCleaner mais ne désactive pas l'antivirus par exemple.

    ---> Télécharge et installe CCleaner Slim :
  • Lance-le. Va dans Outils puis Démarrage.
  • Sélectionne le programme que tu veux désactiver puis clique sur Désactiver.
    6 Mars 2009 19:15:04

    Merci Destrio5
    Desole pour la reponse pas tres rapide, mais j'etais a l'etranger cette semaine et je voyageais.
    Ca y est, j'ai enleve quelques programmes au demarrage.

    L'ordi est toujours lent, internet exploreur plante toujours quand je le ferme, mais tu as fait quand meme un gros boulot de nettoyage qui a porte ses fruits.
    Comme d'hab, toi et l'equipe des benevoles sont vraiment super.
    Pour mes petits soucis qui restent, et qui ont peu d'importance, je reposterai plus tard.

    Bon week end a toi et aux autres et merci encore
    a c 296 8 Sécurité
    6 Mars 2009 20:41:15

    Tu as essayé de réinitialiser Internet Explorer ?
    7 Mars 2009 14:06:48

    oui, j'ai desinstalle et reinstalle. C'est pareil.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS