voici aussi le RSIT :
info.txt logfile of random's system information tool 1.06 2009-04-01 18:31:49
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
40000 lettres types & correspondance-->"C:\Program Files\Anuman Interactive\40000 lettres types & correspondance\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveFax-->C:\WINDOWS\UIActFax.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems HDA Modem-->agrsmdel
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon LBP2900-->C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UN.EXE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
EBP Comptes Bancaires 2008-->"C:\Program Files\EBP\Comptes Bancaires\unins000.exe"
Ext2Ifs-->"C:\WINDOWS\System32\UnIfs.exe"
FastStone-->"C:\Program Files\FastStone Capture\Désinstaller.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\commercial\Bureau\HijackThis.exe" /uninstall
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LClock-->"C:\Program Files\LClock\Désinstaller.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{F61DD673-0030-4BB2-A382-7E57E97F1036}
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OutlookMessenger V5.0-->"C:\Program Files\Outlook Messenger\unins000.exe"
QAD Enterprise Applications 2007.1-->C:\Program Files\InstallShield Installation Information\{F6F3DDF3-3F4B-4052-95F4-D062E29EEB64}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Taskix-->"C:\Program Files\Taskix\Désinstaller.exe"
Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
TransBar-->"C:\Program Files\TransBar\Désinstaller.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
USB Vibration Joystick-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57496D70-3C5A-4197-9908-128101444B73}\setup.exe" -l0x9
VistaDriveStatus-->"C:\Program Files\VistaDriveStatus\Désinstaller.exe"
VisualTaskTips-->"C:\Program Files\VisualTaskTips\Désinstaller.exe"
VNC Enterprise Edition E4.4.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.8.0-->"C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Trust Anti-Pub-->"C:\WINDOWS\System32\Drivers\Etc\UnHosts.exe"
Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"
WinRAR-->"C:\Program Files\WinRAR\uninstall.exe"
WinRoll-->"C:\Program Files\WinRoll\Désinstaller.exe"
=====HijackThis Backups=====
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-01]
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe [2009-04-01]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-04-01]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris [2009-04-01]
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg [2009-04-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-04-01]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-01]
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2009-04-01]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-01]
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg [2009-04-01]
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - http://serveur:8080/qadhome/client/setup.exe [2009-04-01]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 [2009-04-01]
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe [2009-04-01]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL [2009-04-01]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-04-01]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-04-01]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-04-01]
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2009-04-01]
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg [2009-04-01]
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe [2009-04-01]
======Hosts File======
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 rad.msn.com
127.0.0.1 rad.live.com
127.0.0.1 ads1.msn.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 101com.com
127.0.0.1 101order.com
127.0.0.1 103bees.com
127.0.0.1 1100i.com
Securitycenter WMI appears to be broken
======System event log======
Computer Name:
Event Code: 11197
Message: Échec lors de la mise à jour et la suppression des enregistrements (RR) des ressources hôte (A) de la carte réseau
ayant les paramètres :
Nom de la carte : {D98996B1-2B76-430E-9FA1-0572EB441799}
La raison pour laquelle la demande de mise à jour a échoué est un problème
système. Pour un code d'erreur spécifique, consultez les données d'enregistrement affichées ci-dessous.
Record Number: 1758
Source Name: DnsApi
Time Written: 20090307144221.000000+060
Event Type: Avertissement
User:
Computer Name:
Event Code: 4202
Message: Le système a détecté que la carte réseau Intel(R) 82562GT 10/100 Network Connection était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.
Record Number: 1757
Source Name: Tcpip
Time Written: 20090307144221.000000+060
Event Type: Informations
User:
Computer Name:
Event Code: 27
Message:
Record Number: 1756
Source Name: e1express
Time Written: 20090307144213.000000+060
Event Type: Avertissement
User:
Computer Name:
Event Code: 20
Message: Le pilote d'imprimante EPSON Stylus CX4300 Series pour Windows NT x86 Version-3 a été ajouté ou mis à jour. Fichiers :- E_FMAICAR.DLL, E_FUICCAR.DLL, E_FVIFCAR.VIF, E_QI111E.CHM, E_FDSPCAR.DLL, E_FJBCCAR.DLL, E_FCONCAR.DLL, E_FPRMCAR.PRM, E_FOKACAR.DLL, E_FAUDCAR.DLL, E_FUIRCAR.DLL, E_FUI1CAR.DLL, E_FUIPCAR.DLL, E_FCF0CAR.CFG, E_FGRCCAR.DLL, E_FPRUCAR.DLL, E_FPRECAR.EXE, E_FPI1CAR.DAT, EPSET32.DLL, E_FHM0CAR.DLL, E_FMW0CAR.DLL, E_FHT0CAR.DLL, E_FSR0CAR.DLL, E_FHBRCAR.DLL, E_FHUTCAR.DLL, E_FHUTCAR.EXE, E_FHSRCAR.DLL, E_FBA6CAR.DLL, E_FBL6CAR.DLL, E_FBIDCAR.LMD, E_FBAPCAR.DLL, EBAPI4.DLL, EBPBIDI.DLL, EPUPDATE.EXE, EPUPDATE.DAT, E_FARNCAR.EXE, E_FASKCAR.DLL, E_FAMTCAR.EXE, E_FAIRCAR.DLL, E_FAPRCAR.DLL, E_FATICAR.EXE, E_FABRCAR.DLL, E_FASRCAR.DLL, E_FBCSCAR.EXE, E_FAIFCAR.DAT, E_FGEPCAR.DLL, E_FASOCAR.DLL, E_S40RP7.EXE, E_QIAL2E.CHM, E_DUPA20.EXE, E_DUPA2E.DLL.
Record Number: 1755
Source Name: Print
Time Written: 20090307143946.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name:
Event Code: 20
Message: Le pilote d'imprimante EPSON Stylus CX4300 Series pour Windows NT x86 Version-3 a été ajouté ou mis à jour. Fichiers :- E_FMAICAR.DLL, E_FUICCAR.DLL, E_FVIFCAR.VIF, E_QI111E.CHM, E_FDSPCAR.DLL, E_FJBCCAR.DLL, E_FCONCAR.DLL, E_FPRMCAR.PRM, E_FOKACAR.DLL, E_FAUDCAR.DLL, E_FUIRCAR.DLL, E_FUI1CAR.DLL, E_FUIPCAR.DLL, E_FCF0CAR.CFG, E_FGRCCAR.DLL, E_FPRUCAR.DLL, E_FPRECAR.EXE, E_FPI1CAR.DAT, EPSET32.DLL, E_FHM0CAR.DLL, E_FMW0CAR.DLL, E_FHT0CAR.DLL, E_FSR0CAR.DLL, E_FHBRCAR.DLL, E_FHUTCAR.DLL, E_FHUTCAR.EXE, E_FHSRCAR.DLL, E_FBA6CAR.DLL, E_FBL6CAR.DLL, E_FBIDCAR.LMD, E_FBAPCAR.DLL, EBAPI4.DLL, EBPBIDI.DLL, EPUPDATE.EXE, EPUPDATE.DAT, E_FARNCAR.EXE, E_FASKCAR.DLL, E_FAMTCAR.EXE, E_FAIRCAR.DLL, E_FAPRCAR.DLL, E_FATICAR.EXE, E_FABRCAR.DLL, E_FASRCAR.DLL, E_FBCSCAR.EXE, E_FAIFCAR.DAT, E_FGEPCAR.DLL, E_FASOCAR.DLL, E_S40RP7.EXE, E_QIAL2E.CHM, E_DUPA20.EXE, E_DUPA2E.DLL.
Record Number: 1754
Source Name: Print
Time Written: 20090307143747.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name:
Event Code: 4099
Message: Échec de l'ouverture de services.
Record Number: 2459
Source Name: WmiAdapter
Time Written: 20090326090443.000000+060
Event Type: erreur
User: BUILTIN\Administrateurs
Computer Name:
Event Code: 4099
Message: Échec de l'ouverture de services.
Record Number: 2458
Source Name: WmiAdapter
Time Written: 20090326090440.000000+060
Event Type: erreur
User: BUILTIN\Administrateurs
Computer Name:
Event Code: 8193
Message: Erreur du service de cliché instantané des volumes : erreur lors de l'appel de la routine CoCreateInstance. hr = 0x80040206.
Record Number: 2457
Source Name: VSS
Time Written: 20090326090440.000000+060
Event Type: erreur
User:
Computer Name:
Event Code: 4609
Message: Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44 de f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur.
Record Number: 2456
Source Name: EventSystem
Time Written: 20090326090440.000000+060
Event Type: erreur
User:
Computer Name:
Event Code: 4
Message: The LightScribe Service started successfully.
Record Number: 2455
Source Name: LightScribeService
Time Written: 20090326090435.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
-----------------EOF-----------------
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\winjpg.jpg (Backdoor.Poison) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1929
Windows 5.1.2600 Service Pack 3, v.5512
2009-04-01 18:22:40
mbam-log-2009-04-01 (18-22-40).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 146500
Temps écoulé: 26 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\winjpg.jpg (Backdoor.Poison) -> Quarantined and deleted successfully.
l'Enfance passe, la Jeunesse la remplace,la Vieillesse prend sa place, pour que la Mort les ramasse, seul les Souvenir des bon amis qui restent à leurs place.
***سبحان الله وبحمده سبحان الله العضيم***
