[Résolu] Log Hijackthis

Accélérer son PC et résoudre les problèmes de lenteur PC et Windows

Modérateur : Mods Windows

Bernanos

[Résolu] Log Hijackthis

par Bernanos »

Bonjour,

J'ai quelques lenteurs au démarrage. Je suspecte un virus (ou autre) d'en être responsable.

Quelqu'un pourrait-il m'aider à comprendre le rapport Hijackthis ci-dessous et le cas échéant m'indiquer la procédure à suivre?

Merci d'avance,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:34, on 25/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\user\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\DropMyRights\PrivBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10304 bytes
SkyTech

Re: Log Hijackthis

par SkyTech »

Salut,

Vérifie l'Ultra-DMA : http://forum.malekal.com/activer-ultra- ... =dma#p3860

---

Enlève la vaccination de Spybot :

Image

Puis désinstalle-le, il est obsolète voir : http://forum.malekal.com/test-eradicati ... tml#p64338

---

Je te conseille de désinstaller Ad-Aware.
La version gratuite n'offre pas de protection en temps réel, ça reste un scanneur donc l'efficacité est plus qu'à douter, voir : http://forum.malekal.com/adwares-spywar ... t8046.html

---

Adobe Reader pas à jour, il contient des failles de sécurités, installe la dernière version.
(Désinstalle d'abord l'ancienne version via Ajout\Suppression de programmes qui porte le nom de Acrobat Reader 6.0)
voir : http://forum.malekal.com/exploitation-s ... ml#p104313

Sur la page de téléchargement de Adobe Reader, décoche McAfee Security Scan avant d'appuyer sur le bouton Télécharger :

Image

---

Java est pas à jour, il contient des failles de sécurités, installe la dernière version : http://www.java.com/fr/download/installed.jsp

Et :

Télécharge JavaRa (de Paul McLain et Fred de Vries)
  • Décompresse le fichier sur ton Bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu.
  • Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
  • Clique sur Effacer les anciennes versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok
  • Ferme l'application.
  • Poste le contenu de C:\JavaRa.log
---
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Internet Explorer pas à jour, il contient des failles de sécurités qui peuvent via des exploits sur des sites WEB conduire à l'infection.

Lire ce sujet IE6 VS IE 7 : Pourquoi maintenir son navigateur à jour ? et mets Internet Explorer 6 à jour.
En outre, tu peux faire un scan de vulnérabilités afin de vérifier que tes logiciels soient à jour sans failles de sécurités.

Installe Internet Explorer 8 (même si tu utilises Firefox).

Redémarre et poste un nouveau rapport HijackThis.
Bernanos

Re: Log Hijackthis

par Bernanos »

Ok, merci beaucoup.

Je fais tout ça et poste le second log.

++
Bernanos

Re: Log Hijackthis

par Bernanos »

Re-bonjour,

Voici déjà le log JavaRa:


Je poste le log HijackThis dès que ma machine est redémarrée.


JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 25 22:21:52 2010

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

There was an error removing C:\Program Files\Java\jre1.6.0_02. The error returned was 32.

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 25 22:34:46 2010

There was an error removing C:\Program Files\Java\jre1.6.0_02. The error returned was 32.

------------------------------------

Finished reporting.
Bernanos

Re: Log Hijackthis

par Bernanos »

Voici donc le log Hijackfhis (ci-dessous).

Concernant les problèmes dont souffre mon PC, il me faut être un peu plus clair:

* L'allumage se fait rapidement, entre 30 secondes et 1 minutes ce qui me semble acceptable compte tenu de son âge et de ses capacités.
* Le vrai problème vient après: alors que le bureau est déjà affiché (sur deux écrans) il est impossible depuis peu d'accéder à la barre des tâches. C'est à dire que le pointeur de la souris se mue en sablier lorsqu'on tente l'opération. Cela dure une dizaine de minutes. Ce problème n'existait pas il y a une semaine. J'avais alors un virus que j'avais pu bazarder: SISZYD32. D'ailleurs, je n'ai plus de son non plus depuis l'apparition de ce virus.
* Pendant ces dix minutes, en revanche, il m'est possible d'ouvrir n'importe quel document ou d'exécuter n'importe quel soft en passant par les raccourcis de mon bureau (dont Total Commander).
* De même pendant ces dix minutes, aucune connexion à Internet. Je me demande d'ailleurs si le problème ne viendrait pas de là. Comme si l'ordinateur peinait à se connecter à Internet... Pour quelles raisons, je n'en sais rien...

Merci de tes conseils avisé dans ton dernier message. L'allumage est encore plus rapide. Jusqu'au problème sus-dit.

Le log Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:47, on 25/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\DropMyRights\PrivBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8962 bytes
SkyTech

Re: Log Hijackthis

par SkyTech »

Salut,

Tu n'as pas mise à jour Adobe Reader, fais-le.

Sinon je pense que tu es encore infecté, pour voir :

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (qui sera affiché)
    ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
Bernanos

Re: Log Hijackthis

par Bernanos »

En réalité, je ne parviens pas à le mettre à jour.

J'ai une version pirate de la suite Adobe - aucun des programmes de la suite n'a donc accès à Internet, mon firewall (Kerio) est paramétré pour ça.

Par ailleurs, je ne trouve pas le programme Adobe Reader ni en passant par le panneau de configuration, ni par Ccleaner...

Je viens de rechercher le virus SISZYD32 en passant par l'outil de recherche Windows, ça ne donne rien. Auparavant, il apparaissait dans les programmes au démarrage (Ccleaner).

Je suis tes instructions, essaye derechef de mettre le reader à jour.

A bientôt.
SkyTech

Re: Log Hijackthis

par SkyTech »

Re,
J'ai une version pirate de la suite Adobe - aucun des programmes de la suite n'a donc accès à Internet, mon firewall (Kerio) est paramétré pour ça.

Par ailleurs, je ne trouve pas le programme Adobe Reader ni en passant par le panneau de configuration, ni par Ccleaner...
Installe toujours la visionneuse v9 car sinon tu es vulnérable (d'ailleurs y a peut-être un rapport avec ton infection ;))

Lire aussi : http://forum.malekal.com/danger-des-cra ... html#p4489
Bernanos a écrit :Je viens de rechercher le virus SISZYD32 en passant par l'outil de recherche Windows, ça ne donne rien. Auparavant, il apparaissait dans les programmes au démarrage (Ccleaner).
La suppression de cette entrée de démarrage ne suffit pas à éradiquer l'infection, ça serait trop facile.

Poste le log RSIT et je trancherais entre optimisation ou désinfection.
Bernanos

Re: Log Hijackthis

par Bernanos »

Concernant les versions pirates de tel ou tel logiciel, je suis conscient des risques encourus et n'en abuse pas - surtout avec mes maigres compétences...

Pour le virus, je sais bien que ce serait trop simple... Ça m'avait d'ailleurs étonné: d'autant plus qu'il était d'abord impossible de le virer du démarrage.

J'ai mis le reader à jour et suivi tes instructions.

Le log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-01-25 23:45:01
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 78 GB (33%) free of 238 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:13, on 25/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\user\Bureau\RSIT.exe
C:\Documents and Settings\user\Bureau\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - C:\DropMyRights\PrivBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9486 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-23 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-25 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{300BC64A-BF32-4cc8-8917-91148CEFE700} - PrivBar - C:\DropMyRights\PrivBar.dll [2005-10-14 233472]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-23 2033432]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NoSpam"= []
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-03-14 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-10-15 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
C:\Program Files\inKline Global\PC Booster\pcbooster.exe [2002-06-13 4186112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-12-18 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\INSTAL~1\{AC76B~1\SC_ACR~1.EXE [2007-01-30 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
C:\PROGRA~1\Larousse\PETITL~1\bin\HYPERA~1.EXE [2006-05-15 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
Wireless Configuration Utility HW.15.lnk - C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-23 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549d68b4-5969-11dc-b131-00032f3ff2c3}]
shell\Auto\command - E:\Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dca1e52-12f5-11de-b2f0-0018f37fd0a8}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-01-25 23:45:01 ----D---- C:\rsit
2010-01-25 23:40:01 ----D---- C:\Program Files\NOS
2010-01-25 23:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-25 23:14:55 ----A---- C:\HiJackThis.exe
2010-01-25 22:32:32 ----D---- C:\WINDOWS\ie8updates
2010-01-25 22:31:12 ----A---- C:\WINDOWS\imsins.BAK
2010-01-25 22:31:03 ----D---- C:\WINDOWS\WBEM
2010-01-25 22:30:11 ----HDC---- C:\WINDOWS\ie8
2010-01-25 22:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-25 22:15:12 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-25 22:15:12 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-25 22:15:12 ----A---- C:\WINDOWS\system32\java.exe
2010-01-25 22:15:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-25 08:06:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 15:57:42 ----HD---- C:\$AVG
2010-01-23 15:57:29 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-23 15:57:12 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-01-23 15:56:53 ----D---- C:\Program Files\AVG
2010-01-23 15:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-23 15:12:55 ----D---- C:\Program Files\REALTEK RTL8187SE Wireless LAN Driver
2010-01-23 13:10:00 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-01-23 13:09:48 ----D---- C:\Program Files\NVIDIA Corporation
2010-01-23 13:08:56 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-01-23 13:08:55 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-01-23 13:08:54 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-01-23 13:08:54 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-01-22 16:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-15 01:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-15 01:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 00:36:37 ----D---- C:\Documents and Settings\user\Application Data\FreeFixer
2010-01-12 00:36:28 ----D---- C:\Program Files\FreeFixer
2010-01-12 00:22:11 ----D---- C:\Program Files\RegCleaner
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvwddi.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrszht.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrstr.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsth.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrssv.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrssl.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrssk.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsru.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrspt.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrspl.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsno.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsko.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsja.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsit.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrshu.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrshe.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrses.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrseng.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsel.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsde.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsda.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrscs.dll
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvrsar.dll
2010-01-10 13:08:48 ----D---- C:\Program Files\Fichiers communs\Designer
2010-01-08 16:51:47 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-01-04 16:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-04 15:59:12 ----D---- C:\Program Files\Bonjour
2010-01-04 15:58:28 ----D---- C:\Program Files\QuickTime
2010-01-04 15:55:43 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2010-01-25 23:45:02 ----D---- C:\WINDOWS\Prefetch
2010-01-25 23:43:42 ----SHD---- C:\WINDOWS\Installer
2010-01-25 23:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-25 23:43:03 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-01-25 23:42:44 ----D---- C:\Program Files\Adobe
2010-01-25 23:42:41 ----D---- C:\WINDOWS\Temp
2010-01-25 23:42:20 ----D---- C:\WINDOWS\system32
2010-01-25 23:40:01 ----RD---- C:\Program Files
2010-01-25 23:39:48 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 23:35:06 ----A---- C:\WINDOWS\RTacDbg.txt
2010-01-25 23:32:35 ----A---- C:\WINDOWS\wincmd.ini
2010-01-25 23:31:27 ----D---- C:\WINDOWS
2010-01-25 23:15:38 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-25 22:40:09 ----D---- C:\WINDOWS\system32\fr-fr
2010-01-25 22:40:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-25 22:40:08 ----D---- C:\WINDOWS\Help
2010-01-25 22:40:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-25 22:40:08 ----D---- C:\Program Files\Internet Explorer
2010-01-25 22:33:17 ----HD---- C:\WINDOWS\inf
2010-01-25 22:32:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-25 22:31:06 ----D---- C:\WINDOWS\system32\config
2010-01-25 22:30:53 ----D---- C:\WINDOWS\Media
2010-01-25 22:30:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-25 22:28:09 ----D---- C:\WINDOWS\Debug
2010-01-25 22:22:00 ----D---- C:\Program Files\Java
2010-01-25 22:15:37 ----D---- C:\Program Files\Fichiers communs\Java
2010-01-25 22:10:58 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2010-01-25 22:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 22:10:53 ----D---- C:\WINDOWS\system32\drivers
2010-01-25 15:35:35 ----D---- C:\Program Files\eMule
2010-01-25 13:41:52 ----A---- C:\WINDOWS\lgfwup.ini
2010-01-25 13:38:20 ----D---- C:\Documents and Settings\user\Application Data\Skype
2010-01-25 08:25:47 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2010-01-24 19:39:55 ----D---- C:\WINDOWS\pss
2010-01-24 11:00:57 ----D---- C:\WINDOWS\SxsCaPendDel
2010-01-23 15:57:42 ----D---- C:\Documents and Settings
2010-01-23 15:56:42 ----D---- C:\WINDOWS\WinSxS
2010-01-23 15:56:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-23 15:44:02 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-23 15:22:43 ----D---- C:\WINDOWS\system32\wbem
2010-01-23 15:22:43 ----D---- C:\WINDOWS\Registration
2010-01-23 15:12:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-23 13:12:26 ----D---- C:\Program Files\Logitech
2010-01-23 13:09:58 ----D---- C:\WINDOWS\nview
2010-01-23 13:09:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-23 13:08:50 ----D---- C:\NVIDIA
2010-01-23 12:55:33 ----D---- C:\Program Files\ma-config.com
2010-01-23 12:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2010-01-23 12:44:09 ----D---- C:\Program Files\Winamp
2010-01-21 18:18:59 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-15 09:56:58 ----D---- C:\WINDOWS\AppPatch
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-01-12 05:03:33 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-01-12 01:15:19 ----A---- C:\WINDOWS\system.ini
2010-01-12 00:01:29 ----D---- C:\Program Files\Grisoft
2010-01-10 13:08:25 ----RSD---- C:\WINDOWS\Fonts
2010-01-10 12:18:30 ----ASH---- C:\boot.ini
2010-01-09 18:51:18 ----A---- C:\WINDOWS\ODBC.INI
2010-01-09 18:48:55 ----A---- C:\WINDOWS\win.ini
2010-01-09 18:37:08 ----D---- C:\WINDOWS\ShellNew
2010-01-09 18:36:46 ----D---- C:\Program Files\Fichiers communs
2010-01-09 17:06:17 ----A---- C:\cleannavi.txt
2010-01-09 13:06:07 ----D---- C:\Program Files\lg_fwupdate
2010-01-09 12:54:37 ----D---- C:\Program Files\Fichiers communs\Apple
2010-01-09 12:39:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 18:29:20 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2010-01-04 16:04:03 ----D---- C:\Documents and Settings\user\Application Data\Apple Computer
2010-01-04 15:57:07 ----SD---- C:\WINDOWS\Tasks
2010-01-04 15:57:06 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-12-24 43488]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-23 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-23 360584]
R1 fwdrv;Kerio Personal Firewall Driver; C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 102912]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SSHDRV84;SSHDRV84; \??\C:\WINDOWS\system32\drivers\SSHDRV84.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-12 21035]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R2 procguard;procguard; \??\C:\WINDOWS\system32\drivers\procguard.sys []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-22 35712]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2008-03-21 308480]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-06-02 10368]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-23 285392]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-25 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 PersFw;Kerio Personal Firewall; C:\Program Files\Kerio\Personal Firewall\persfw.exe [2003-04-30 389120]
R3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-30 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888; C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe -s C:\Program Files\Freenet\wrapper.conf []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
S4 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Gateway\wlancfg.exe [2006-03-22 1466368]

-----------------EOF-----------------
Bernanos

Re: Log Hijackthis

par Bernanos »

Puis, le contenu de Info.txt:










info.txt logfile of random's system information tool 1.06 2010-01-25 23:45:16

======Uninstall list======

-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{F9AD857F-0492-4AC2-9A77-241360ADBB3C}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attansic Giga Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Codec 8.1 build 11-->"C:\Program Files\Codec\Uninstall\unins000.exe"
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" UNINSTALL
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
FreeFixer-->"C:\Program Files\FreeFixer\Uninstall.exe" "C:\Program Files\FreeFixer\install.log" -u
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\user\Mes documents\Téléchargements\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Kerio Personal Firewall 2.1.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 3.4.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexibase Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22AE875F-B8B3-46AF-856C-CE858538D912}\setup.exe" -l0x40c
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Miranda IM 0.8.12-->C:\Program Files\Miranda IM\Uninstall.exe
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
MixScreen-->C:\Program Files\MixScreen\Remove.exe
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Navilog1 3.3.1-->"C:\Program Files\Navilog1\unins000.exe"
NoSpam 0.5.32-->"C:\Program Files\StofWare\NoSpam\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
PC Booster-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\Setup.exe"
PC-Bibliothek Express-->C:\WINDOWS\unin0407.exe -fC:\PC-BIB\DeIsL1.isu -cC:\PC-BIB\_ISREG32.DLL
Petit Larousse 2007-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1444B13F-B744-4624-9695-D9E6471817B1}\Setup.exe" -l0x40c
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninst
QuarkXPress 7.2-->MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
REALTEK RTL8185 Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{EF72E0A5-57E8-471F-837E-82BB19771363}\Install.exe -uninst -l0x40C
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sun Java Runtime Environment and JMF-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFA98080-B0C6-11D5-91CB-005004F84FA1}\Setup.exe" -l0x40c
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TRENDnet TEW-421PC or TEW-423PI-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VirtualLab Client 5.5.15-->"C:\Program Files\BinaryBiz\VirtualLab5\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinUAE 1.4.2-->C:\Program Files\WinUAE\uninstall_winuae.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: PC-PIERRE
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 60042
Source Name: Service Control Manager
Time Written: 20091226130232.000000+060
Event Type: Informations
User:

Computer Name: PC-PIERRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 60041
Source Name: Service Control Manager
Time Written: 20091226130232.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-PIERRE
Event Code: 7036
Message: Le service Configuration automatique sans fil est entré dans l'état : en cours d'exécution.

Record Number: 60040
Source Name: Service Control Manager
Time Written: 20091226130230.000000+060
Event Type: Informations
User:

Computer Name: PC-PIERRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Configuration automatique sans fil.

Record Number: 60039
Source Name: Service Control Manager
Time Written: 20091226130228.000000+060
Event Type: Informations
User: PC-PIERRE\user

Computer Name: PC-PIERRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service aswRdr.

Record Number: 60038
Source Name: Service Control Manager
Time Written: 20091226130228.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-PIERRE
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Record Number: 8520
Source Name: MsiInstaller
Time Written: 20080909151335.000000+120
Event Type: Avertissement
User: PC-PIERRE\user

Computer Name: PC-PIERRE
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 8519
Source Name: MsiInstaller
Time Written: 20080909151335.000000+120
Event Type: Avertissement
User: PC-PIERRE\user

Computer Name: PC-PIERRE
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 8518
Source Name: MsiInstaller
Time Written: 20080909151116.000000+120
Event Type: Avertissement
User: PC-PIERRE\user

Computer Name: PC-PIERRE
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 8517
Source Name: MsiInstaller
Time Written: 20080909151116.000000+120
Event Type: Avertissement
User: PC-PIERRE\user

Computer Name: PC-PIERRE
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 8516
Source Name: MsiInstaller
Time Written: 20080909151116.000000+120
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem";C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
Bernanos

Re: Log Hijackthis

par Bernanos »

Je passe un coup de Malwarebytes. Ca ne peut pas faire de mal.
Avatar de l’utilisateur
angelique
Messages : 31153
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: Log Hijackthis

par angelique »

SISZYD32 patch atapi.sys

.*´¨ )
,.•´¸.•*¨) ¸.•*¨)
(¸.•´ : (¸.•´ : (´¸.•*´¯`*•
» Télécharge combofix.exe (par sUBs) » renomme le dans la fenetre de telechargement par COlaF , et sauvegarde le sur ton bureau , pas ailleurs!!!!!


http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Image
http://imagesup.org/images/1238940640-cfdl.jpg

Image
http://imagesup.org/images/1238940687-cfren.jpg




Les Antivirus couinent sur ComboFix (Nircmd ....), faut autoriser ou désactiver temporairement son AV , ainsi que la demande d'access à la zone sure si le firewall couine , il faut autoriser \o/

* Double-clique combofix.exe(COlaF), accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.
* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.
* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
.*´¨ )
,.•´¸.•*¨) ¸.•*¨)
(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

tuto:: Un guide et un tutoriel sur l'utilisation de ComboFix:
http://www.bleepingcomputer.com/combofi ... r-combofix
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
Bernanos

Re: Log Hijackthis

par Bernanos »

Bonjour,

Voici le rapport généré par ComboFix:

Inutile de préciser que je n'y comprends pas un mot...



ComboFix 10-01-25.06 - user 26/01/2010 10:27:48.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.471 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Mes documents\Skype\My Skype Received Files\COlaF.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\inst.exe
c:\windows\system32\Process.exe
c:\windows\unins000.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-26 au 2010-01-26 ))))))))))))))))))))))))))))))))))))
.

2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-01-25 23:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-25 23:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 22:45 . 2010-01-25 22:45 -------- d-----w- C:\rsit
2010-01-25 22:43 . 2010-01-25 22:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-25 22:14 . 2010-01-25 21:53 401720 ----a-w- C:\HiJackThis.exe
2010-01-25 21:40 . 2010-01-25 21:40 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-01-25 21:32 . 2010-01-25 21:32 -------- d-----w- c:\windows\ie8updates
2010-01-25 21:30 . 2010-01-25 21:30 -------- dc-h--w- c:\windows\ie8
2010-01-25 21:23 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-25 21:23 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-25 21:23 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-25 21:23 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-25 21:23 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-25 21:23 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-25 21:15 . 2010-01-25 21:15 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\msvcp71.dll
2010-01-25 21:15 . 2010-01-25 21:15 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\jmc.dll
2010-01-25 21:15 . 2010-01-25 21:15 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\msvcr71.dll
2010-01-25 21:15 . 2010-01-25 21:15 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11b5e135-n\decora-sse.dll
2010-01-25 21:15 . 2010-01-25 21:15 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11b5e135-n\decora-d3d.dll
2010-01-25 21:15 . 2010-01-25 21:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 15:02 . 2010-01-23 15:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar
2010-01-23 14:57 . 2010-01-23 14:57 -------- d-----w- C:\$AVG
2010-01-23 14:57 . 2010-01-23 14:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 14:57 . 2010-01-23 14:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 14:57 . 2010-01-23 14:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 14:57 . 2010-01-23 14:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 14:57 . 2010-01-26 09:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 14:57 . 2010-01-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-23 14:56 . 2010-01-23 14:56 -------- d-----w- c:\program files\AVG
2010-01-23 14:56 . 2010-01-23 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 14:22 . 2010-01-23 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-23 14:12 . 2010-01-23 14:13 -------- d-----w- c:\program files\REALTEK RTL8187SE Wireless LAN Driver
2010-01-23 12:10 . 2010-01-23 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-23 12:09 . 2010-01-23 12:11 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-23 12:08 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-23 12:08 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-23 12:08 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-23 12:08 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-23 12:08 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-21 17:45 . 2009-09-18 08:28 421888 ----a-w- c:\documents and settings\user\Application Data\Thunderbird\Profiles\6dvc6ahk.Pierrot\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-01-14 08:06 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 23:36 . 2010-01-12 11:11 -------- d-----w- c:\documents and settings\user\Application Data\FreeFixer
2010-01-11 23:36 . 2010-01-11 23:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\FreeFixer
2010-01-11 23:36 . 2010-01-11 23:36 -------- d-----w- c:\program files\FreeFixer
2010-01-11 23:22 . 2010-01-11 23:38 -------- d-----w- c:\program files\RegCleaner
2010-01-11 23:01 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-01-09 12:20 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-09 12:20 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-09 12:18 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-09 12:18 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-09 12:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-08 15:51 . 2010-01-09 12:09 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-04 15:00 . 2010-01-04 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-04 14:59 . 2010-01-04 14:59 -------- d-----w- c:\program files\Bonjour
2010-01-04 14:58 . 2010-01-04 14:58 -------- d-----w- c:\program files\QuickTime
2010-01-04 14:55 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 09:13 . 2008-05-08 13:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-25 22:43 . 2006-12-23 09:07 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-25 21:40 . 2007-10-07 11:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-25 21:22 . 2007-01-13 23:31 -------- d-----w- c:\program files\Java
2010-01-25 21:15 . 2007-01-13 23:31 -------- d-----w- c:\program files\Fichiers communs\Java
2010-01-25 21:10 . 2007-10-04 15:58 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-01-25 21:10 . 2007-10-07 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 14:35 . 2007-06-23 16:06 -------- d-----w- c:\program files\eMule
2010-01-25 12:38 . 2006-12-23 21:12 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-01-25 07:25 . 2008-03-30 16:45 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-01-23 14:12 . 2006-12-23 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:12 . 2007-10-11 18:06 -------- d-----w- c:\program files\Logitech
2010-01-23 11:55 . 2008-10-12 20:50 -------- d-----w- c:\program files\ma-config.com
2010-01-23 11:55 . 2008-10-12 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-01-23 11:44 . 2006-12-23 16:22 -------- d-----w- c:\program files\Winamp
2010-01-21 17:18 . 2008-10-18 02:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 04:03 . 2008-10-12 21:02 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-09-17 07:55 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2007-07-13 06:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2007-07-13 06:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2007-07-13 06:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2007-07-13 06:34 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2007-06-28 16:43 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2007-06-28 16:43 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-10 11:19 . 2006-12-23 15:33 35208 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 12:06 . 2006-12-23 09:29 -------- d-----w- c:\program files\lg_fwupdate
2010-01-09 11:54 . 2007-10-22 14:23 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-04 15:04 . 2007-02-04 20:04 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-01-04 14:57 . 2007-04-01 10:13 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 19:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 00:21 . 2006-03-02 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-21 00:21 . 2006-03-02 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-10-12 20:36 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-03 08:51 . 2009-11-10 13:41 421888 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2006-12-23 16:00 . 2006-12-23 15:55 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-10-01 14:00 . 2006-12-23 09:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-11 805392]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2008-10-12 843776]
Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 14:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=c:\windows\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 13:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-14 02:06 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-10-15 22:44 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2002-06-13 12:21 4186112 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-09-06 03:44 16262656 ----a-r- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [23/12/2006 16:44 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/12/2006 16:36 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/01/2010 15:57 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/01/2010 15:57 360584]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [30/01/2007 22:03 102912]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [24/12/2006 01:37 76800]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/01/2010 15:56 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/10/2008 22:07 38144]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [22/10/2007 22:34 24911]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [23/12/2006 16:42 35712]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888;"c:\program files\Freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\Freenet\wrapper.conf" --> c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-NoSpam - (no file)
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 10:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
Heure de fin: 2010-01-26 10:33:51
ComboFix-quarantined-files.txt 2010-01-26 09:33
ComboFix2.txt 2007-10-22 16:38

Avant-CF: 81 620 000 768 octets libres
Après-CF: 81 605 881 856 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /NOGUIBOOT

- - End Of File - - 42AF39DD3139EEB7D1E8D7ABEA6C34D9
Avatar de l’utilisateur
angelique
Messages : 31153
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: Log Hijackthis

par angelique »

du coup y'a pas grand chose

Branches tes supports amovibles usb sans les ouvrir!

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:
File::
E:\Cn911.exe
C:\WINDOWS\system32\fjhdyfhsn.bat
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549d68b4-5969-11dc-b131-00032f3ff2c3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
"IconStreams"=-
"PastIconsStream"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001
[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
[*]Choisis "Enregistrer sous" et choisis le meme repertoire ou est COlaF : Skype\My Skype Received Files\
[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript
[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
[*]Quitte le Bloc Notes.
[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


Image


* suis les instructions
* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
Bernanos

Re: Log Hijackthis

par Bernanos »

Voici le deuxième rapport:



ComboFix 10-01-25.06 - user 26/01/2010 10:57:33.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.398 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\user\Mes documents\Skype\My Skype Received Files\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\fjhdyfhsn.bat"
"E:\Cn911.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-26 au 2010-01-26 ))))))))))))))))))))))))))))))))))))
.

2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-01-25 23:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 23:11 . 2010-01-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-25 23:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 22:45 . 2010-01-25 22:45 -------- d-----w- C:\rsit
2010-01-25 22:43 . 2010-01-25 22:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-25 22:14 . 2010-01-25 21:53 401720 ----a-w- C:\HiJackThis.exe
2010-01-25 21:40 . 2010-01-25 21:40 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-01-25 21:32 . 2010-01-25 21:32 -------- d-----w- c:\windows\ie8updates
2010-01-25 21:30 . 2010-01-25 21:30 -------- dc-h--w- c:\windows\ie8
2010-01-25 21:23 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-25 21:23 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-25 21:23 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-25 21:23 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-25 21:23 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-25 21:23 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-25 21:15 . 2010-01-25 21:15 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\msvcp71.dll
2010-01-25 21:15 . 2010-01-25 21:15 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\jmc.dll
2010-01-25 21:15 . 2010-01-25 21:15 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4b1ac20f-n\msvcr71.dll
2010-01-25 21:15 . 2010-01-25 21:15 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11b5e135-n\decora-sse.dll
2010-01-25 21:15 . 2010-01-25 21:15 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11b5e135-n\decora-d3d.dll
2010-01-25 21:15 . 2010-01-25 21:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 15:02 . 2010-01-23 15:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar
2010-01-23 14:57 . 2010-01-23 14:57 -------- d-----w- C:\$AVG
2010-01-23 14:57 . 2010-01-23 14:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 14:57 . 2010-01-23 14:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 14:57 . 2010-01-23 14:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 14:57 . 2010-01-23 14:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 14:57 . 2010-01-26 09:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 14:57 . 2010-01-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-23 14:56 . 2010-01-23 14:56 -------- d-----w- c:\program files\AVG
2010-01-23 14:56 . 2010-01-23 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 14:22 . 2010-01-23 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-23 14:12 . 2010-01-23 14:13 -------- d-----w- c:\program files\REALTEK RTL8187SE Wireless LAN Driver
2010-01-23 12:10 . 2010-01-23 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-23 12:09 . 2010-01-23 12:11 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-23 12:08 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-23 12:08 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-23 12:08 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-23 12:08 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-23 12:08 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-21 17:45 . 2009-09-18 08:28 421888 ----a-w- c:\documents and settings\user\Application Data\Thunderbird\Profiles\6dvc6ahk.Pierrot\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-01-14 08:06 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 23:36 . 2010-01-12 11:11 -------- d-----w- c:\documents and settings\user\Application Data\FreeFixer
2010-01-11 23:36 . 2010-01-11 23:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\FreeFixer
2010-01-11 23:36 . 2010-01-11 23:36 -------- d-----w- c:\program files\FreeFixer
2010-01-11 23:22 . 2010-01-11 23:38 -------- d-----w- c:\program files\RegCleaner
2010-01-11 23:01 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-01-09 12:20 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-09 12:20 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-01-09 12:18 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-01-09 12:18 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-01-09 12:17 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-04 15:00 . 2010-01-04 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-04 14:59 . 2010-01-04 14:59 -------- d-----w- c:\program files\Bonjour
2010-01-04 14:58 . 2010-01-04 14:58 -------- d-----w- c:\program files\QuickTime
2010-01-04 14:55 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 09:13 . 2008-05-08 13:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-25 22:43 . 2006-12-23 09:07 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-25 21:40 . 2007-10-07 11:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-25 21:22 . 2007-01-13 23:31 -------- d-----w- c:\program files\Java
2010-01-25 21:15 . 2007-01-13 23:31 -------- d-----w- c:\program files\Fichiers communs\Java
2010-01-25 21:10 . 2007-10-04 15:58 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-01-25 21:10 . 2007-10-07 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 14:35 . 2007-06-23 16:06 -------- d-----w- c:\program files\eMule
2010-01-25 12:38 . 2006-12-23 21:12 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-01-25 07:25 . 2008-03-30 16:45 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-01-23 14:12 . 2006-12-23 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:12 . 2007-10-11 18:06 -------- d-----w- c:\program files\Logitech
2010-01-23 11:55 . 2008-10-12 20:50 -------- d-----w- c:\program files\ma-config.com
2010-01-23 11:55 . 2008-10-12 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-01-23 11:44 . 2006-12-23 16:22 -------- d-----w- c:\program files\Winamp
2010-01-21 17:18 . 2008-10-18 02:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 04:03 . 2008-10-12 21:02 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-09-17 07:55 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2007-07-13 06:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2007-07-13 06:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2007-07-13 06:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2007-07-13 06:34 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2007-06-28 16:43 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2007-06-28 16:43 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-10 11:19 . 2006-12-23 15:33 35208 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 12:06 . 2006-12-23 09:29 -------- d-----w- c:\program files\lg_fwupdate
2010-01-09 11:54 . 2007-10-22 14:23 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-04 15:04 . 2007-02-04 20:04 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-01-04 14:57 . 2007-04-01 10:13 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 19:07 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 00:21 . 2006-03-02 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-21 00:21 . 2006-03-02 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 15:58 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-10-12 20:36 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-03 08:51 . 2009-11-10 13:41 421888 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2006-12-23 16:00 . 2006-12-23 15:55 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-10-01 14:00 . 2006-12-23 09:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-11 805392]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2008-10-12 843776]
Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 14:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=c:\windows\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 13:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-14 02:06 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-10-15 22:44 249856 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2002-06-13 12:21 4186112 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-09-06 03:44 16262656 ----a-r- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [23/12/2006 16:44 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/12/2006 16:36 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/01/2010 15:57 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/01/2010 15:57 360584]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [30/01/2007 22:03 102912]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [24/12/2006 01:37 76800]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/01/2010 15:56 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/10/2008 22:07 38144]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [22/10/2007 22:34 24911]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [23/12/2006 16:42 35712]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888;"c:\program files\Freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\Freenet\wrapper.conf" --> c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\n83ejkv8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 11:01
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
Heure de fin: 2010-01-26 11:03:18
ComboFix-quarantined-files.txt 2010-01-26 10:03
ComboFix2.txt 2010-01-26 09:33
ComboFix3.txt 2007-10-22 16:38

Avant-CF: 81 616 416 768 octets libres
Après-CF: 81 600 630 784 octets libres

- - End Of File - - 523FF1F9F421EBAEEC79A28E2C083A59
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Accélérer Windows et problème de lenteur PC »