Sujet Précédent Sujet Suivant

Problème demarrage - entrée registre cognac

Résolu/Fermé
Ros_Capitano - 17 juil. 2009 à 17:38
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 - 20 juil. 2009 à 12:29
Bonjour,
Hier, en naviguant sur le net, plusieurs fenêtres se sont tout à coup mises à apparaître et à me mettre des messages comme quoi j'avais des virus et qu'il fallait que je télécharge des anti virus etc..., enfin le blabla habituel. Mais en redémarrant l'ordinateur (oui je me suis dis qu'il fallait quand même redémarrer...), l'écran reste bloqué juste après la fenêtre du boot (où on peut lancer le mode sans échec). Quelques secondes après, une fenêtre bleu me dit que mon ordinateur a des problèmes et qu'il doit redémarrer. Ce problème continue, je démarre donc en mode "dernière bonne configuration connue".

Tout va bien, sauf que tea timer de Spybot me dit que des clés de registres sont modifiées par COGNAC. je fais le test AVG et Spybot, efface le problème, mais en redémarrant le virus revient. Je ne sais pas comment le supprimer...

Voila si qqun pourrait m'aider :( merci d'avance
A voir également:

20 réponses

Réponse 1 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 juil. 2009 à 17:40
Slt,


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
1
Réponse 2 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 juil. 2009 à 21:50
désactive le tea timer de spybot (mode puis mode avanc" puis outils puis resident)

puis colle un scan malwarebyte comme demandé


puis



Mettre a jour java:
https://javara.fr.malavida.com/­indows

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
1
Réponse 3 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 juil. 2009 à 15:49
désactive le tea timer de spybot puis



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


___________________



je me mets ceci de coté

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\Windows\system32\msxml71.dll [2009-07-17 143364]


"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Cognac"=C:\Users\Adriano\AppData\Local\Temp\b.exe [2009-07-17 162304]

2009-07-17 17:10:41 ----A---- C:\Windows\system32\Process.exe
2009-07-17 16:21:44 ----A---- C:\Windows\msb.exe
2009-07-17 02:21:05 ----A---- C:\Windows\system32\geyekrjvhnawoa.dll
2009-07-17 02:21:04 ----A---- C:\Windows\system32\geyekrucjijdww.dll
2009-07-17 02:18:40 ----A---- C:\Windows\msa.exe
2009-07-17 02:18:30 ----A---- C:\Windows\system32\msxml71.dll
2009-07-17 02:18:07 ----A---- C:\Windows\system32\UACneiymqbvtpblprkhc.dll
1
Réponse 4 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 juil. 2009 à 17:11
ok

remets un rapport rsit pour verifier



en antispyware le top c'est malwarebyte antimalware et super antispyware pour des analyses a la demande (il ne font pas en temps réel)


en temps réel SPYWARE GUARD ( ou sinon mais ne pas associerwindows defender ou spyware terminator ou le tea timer de spybot)
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 juil. 2009 à 11:41
le rapport est bon!


hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

lance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: FreshDownload - {01AD691E-7E65-4CDB-AA07-23D0C691F239} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe (file missing)
End of file - 10690 bytes


___________________________


Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

____________________________

pour verfier tu peux coller un scan en ligne

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
1
Réponse 6 / 20
kalenwed Messages postés 1840 Date d'inscription mardi 10 mars 2009 Statut Contributeur Dernière intervention 13 août 2018 166
17 juil. 2009 à 17:41
Salut,

Télécharge et installe Avast
Supprime AVG
Lance Avast et une analyse anti virus et fait moi une copie
0
Réponse 7 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 juil. 2009 à 17:43
slt avast est moins bien que avg

si tu veux faire mettre avast il faut d'abord virer avg et pas mettre avast puis virer avg

un scan en ligne me parait etre plus judicieux : chez kaspersky, panda, bitdefender....

a plus
0
Réponse 8 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
17 juil. 2009 à 18:00
Ok déjà merci pour les réponses rapides. Je suis en train e faire les scans, tu as aussi besoin d'un scan hijack?

Pour ce qui est d'avast, je l'ai essayé et j'ai été insatisfait. J'utilise depuis un bon moment AVG et j'en suis comblé (-_-), je pensais plutôt à virer spybot, mais je ne sais pas quoi mettre à la place.
0
Réponse 9 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
17 juil. 2009 à 18:07
Alors les tests:

RSIT: info.txt
info.txt logfile of random's system information tool 1.06 2009-07-17 17:55:06

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{64F67489-76BB-4CDD-A236-F954BE774B35}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advertisement Service-->C:\Windows\system32\net.net Uninstall
Aimersoft MKV Converter(Build 2.0.2.13)-->"C:\Program Files\Aimersoft\MKV Converter\unins000.exe"
AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EasyDivX v0.821 (Freeware)-->C:\EasyDivX\uninstall.exe
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
GTK+ 2.4.14 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
GWFreaks 3.5.5.0-->"C:\Program Files\GWFreaks\unins000.exe"
Hercules DualPix HD Webcam-->C:\Program Files\InstallShield Installation Information\{F0CFDC72-63D2-4086-A54F-1514494394A0}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
iGnuteel 0.8.1-->"C:\Program Files\iGnuteel\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 4.4.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Logiciel Intel® Viiv™-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x40c UNINSTALL -removeonly
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Tool Web Package : QSLICE.EXE-->MsiExec.exe /X{F0FF5890-5571-4DC4-A2B2-4E1F7CB9E781}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v4.0 Beta 7-->"C:\Program Files\NewsLeecher\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{64F67489-76BB-4CDD-A236-F954BE774B35}
NVIDIA Stereoscopic 3D Driver-->C:\Windows\system32\nvStInst.exe /uninstall /ask
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
ProtectDisc Helper Driver 10-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Real Alternative 1.60-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SA21xx Device Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45375017-B0F8-44EA-9D5B-2DCE7C84FFC2}\SA21XX_DM_Setup.exe" -l0x40c -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Weight Watchers FlexiPoints-->"C:\Program Files\Weight Watchers FlexiPoints\UninstallerData\Uninstall FlexiPoints.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)

======System event log======

Computer Name: AD
Event Code: 46
Message: L'initialisation du fichier de vidage sur incident a échoué.
Record Number: 127596
Source Name: volmgr
Time Written: 20090615071335.004234-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 46
Message: L'initialisation du fichier de vidage sur incident a échoué.
Record Number: 127597
Source Name: volmgr
Time Written: 20090616151131.688458-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 46
Message: L'initialisation du fichier de vidage sur incident a échoué.
Record Number: 127598
Source Name: volmgr
Time Written: 20090616151200.735845-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 46
Message: L'initialisation du fichier de vidage sur incident a échoué.
Record Number: 127599
Source Name: volmgr
Time Written: 20090617085958.423257-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 46
Message: L'initialisation du fichier de vidage sur incident a échoué.
Record Number: 127600
Source Name: volmgr
Time Written: 20090617090026.066634-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: AD
Event Code: 1000
Message: Application défaillante bucksnet.tmp, version 5.0.0.12120, horodatage 0x49bf8188, module défaillant bucksnet.tmp, version 5.0.0.12120, horodatage 0x49bf8188, code d’exception 0xc0000005, décalage d’erreur 0x0050d0a3, ID du processus 0xec4, heure de début de l’application 0x01ca06746b28df18.
Record Number: 57658
Source Name: Application Error
Time Written: 20090717002044.000000-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 1000
Message: Application défaillante SpybotSD.exe, version 1.5.2.20, horodatage 0x2a425e19, module défaillant SpybotSD.exe, version 1.5.2.20, horodatage 0x2a425e19, code d’exception 0x80000003, décalage d’erreur 0x002f0490, ID du processus 0xec, heure de début de l’application 0x01ca06757288ca88.
Record Number: 57661
Source Name: Application Error
Time Written: 20090717002804.000000-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 1000
Message: Application défaillante SpybotSD.exe, version 1.5.2.20, horodatage 0x2a425e19, module défaillant SpybotSD.exe, version 1.5.2.20, horodatage 0x2a425e19, code d’exception 0x80000003, décalage d’erreur 0x002f0490, ID du processus 0x688, heure de début de l’application 0x01ca0675784c9f08.
Record Number: 57663
Source Name: Application Error
Time Written: 20090717002813.000000-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 1000
Message: Application défaillante TeaTimer.exe, version 1.5.2.16, horodatage 0x2a425e19, module défaillant kernel32.dll, version 6.0.6001.18215, horodatage 0x49953395, code d’exception 0xc0000005, décalage d’erreur 0x00048989, ID du processus 0xf7c, heure de début de l’application 0x01ca06e9f45d6af0.
Record Number: 57703
Source Name: Application Error
Time Written: 20090717151802.000000-000
Event Type: Erreur
User:

Computer Name: AD
Event Code: 1000
Message: Application défaillante rundll32.exe, version 6.0.6000.16386, horodatage 0x4549b0e1, module défaillant USER32.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000142, décalage d’erreur 0x00009cac, ID du processus 0x15f4, heure de début de l’application 0x01ca06f6f110046e.
Record Number: 57740
Source Name: Application Error
Time Written: 20090717155501.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: AD
Event Code: 1108
Message: Le service de journalisation des événements a rencontré une erreur lors du traitement d’un événement entrant publié à partir de Microsoft-Windows-Security-Auditing.
Record Number: 56846
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090223222300.216800-000
Event Type: Succès de l'audit
User:

Computer Name: AD
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 56847
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090224164636.423843-000
Event Type: Succès de l'audit
User:

Computer Name: AD
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x4
Nom du processus :

Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : -
Package d’authentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 56848
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090224164636.423843-000
Event Type: Succès de l'audit
User:

Computer Name: AD
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0
ID de la stratégie : 0xe96b
Record Number: 56849
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090224164636.548643-000
Event Type: Succès de l'audit
User:

Computer Name: AD
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : AD$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x294
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 56850
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090224164637.250648-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip




RSIT: log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Adriano at 2009-07-17 17:54:55
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 203 GB (68%) free of 297 GB
Total RAM: 3070 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:04, on 17.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\msb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Adriano\AppData\Local\Temp\b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Adriano\Desktop\RSIT.exe
C:\Program Files\trend micro\Adriano.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/de-ch?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/de-ch?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Cognac] C:\Users\Adriano\AppData\Local\Temp\b.exe
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\Windows\system32\ati2sgav.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FreshDownload - {01AD691E-7E65-4CDB-AA07-23D0C691F239} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: secuload.dll,avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe (file missing)
0
Réponse 10 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
17 juil. 2009 à 23:01
Voila dsl du retard j'ai du faire un truc à coté ^^

Alors pour Java, j'ai pris la version du site de microsoft, car sur l'autre serveur je n'arrivais pas à me connecter à le fenêtre de téléchargement (la connexion expirait).

je te mets le rapport de malware comme demandé:

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2451
Windows 6.0.6001 Service Pack 1

17.07.2009 23:01:12
mbam-log-2009-07-17 (23-01-12).txt

Type de recherche: Examen rapide
Eléments examinés: 98652
Temps écoulé: 6 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 juil. 2009 à 09:02
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\Windows\system32\msxml71.dll
0
Réponse 12 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
18 juil. 2009 à 12:01
Le problème c'est que je n'ai pas ce fichier dans mon disque c. J'ai effectivement les msxml, mais allant de 2 à 6.
0
Réponse 13 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 juil. 2009 à 13:48
tu ne peux toujours pas faire tes updates?

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
https://www.malekal.com/slenfbot-still-an-other-irc-bot/

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec
Choisis ton compte.

Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.
Redémarre et essaie de relance SDFix.
0
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
18 juil. 2009 à 15:41
Quand je run le -bat, ça me mets:
-que je dois le run en administrateur, alors que je suis en administrateur
-que je dois rajouter dans la ligne de commande /Q (laquelle?)

Je lance donc le bat avec YES (Y), mais rien ne se passe.


PS: je n'ai plus de problème au démarrage et AVG ne repère plus rien. Le prob est réglé? La seule chose bizarre qui reste c'est que au démarrage, lorsqu'il faut appuyer sur f8 pour le mode sans échec, cette fenêtre rester environ une minute, alors que normalement cela dure 10 sec max.
0
Réponse 14 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
18 juil. 2009 à 16:08
Voici le rapport
ComboFix 09-07-14.08 - Adriano 18.07.2009 15:54:50.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.41.1036.18.3070.1945 [GMT 2:00]
Lancé depuis: C:\Users\Adriano\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-216507969-2710457650-4199290572-1002
C:\WINDOWS\Installer\d85682.msi
C:\Windows\system32\404Fix.exe
C:\Windows\system32\Agent.OMZ.Fix.exe
C:\Windows\system32\dumphive.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\IEDFix.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\UAChjxorqrewnkyvdbty.db
C:\Windows\system32\UACmpcdjaxnuoseeetui.dat
C:\Windows\system32\VACFix.exe
C:\Windows\system32\VCCLSID.exe
C:\Windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-18 au 2009-07-18 ))))))))))))))))))))))))))))))))))))
.

2009-07-18 13:13:33 . 2009-07-18 13:49:34 0 ----a-w- C:\Users\Adriano\AppData\Local\prvlcl.dat
2009-07-18 13:03:27 . 2008-11-06 00:03:27 0 d-----w- C:\SDFix
2009-07-18 11:06:43 . 2009-07-18 11:08:44 0 d-----w- C:\Windows\system32\ca-ES
2009-07-18 11:06:43 . 2009-07-18 11:08:36 0 d-----w- C:\Windows\system32\eu-ES
2009-07-18 11:06:41 . 2009-07-18 11:08:31 0 d-----w- C:\Windows\system32\vi-VN
2009-07-18 10:53:59 . 2009-04-11 04:43:16 196096 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2009-07-18 10:52:59 . 2009-04-11 06:22:22 7168 ----a-w- C:\Windows\system32\f3ahvoas.dll
2009-07-17 20:50:56 . 2009-07-17 20:50:42 410984 ----a-w- C:\Windows\system32\deploytk.dll
2009-07-17 16:14:18 . 2009-07-16 12:02:48 327688 ----a-w- C:\ProgramData\avg8\update\backup\avgldx86.sys
2009-07-17 16:14:18 . 2009-07-16 12:02:48 2052376 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-07-17 16:14:17 . 2009-07-16 12:02:46 3402008 ----a-w- C:\ProgramData\avg8\update\backup\avgui.exe
2009-07-17 16:14:17 . 2009-07-16 12:02:46 2301208 ----a-w- C:\ProgramData\avg8\update\backup\avguiadv.dll
2009-07-17 16:14:17 . 2009-07-16 12:02:45 3298072 ----a-w- C:\ProgramData\avg8\update\backup\setup.exe
2009-07-17 16:14:17 . 2009-07-16 12:02:45 1204504 ----a-w- C:\ProgramData\avg8\update\backup\avgabout.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:44 906520 ----a-w- C:\ProgramData\avg8\update\backup\avgemc.exe
2009-07-17 16:14:06 . 2009-07-16 12:02:44 353048 ----a-w- C:\ProgramData\avg8\update\backup\avgxch32.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:43 337176 ----a-w- C:\ProgramData\avg8\update\backup\avglogx.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:42 829208 ----a-w- C:\ProgramData\avg8\update\backup\avgcfgx.dll
2009-07-17 16:14:05 . 2009-07-16 12:02:42 2167576 ----a-w- C:\ProgramData\avg8\update\backup\avgresf.dll
2009-07-17 16:13:16 . 2009-07-16 12:01:38 1454360 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.dll
2009-07-17 16:13:16 . 2009-07-16 12:01:38 1085208 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
2009-07-17 15:57:44 . 2009-07-17 15:57:44 0 d-----w- C:\Users\Adriano\AppData\Roaming\Malwarebytes
2009-07-17 15:57:40 . 2009-07-13 11:36:34 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-17 15:57:39 . 2009-07-17 15:57:43 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-17 15:57:39 . 2009-07-17 15:57:39 0 d-----w- C:\ProgramData\Malwarebytes
2009-07-17 15:57:39 . 2009-07-13 11:36:12 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-07-17 15:54:55 . 2009-07-17 15:55:06 0 d-----w- C:\rsit
2009-07-17 15:54:55 . 2009-07-17 15:55:04 0 d-----w- C:\Program Files\trend micro
2009-07-17 14:30:50 . 2009-07-17 15:20:00 5537824 --sha-w- C:\Windows\system32\drivers\fidbox.dat
2009-07-17 00:21:05 . 2009-07-17 00:21:05 18944 ----a-w- C:\Windows\system32\geyekrjvhnawoa.dll
2009-07-17 00:21:04 . 2009-07-17 00:21:04 85 ----a-w- C:\Windows\system32\geyekreqwmsykl.dat
2009-07-17 00:21:04 . 2009-07-17 00:21:04 65536 ----a-w- C:\Windows\system32\drivers\geyekrlwtoculb.sys
2009-07-17 00:21:04 . 2009-07-17 00:21:04 40960 ----a-w- C:\Windows\system32\geyekrucjijdww.dll
2009-07-16 22:51:36 . 2009-07-17 00:24:25 0 d--h--w- C:\Users\Adriano\ADR
2009-07-16 19:05:06 . 2009-07-16 19:05:06 0 d-----w- C:\Users\Adriano\AppData\Roaming\TeamViewer
2009-07-16 19:05:02 . 2009-07-16 19:05:02 0 d-----w- C:\Users\Adriano\temp
2009-07-16 18:44:01 . 2009-07-16 18:44:01 0 d-----w- C:\Windows\system32\EventProviders
2009-07-16 12:26:04 . 2009-06-15 14:53:52 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-16 12:26:04 . 2009-06-15 14:52:42 23552 ----a-w- C:\Windows\system32\lpk.dll
2009-07-16 12:26:04 . 2009-06-15 14:52:19 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-16 12:26:04 . 2009-06-15 14:51:38 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-16 12:26:04 . 2009-06-15 12:42:30 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-16 12:26:04 . 2009-04-11 06:28:18 34304 ----a-w- C:\Windows\system32\atmlib.dll
2009-07-15 21:57:38 . 2009-07-18 13:46:54 0 d-----w- C:\Windows\system32\wbem\repository
2009-07-15 14:07:39 . 2009-07-15 14:07:43 0 d-----w- C:\Program Files\ma-config.com
2009-07-15 14:07:39 . 2009-07-15 14:07:39 0 d-----w- C:\ProgramData\ma-config.com
2009-06-21 10:51:26 . 2009-07-15 21:51:43 0 d-----w- C:\Users\Adriano\AppData\Roaming\Ventrilo
2009-06-21 10:50:34 . 2009-06-21 10:50:34 0 d-----w- C:\Program Files\Ventrilo
2009-06-20 15:02:24 . 2009-06-20 15:03:21 0 d-----w- C:\Program Files\Resource Kit
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 13:53:44 . 2007-06-17 06:00:29 669328 ----a-w- C:\Windows\system32\perfh00C.dat
2009-07-18 13:53:44 . 2007-06-17 06:00:29 123350 ----a-w- C:\Windows\system32\perfc00C.dat
2009-07-18 13:47:01 . 2009-07-16 19:51:00 48461 ----a-w- C:\ProgramData\nvModes.dat
2009-07-18 13:46:53 . 2007-10-21 10:10:55 0 d-----w- C:\ProgramData\NVIDIA
2009-07-18 11:09:32 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-07-18 11:09:32 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-18 11:09:29 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Sidebar
2009-07-18 11:09:29 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Collaboration
2009-07-18 11:09:28 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Journal
2009-07-18 11:09:26 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Photo Gallery
2009-07-18 11:09:18 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Defender
2009-07-18 11:06:36 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-07-18 11:02:23 . 2006-11-02 12:37:35 37665 ----a-w- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-17 20:54:14 . 2007-10-05 19:38:34 0 d-----w- C:\Program Files\Java
2009-07-17 16:13:40 . 2008-12-25 15:11:34 335752 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-07-17 15:20:00 . 2009-07-17 14:30:50 65972 --sha-w- C:\Windows\system32\drivers\fidbox.idx
2009-07-17 15:15:51 . 2007-10-21 09:09:07 0 d-----w- C:\Program Files\NewsLeecher
2009-07-17 14:32:30 . 2007-10-23 17:54:30 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-17 14:31:26 . 2007-10-05 09:25:41 0 d-----w- C:\ProgramData\Kaspersky Lab
2009-07-17 14:23:41 . 2008-05-31 13:20:54 0 d-----w- C:\ProgramData\avg8
2009-07-16 20:59:06 . 2008-06-25 19:59:35 0 d-----w- C:\Program Files\Mozilla Thunderbird
2009-07-16 19:40:54 . 2008-02-21 17:38:07 1356 ----a-w- C:\Users\Adriano\AppData\Local\d3d9caps.dat
2009-07-16 13:37:22 . 2007-10-23 19:16:27 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-16 12:02:48 . 2008-12-25 15:11:43 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-07-16 12:02:48 . 2008-12-25 15:11:25 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-07-15 21:51:43 . 2009-02-25 19:44:09 0 d-----w- C:\Users\Adriano\AppData\Roaming\vlc
2009-07-05 12:16:02 . 2007-10-21 09:09:11 0 d-----w- C:\Users\Adriano\AppData\Roaming\NewsLeecher
2009-06-21 10:50:11 . 2009-05-03 15:59:18 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-20 13:47:53 . 2007-06-16 20:29:53 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-20 13:45:21 . 2008-02-04 00:22:15 0 d-----w- C:\ProgramData\CyberLink
2009-06-20 13:45:21 . 2008-02-04 00:20:19 0 d-----w- C:\Program Files\CyberLink
2009-06-20 13:37:10 . 2009-01-15 15:07:42 53319 ----a-w- C:\ProgramData\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-06-20 13:35:07 . 2009-01-02 03:14:44 0 d-----w- C:\ProgramData\eMule
2009-06-19 11:07:01 . 2008-09-21 13:44:29 0 d-----w- C:\Program Files\SystemRequirementsLab
2009-06-19 11:06:49 . 2008-09-21 13:44:25 0 d-----w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab
2009-06-18 20:07:56 . 2008-03-06 20:33:59 0 d-----w- C:\Users\Adriano\AppData\Roaming\dvdcss
2009-06-18 19:08:00 . 2008-03-12 14:05:43 1100 ----a-w- C:\Users\Adriano\AppData\Local\d3d8caps.dat
2009-06-17 18:32:46 . 2007-10-05 08:46:23 88912 ----a-w- C:\Users\Adriano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 18:25:29 . 2007-10-05 10:11:07 0 d-----w- C:\ProgramData\Apple
2009-06-17 17:57:06 . 2007-06-16 20:48:40 0 d-----w- C:\Program Files\Microsoft Works
2009-06-15 07:36:57 . 2009-01-29 21:12:38 108552 ----a-w- C:\Windows\system32\drivers\avgtdix.sys
2009-06-12 11:54:42 . 2009-06-12 11:54:19 0 d-----w- C:\Program Files\iTunes
2009-06-12 11:54:28 . 2009-06-12 11:54:28 0 d-----w- C:\Program Files\iPod
2009-06-12 11:54:28 . 2007-10-05 10:11:08 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-12 11:53:13 . 2009-06-12 11:52:38 0 d-----w- C:\Program Files\QuickTime
2009-06-12 11:48:44 . 2009-06-12 11:48:44 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 16:33:00 . 2009-06-10 16:33:00 9899296 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33:00 . 2009-06-10 16:33:00 7611904 ----a-w- C:\Windows\system32\nvd3dum.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 678432 ----a-w- C:\Windows\system32\nvcuvid.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 457248 ----a-w- C:\Windows\system32\nvudisp.exe
2009-06-10 16:33:00 . 2009-06-10 16:33:00 4224 ----a-w- C:\Windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1704960 ----a-w- C:\Windows\system32\nvcuda.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\Windows\system32\nvcod155.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\Windows\system32\nvcod.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1317408 ----a-w- C:\Windows\system32\nvcuvenc.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 10379264 ----a-w- C:\Windows\system32\nvoglv32.dll
2009-06-10 16:33:00 . 2008-12-25 23:08:00 989696 ----a-w- C:\Windows\system32\nvapi.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1505824 ----a-w- C:\Windows\system32\nvcpluir.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1358368 ----a-w- C:\Windows\system32\nvsvsr.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1194528 ----a-w- C:\Windows\system32\nvcplui.exe
2009-06-10 06:35:00 . 2009-06-10 06:35:00 1296928 ----a-w- C:\Windows\system32\nvsvs.dll
2009-06-10 04:33:20 . 2009-06-10 04:33:20 244736 ----a-w- C:\Windows\system32\nvStInst.exe
2009-06-10 04:33:18 . 2009-06-10 04:33:18 467968 ----a-w- C:\Windows\system32\nvstlink.exe
2009-06-10 04:33:08 . 2009-06-10 04:33:08 3953152 ----a-w- C:\Windows\system32\nvstwiz.exe
2009-06-10 04:33:06 . 2009-06-10 04:33:06 141824 ----a-w- C:\Windows\system32\nvStereoApiI.dll
2009-06-10 04:33:04 . 2009-06-10 04:33:04 171520 ----a-w- C:\Windows\system32\nvStereoApiI64.dll
2009-06-10 04:33:00 . 2009-06-10 04:33:00 232960 ----a-w- C:\Windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32:54 . 2009-06-10 04:32:54 257536 ----a-w- C:\Windows\system32\nvSCPAPI.dll
2009-06-10 04:32:48 . 2009-06-10 04:32:48 301568 ----a-w- C:\Windows\system32\nvSCPAPI64.dll
2009-06-10 04:32:40 . 2009-06-10 04:32:40 3293184 ----a-w- C:\Windows\system32\nvstres.dll
2009-06-10 04:32:02 . 2009-06-10 04:32:02 5847 ----a-w- C:\Windows\system32\oglstreg.reg
2009-06-10 04:31:56 . 2009-06-10 04:31:56 167424 ----a-w- C:\Windows\system32\nvstreg.exe
2009-06-10 04:31:46 . 2009-06-10 04:31:46 1718272 ----a-w- C:\Windows\system32\nvsttest.exe
2009-06-10 04:31:12 . 2009-06-10 04:31:12 1034752 ----a-w- C:\Windows\system32\nvstview.exe
2009-06-10 04:31:04 . 2009-06-10 04:31:04 89088 ----a-w- C:\Windows\system32\nvimage.dll
2009-06-10 04:29:22 . 2009-06-10 04:29:22 1656 ----a-w- C:\Windows\system32\nvstdef.reg
2009-06-05 09:42:38 . 2009-06-05 09:42:38 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-06-05 09:42:38 . 2009-06-05 09:42:38 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-06-04 14:39:54 . 2007-06-16 20:30:12 457248 ----a-w- C:\Windows\system32\nvuninst.exe
2009-05-31 16:42:42 . 2009-05-31 16:41:45 0 d-----w- C:\Program Files\GWFreaks
2009-05-23 10:44:13 . 2007-10-05 14:58:47 0 d-----w- C:\Program Files\Common Files\Logitech
2009-05-22 09:43:30 . 2009-05-22 09:43:17 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 05:50:28 . 2009-06-17 18:03:25 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-05-09 05:34:34 . 2009-06-17 18:03:26 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-04-25 17:26:43 . 2009-04-25 17:13:50 177885 ----a-w- C:\Windows\hpoins27.dat
2009-04-23 12:15:07 . 2009-06-11 11:10:51 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-04-23 12:14:10 . 2009-06-11 11:11:16 623616 ----a-w- C:\Windows\system32\localspl.dll
2009-04-21 11:39:47 . 2009-06-11 11:11:43 2034688 ----a-w- C:\Windows\system32\win32k.sys
2009-02-08 11:10:16 . 2008-06-25 19:09:42 134648 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
2006-05-03 09:06:54 . 2008-09-07 20:47:12 163328 --sh--r- C:\Windows\System32\flvDX.dll
2007-02-21 10:47:16 . 2008-09-07 20:47:12 31232 --sh--r- C:\Windows\System32\msfDX.dll
2008-03-16 12:30:52 . 2008-09-07 20:47:12 216064 --sh--r- C:\Windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-11-10 18:36:10 16384]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16:56 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 16:11:16 151552]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [2008-05-02 00:44:08 805392]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-30 00:34:36 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-07-16 12:02:45 1948440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 15:10:28 35696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 15:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-06-05 11:39:22 292136]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-06-10 06:34:46 13785632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-17 20:50:43 148888]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-15 09:26:18 4874240]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - C:\Windows\KHALMNPR.Exe [2008-02-29 01:12:38 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - C:\Windows\KHALMNPR.Exe [2008-02-29 01:12:38 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 09:09:52 44168]

C:\Users\Adriano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-20 143360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-11-10 169472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-3-9 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,23,cf,dc,98,07,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-216507969-2710457650-4199290572-1001]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-216507969-2710457650-4199290572-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CB74BAA-900C-494E-9499-CAB4099F7DF8}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{799934F4-509A-479F-9B29-3FEF40686880}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A6D9E5B1-D13F-49F7-9A21-32BCA8EAE9BA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D7C341E-F2A0-4AFF-81FF-4596AE4DD637}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F9309F68-C179-4187-8178-572F9BBEF02C}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC34A36D-11F4-4050-BF1A-4C4F2AFF3A21}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DA24A35B-65C4-491F-8DE0-543FD29E92D2}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CAC29A5C-A3E2-4622-A79A-4DEEEB7D65D0}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{8EA5D523-8EE7-40C8-B829-24C3803D0CB8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{84673E50-E58B-4243-8671-55437BB9BBF8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0205DBB3-0EDE-494D-A78F-906EB42EBC04}"= TCP:2300:age of mythology
"{0BE949A3-DE0F-46C6-A293-815B0D6834FE}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{791F9EAC-AAB1-4486-BCF6-EDBC2F2299F9}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1B52C353-8DEA-464F-8290-71C12F92466D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{19DBD531-0B93-40B5-98D1-9FC79D8B994D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{026DC23A-ACC7-40A2-9743-F07BAE556E44}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B5A2CA16-DA45-46B1-A0D4-BB6D9347766C}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{D3D08961-2901-4352-A02E-B7074B268A41}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= UDP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:battlefrontII
"UDP Query User{D0D72F3F-7DDD-49A5-ADF2-9C0AB4784537}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= TCP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:battlefrontII
"TCP Query User{08EF39B9-4E16-4A1B-80E0-6FA097288072}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DCD3F4C5-9568-447D-B800-06EAA3587C9B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{3B5DF83E-3981-491C-AADC-A82197DC3634}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{CC648D14-6B33-4927-B587-4EF9A76ED49B}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{68F7F22D-6CE8-49AD-9DBF-259B4DD00176}"= UDP:C:\Program Files\DiskTrix\UltimateDefragLite\UDefrag.exe:UltimateDefrag Lite
"{F44FCBBB-AB6B-4DCA-8D6F-D72DADC9C7C4}"= TCP:C:\Program Files\DiskTrix\UltimateDefragLite\UDefrag.exe:UltimateDefrag Lite
"TCP Query User{B4271375-7A2A-40D0-9CEE-7447ADA8D7DA}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{AC089B08-7733-4F13-9ABB-890D295DC2A4}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{5426BFC4-8426-4A79-8205-073261EBE879}C:\\program files\\world of warcraft\\wow-2.3.0-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{2B41F0BE-4D3F-42CF-96F9-F2CB91795ABE}C:\\program files\\world of warcraft\\wow-2.3.0-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{521C2CD9-7012-4C0C-BC5B-DC180DBF6A56}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{9C96E39A-D45D-41FB-813A-A0FAACE2A2D8}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{D45E539C-AF11-4ABD-8FBC-C01D5E94805D}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{30B8C929-B81B-4929-A3B9-BD2B2D88D060}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{373BD64E-95F6-4C04-A535-A436EA9F43DC}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{987D16C5-6659-46D5-8B2E-5D55EBC1B50B}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"TCP Query User{04ED09AE-173A-425A-800F-A48AB7B76F0D}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{F3AE4E10-85C3-4CCD-8D45-1C18742107B9}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{0D2AFBC4-138D-4021-8E63-761AA1F9ABCA}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{19660CDC-5F10-4145-8FB9-A771F042BCEE}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{530DEBE0-58A5-4500-8C90-3B501FAB302D}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"UDP Query User{C0BE0370-5115-4683-AAA3-62CCBFAD8A64}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{9024172E-4694-434E-A790-F3313A9AC0E4}"= UDP:C:\Program Files\Logitech\SetPoint\Launcher.exe:Launcher
"{C1B3F177-BB73-4A6D-AD4C-1D7426002822}"= TCP:C:\Program Files\Logitech\SetPoint\Launcher.exe:Launcher
"{270FB888-3F2F-408D-B877-CFA2D25CE178}"= UDP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{4C2A50D4-3905-42DB-BA90-44B08C41613D}"= TCP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{B1755D9F-3549-47B6-B458-CD9953888837}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{7B80FED9-043B-4F66-AF45-45B472448CB2}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{06555F3C-3699-4D81-949C-87EED6B6A700}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{EC1B9DC2-067D-4F3E-9D1B-9F4389AF36CB}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1266DA6C-C739-4EE9-9974-7976C7DC7B16}C:\\users\\adriano\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= UDP:C:\users\adriano\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"UDP Query User{324933E5-4C9D-44BD-9FF2-304C9C1084E0}C:\\users\\adriano\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= TCP:C:\users\adriano\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"TCP Query User{D6B0EACC-AF44-4C88-8724-CFA50144615B}C:\\program files\\copytracker\\apache\\bin\\apache.exe"= UDP:C:\program files\copytracker\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{F24E7606-1265-4C66-ADC6-7B54E8C8BFBB}C:\\program files\\copytracker\\apache\\bin\\apache.exe"= TCP:C:\program files\copytracker\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{9EE531A9-BB79-42D3-B7F4-E9A30203A15C}C:\\program files\\copytracker\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\copytracker\mysql\bin\mysqld.exe:mysqld
"UDP Query User{18842237-2B1C-41D7-9951-D5E50A8C3BCD}C:\\program files\\copytracker\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\copytracker\mysql\bin\mysqld.exe:mysqld
"TCP Query User{87BC95D7-C1A3-4154-B288-0101F86632D0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{048E3CC6-B56E-44E1-A002-76D60667D74D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{A606D972-FC8F-44B9-91BB-38D38C315578}C:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{33DF6121-CC64-40E2-8433-FA55D0437B67}C:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{640AAD6D-386F-4BF6-9501-B31044EB44E2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{88018790-57AE-44BF-9331-5F12814BCD6C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1729456F-CC8D-4A9D-8AD3-57C2B2EF73C3}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{3602985E-71C7-4F9F-91A2-21D7C59D02D8}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{B69CAB13-E919-4DED-B457-03B0AEF216A6}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"{CB3EC063-5469-4BB5-A2AF-8727CC43A269}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B359451D-19BD-409D-BF8B-09D1A03C74A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{B8401D26-6DD9-4D26-B87D-9DBA404D257C}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{0B5C5FB8-9B36-4974-A01B-096B16D00420}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{8CE8DA90-D4F8-4D54-80D3-3B3D022482AF}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1982C0D4-2711-4B0C-A577-32125B878F7A}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{D270F380-848D-46F2-B4DD-C62057CA177C}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{69303E09-DBFB-413B-A03A-CCC4C998E4CF}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{AFC75F68-F732-47F2-958C-2D3C2FB9E8BC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D859326-2BE1-4F11-A861-17FB41C0A0E3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{20655A79-7B1D-4185-AEC6-76B6F5A8D162}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{76F359CA-F821-49C6-A56A-4C756B74A85C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{0E3BA166-CBD1-4405-974D-B47BDDFCDE31}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{EB579D5E-9E4B-44DC-8380-0585680AA2D2}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"{AF75F764-6D0C-4B2B-81A9-41481179F1ED}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{746A3AE9-8F5F-462C-B340-9DA089317DDE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{913E7B4F-67E2-4D46-998D-333331622465}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0CA514F1-4355-497A-A5A5-A36293EE353D}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{F9A799D5-7EA8-4C08-839C-02227010D548}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{D2B80AA9-7170-41FD-A043-4DB5F3D21F83}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{52CC2DCA-7CAB-4185-ACD7-BF0A014B88BE}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{A2E081A2-C46E-4113-88BE-11D1F781E241}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{803D9FF9-CDC9-4F6D-ADB1-E162541101C5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{E90C9623-D75F-4C87-876A-F2E34EA7C22A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{9EABD6BE-134B-43CD-8CF0-A4598ACBF2B7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{12AD6F28-0DB6-4BA5-8F46-CCCDFD010306}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C59461BA-BC5F-4F7E-BF27-3EBF287F751C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0A0DCBF0-442E-4FC0-AA35-D3B812D4869C}"= UDP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{70910771-C82F-407F-BAA4-0BC03B12751B}"= TCP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [25.12.2008 17:11:34 335752]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [29.01.2009 23:12:38 108552]
R2 acedrv10;acedrv10;C:\Windows\System32\drivers\ACEDRV10.sys [28.10.2007 17:35:14 583128]
R2 acehlp10;acehlp10;C:\Windows\System32\drivers\acehlp10.sys [26.10.2007 15:53:46 250560]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [25.12.2008 17:11:04 907032]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [25.12.2008 17:11:03 298776]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03.09.2006 10:32:28 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [31.05.2008 15:36:34 810320]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\System32\nvSCPAPISvr.exe [10.06.2009 06:33:00 232960]
R3 APL531;Hercules Dualpix HD Webcam;C:\Windows\System32\drivers\HDvidv.sys [20.12.2008 17:41:24 285952]
R3 camfilt2;camfilt2;C:\Windows\System32\drivers\camfilt2.sys [20.12.2008 17:41:24 103720]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10.05.2006 09:13:52 29696]
S2 TeamViewer4;TeamViewer 4;"C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe" -service --> C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe [?]
S3 CrystalSysInfo;CrystalSysInfo;C:\Program Files\MediaCoder\SysInfo.sys [25.09.2007 16:59:46 15152]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [14.01.2009 09:53:36 23152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
IE: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
IE: {{01AD691E-7E65-4CDB-AA07-23D0C691F239} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - C:\Users\Adriano\AppData\Roaming\Mozilla\Firefox\Profiles\wzmey6nd.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

Tu utilises quoi comme anti Spywares en général juste? car je doute souvent de l'efficacité de Spybot, que ce soit le tea timer ou le scan (souvent, ccleaner et advanced system care repèrent plus de problème -_-)
0
Réponse 15 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
18 juil. 2009 à 17:24
En tout cas merci pour le temps pris, j'aidais aussi souvent sur les forums informatiques (softwares, matériels etc...), mais niveau virus et -wares j'avoue que je suis plus trop à la page :( Je pense que je vais me remettre à l'aide intense sur les forums ;)

Sinon tu as pu voir d'autres problèmes mineurs en parcourant les logs? J'ai remarqué en regardant un peu les logs en vitesse que le registre était assez...disons pollué par des clés de programme désinstallés. Tu penses koi de Regcleaner?

Voila le rapport:

ComboFix 09-07-14.08 - Adriano 18.07.2009 15:54:50.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.41.1036.18.3070.1945 [GMT 2:00]
Lancé depuis: C:\Users\Adriano\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-216507969-2710457650-4199290572-1002
C:\WINDOWS\Installer\d85682.msi
C:\Windows\system32\404Fix.exe
C:\Windows\system32\Agent.OMZ.Fix.exe
C:\Windows\system32\dumphive.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\IEDFix.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\UAChjxorqrewnkyvdbty.db
C:\Windows\system32\UACmpcdjaxnuoseeetui.dat
C:\Windows\system32\VACFix.exe
C:\Windows\system32\VCCLSID.exe
C:\Windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-18 au 2009-07-18 ))))))))))))))))))))))))))))))))))))
.

2009-07-18 13:13:33 . 2009-07-18 13:49:34 0 ----a-w- C:\Users\Adriano\AppData\Local\prvlcl.dat
2009-07-18 13:03:27 . 2008-11-06 00:03:27 0 d-----w- C:\SDFix
2009-07-18 11:06:43 . 2009-07-18 11:08:44 0 d-----w- C:\Windows\system32\ca-ES
2009-07-18 11:06:43 . 2009-07-18 11:08:36 0 d-----w- C:\Windows\system32\eu-ES
2009-07-18 11:06:41 . 2009-07-18 11:08:31 0 d-----w- C:\Windows\system32\vi-VN
2009-07-18 10:53:59 . 2009-04-11 04:43:16 196096 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2009-07-18 10:52:59 . 2009-04-11 06:22:22 7168 ----a-w- C:\Windows\system32\f3ahvoas.dll
2009-07-17 20:50:56 . 2009-07-17 20:50:42 410984 ----a-w- C:\Windows\system32\deploytk.dll
2009-07-17 16:14:18 . 2009-07-16 12:02:48 327688 ----a-w- C:\ProgramData\avg8\update\backup\avgldx86.sys
2009-07-17 16:14:18 . 2009-07-16 12:02:48 2052376 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-07-17 16:14:17 . 2009-07-16 12:02:46 3402008 ----a-w- C:\ProgramData\avg8\update\backup\avgui.exe
2009-07-17 16:14:17 . 2009-07-16 12:02:46 2301208 ----a-w- C:\ProgramData\avg8\update\backup\avguiadv.dll
2009-07-17 16:14:17 . 2009-07-16 12:02:45 3298072 ----a-w- C:\ProgramData\avg8\update\backup\setup.exe
2009-07-17 16:14:17 . 2009-07-16 12:02:45 1204504 ----a-w- C:\ProgramData\avg8\update\backup\avgabout.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:44 906520 ----a-w- C:\ProgramData\avg8\update\backup\avgemc.exe
2009-07-17 16:14:06 . 2009-07-16 12:02:44 353048 ----a-w- C:\ProgramData\avg8\update\backup\avgxch32.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:43 337176 ----a-w- C:\ProgramData\avg8\update\backup\avglogx.dll
2009-07-17 16:14:06 . 2009-07-16 12:02:42 829208 ----a-w- C:\ProgramData\avg8\update\backup\avgcfgx.dll
2009-07-17 16:14:05 . 2009-07-16 12:02:42 2167576 ----a-w- C:\ProgramData\avg8\update\backup\avgresf.dll
2009-07-17 16:13:16 . 2009-07-16 12:01:38 1454360 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.dll
2009-07-17 16:13:16 . 2009-07-16 12:01:38 1085208 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
2009-07-17 15:57:44 . 2009-07-17 15:57:44 0 d-----w- C:\Users\Adriano\AppData\Roaming\Malwarebytes
2009-07-17 15:57:40 . 2009-07-13 11:36:34 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-17 15:57:39 . 2009-07-17 15:57:43 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-17 15:57:39 . 2009-07-17 15:57:39 0 d-----w- C:\ProgramData\Malwarebytes
2009-07-17 15:57:39 . 2009-07-13 11:36:12 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-07-17 15:54:55 . 2009-07-17 15:55:06 0 d-----w- C:\rsit
2009-07-17 15:54:55 . 2009-07-17 15:55:04 0 d-----w- C:\Program Files\trend micro
2009-07-17 14:30:50 . 2009-07-17 15:20:00 5537824 --sha-w- C:\Windows\system32\drivers\fidbox.dat
2009-07-17 00:21:05 . 2009-07-17 00:21:05 18944 ----a-w- C:\Windows\system32\geyekrjvhnawoa.dll
2009-07-17 00:21:04 . 2009-07-17 00:21:04 85 ----a-w- C:\Windows\system32\geyekreqwmsykl.dat
2009-07-17 00:21:04 . 2009-07-17 00:21:04 65536 ----a-w- C:\Windows\system32\drivers\geyekrlwtoculb.sys
2009-07-17 00:21:04 . 2009-07-17 00:21:04 40960 ----a-w- C:\Windows\system32\geyekrucjijdww.dll
2009-07-16 22:51:36 . 2009-07-17 00:24:25 0 d--h--w- C:\Users\Adriano\ADR
2009-07-16 19:05:06 . 2009-07-16 19:05:06 0 d-----w- C:\Users\Adriano\AppData\Roaming\TeamViewer
2009-07-16 19:05:02 . 2009-07-16 19:05:02 0 d-----w- C:\Users\Adriano\temp
2009-07-16 18:44:01 . 2009-07-16 18:44:01 0 d-----w- C:\Windows\system32\EventProviders
2009-07-16 12:26:04 . 2009-06-15 14:53:52 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-16 12:26:04 . 2009-06-15 14:52:42 23552 ----a-w- C:\Windows\system32\lpk.dll
2009-07-16 12:26:04 . 2009-06-15 14:52:19 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-16 12:26:04 . 2009-06-15 14:51:38 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-16 12:26:04 . 2009-06-15 12:42:30 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-16 12:26:04 . 2009-04-11 06:28:18 34304 ----a-w- C:\Windows\system32\atmlib.dll
2009-07-15 21:57:38 . 2009-07-18 13:46:54 0 d-----w- C:\Windows\system32\wbem\repository
2009-07-15 14:07:39 . 2009-07-15 14:07:43 0 d-----w- C:\Program Files\ma-config.com
2009-07-15 14:07:39 . 2009-07-15 14:07:39 0 d-----w- C:\ProgramData\ma-config.com
2009-06-21 10:51:26 . 2009-07-15 21:51:43 0 d-----w- C:\Users\Adriano\AppData\Roaming\Ventrilo
2009-06-21 10:50:34 . 2009-06-21 10:50:34 0 d-----w- C:\Program Files\Ventrilo
2009-06-20 15:02:24 . 2009-06-20 15:03:21 0 d-----w- C:\Program Files\Resource Kit
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-19 11:06:44 . 2009-06-19 11:06:44 290816 ----a-w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 13:53:44 . 2007-06-17 06:00:29 669328 ----a-w- C:\Windows\system32\perfh00C.dat
2009-07-18 13:53:44 . 2007-06-17 06:00:29 123350 ----a-w- C:\Windows\system32\perfc00C.dat
2009-07-18 13:47:01 . 2009-07-16 19:51:00 48461 ----a-w- C:\ProgramData\nvModes.dat
2009-07-18 13:46:53 . 2007-10-21 10:10:55 0 d-----w- C:\ProgramData\NVIDIA
2009-07-18 11:09:32 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-07-18 11:09:32 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-18 11:09:29 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Sidebar
2009-07-18 11:09:29 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Collaboration
2009-07-18 11:09:28 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Journal
2009-07-18 11:09:26 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Photo Gallery
2009-07-18 11:09:18 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Defender
2009-07-18 11:06:36 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-07-18 11:02:23 . 2006-11-02 12:37:35 37665 ----a-w- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-17 20:54:14 . 2007-10-05 19:38:34 0 d-----w- C:\Program Files\Java
2009-07-17 16:13:40 . 2008-12-25 15:11:34 335752 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-07-17 15:20:00 . 2009-07-17 14:30:50 65972 --sha-w- C:\Windows\system32\drivers\fidbox.idx
2009-07-17 15:15:51 . 2007-10-21 09:09:07 0 d-----w- C:\Program Files\NewsLeecher
2009-07-17 14:32:30 . 2007-10-23 17:54:30 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-17 14:31:26 . 2007-10-05 09:25:41 0 d-----w- C:\ProgramData\Kaspersky Lab
2009-07-17 14:23:41 . 2008-05-31 13:20:54 0 d-----w- C:\ProgramData\avg8
2009-07-16 20:59:06 . 2008-06-25 19:59:35 0 d-----w- C:\Program Files\Mozilla Thunderbird
2009-07-16 19:40:54 . 2008-02-21 17:38:07 1356 ----a-w- C:\Users\Adriano\AppData\Local\d3d9caps.dat
2009-07-16 13:37:22 . 2007-10-23 19:16:27 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-16 12:02:48 . 2008-12-25 15:11:43 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-07-16 12:02:48 . 2008-12-25 15:11:25 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-07-15 21:51:43 . 2009-02-25 19:44:09 0 d-----w- C:\Users\Adriano\AppData\Roaming\vlc
2009-07-05 12:16:02 . 2007-10-21 09:09:11 0 d-----w- C:\Users\Adriano\AppData\Roaming\NewsLeecher
2009-06-21 10:50:11 . 2009-05-03 15:59:18 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-20 13:47:53 . 2007-06-16 20:29:53 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-20 13:45:21 . 2008-02-04 00:22:15 0 d-----w- C:\ProgramData\CyberLink
2009-06-20 13:45:21 . 2008-02-04 00:20:19 0 d-----w- C:\Program Files\CyberLink
2009-06-20 13:37:10 . 2009-01-15 15:07:42 53319 ----a-w- C:\ProgramData\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-06-20 13:35:07 . 2009-01-02 03:14:44 0 d-----w- C:\ProgramData\eMule
2009-06-19 11:07:01 . 2008-09-21 13:44:29 0 d-----w- C:\Program Files\SystemRequirementsLab
2009-06-19 11:06:49 . 2008-09-21 13:44:25 0 d-----w- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab
2009-06-18 20:07:56 . 2008-03-06 20:33:59 0 d-----w- C:\Users\Adriano\AppData\Roaming\dvdcss
2009-06-18 19:08:00 . 2008-03-12 14:05:43 1100 ----a-w- C:\Users\Adriano\AppData\Local\d3d8caps.dat
2009-06-17 18:32:46 . 2007-10-05 08:46:23 88912 ----a-w- C:\Users\Adriano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 18:25:29 . 2007-10-05 10:11:07 0 d-----w- C:\ProgramData\Apple
2009-06-17 17:57:06 . 2007-06-16 20:48:40 0 d-----w- C:\Program Files\Microsoft Works
2009-06-15 07:36:57 . 2009-01-29 21:12:38 108552 ----a-w- C:\Windows\system32\drivers\avgtdix.sys
2009-06-12 11:54:42 . 2009-06-12 11:54:19 0 d-----w- C:\Program Files\iTunes
2009-06-12 11:54:28 . 2009-06-12 11:54:28 0 d-----w- C:\Program Files\iPod
2009-06-12 11:54:28 . 2007-10-05 10:11:08 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-12 11:53:13 . 2009-06-12 11:52:38 0 d-----w- C:\Program Files\QuickTime
2009-06-12 11:48:44 . 2009-06-12 11:48:44 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 16:33:00 . 2009-06-10 16:33:00 9899296 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33:00 . 2009-06-10 16:33:00 7611904 ----a-w- C:\Windows\system32\nvd3dum.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 678432 ----a-w- C:\Windows\system32\nvcuvid.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 457248 ----a-w- C:\Windows\system32\nvudisp.exe
2009-06-10 16:33:00 . 2009-06-10 16:33:00 4224 ----a-w- C:\Windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1704960 ----a-w- C:\Windows\system32\nvcuda.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\Windows\system32\nvcod155.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\Windows\system32\nvcod.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1317408 ----a-w- C:\Windows\system32\nvcuvenc.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 10379264 ----a-w- C:\Windows\system32\nvoglv32.dll
2009-06-10 16:33:00 . 2008-12-25 23:08:00 989696 ----a-w- C:\Windows\system32\nvapi.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1505824 ----a-w- C:\Windows\system32\nvcpluir.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1358368 ----a-w- C:\Windows\system32\nvsvsr.dll
2009-06-10 06:35:02 . 2009-06-10 06:35:02 1194528 ----a-w- C:\Windows\system32\nvcplui.exe
2009-06-10 06:35:00 . 2009-06-10 06:35:00 1296928 ----a-w- C:\Windows\system32\nvsvs.dll
2009-06-10 04:33:20 . 2009-06-10 04:33:20 244736 ----a-w- C:\Windows\system32\nvStInst.exe
2009-06-10 04:33:18 . 2009-06-10 04:33:18 467968 ----a-w- C:\Windows\system32\nvstlink.exe
2009-06-10 04:33:08 . 2009-06-10 04:33:08 3953152 ----a-w- C:\Windows\system32\nvstwiz.exe
2009-06-10 04:33:06 . 2009-06-10 04:33:06 141824 ----a-w- C:\Windows\system32\nvStereoApiI.dll
2009-06-10 04:33:04 . 2009-06-10 04:33:04 171520 ----a-w- C:\Windows\system32\nvStereoApiI64.dll
2009-06-10 04:33:00 . 2009-06-10 04:33:00 232960 ----a-w- C:\Windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32:54 . 2009-06-10 04:32:54 257536 ----a-w- C:\Windows\system32\nvSCPAPI.dll
2009-06-10 04:32:48 . 2009-06-10 04:32:48 301568 ----a-w- C:\Windows\system32\nvSCPAPI64.dll
2009-06-10 04:32:40 . 2009-06-10 04:32:40 3293184 ----a-w- C:\Windows\system32\nvstres.dll
2009-06-10 04:32:02 . 2009-06-10 04:32:02 5847 ----a-w- C:\Windows\system32\oglstreg.reg
2009-06-10 04:31:56 . 2009-06-10 04:31:56 167424 ----a-w- C:\Windows\system32\nvstreg.exe
2009-06-10 04:31:46 . 2009-06-10 04:31:46 1718272 ----a-w- C:\Windows\system32\nvsttest.exe
2009-06-10 04:31:12 . 2009-06-10 04:31:12 1034752 ----a-w- C:\Windows\system32\nvstview.exe
2009-06-10 04:31:04 . 2009-06-10 04:31:04 89088 ----a-w- C:\Windows\system32\nvimage.dll
2009-06-10 04:29:22 . 2009-06-10 04:29:22 1656 ----a-w- C:\Windows\system32\nvstdef.reg
2009-06-05 09:42:38 . 2009-06-05 09:42:38 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-06-05 09:42:38 . 2009-06-05 09:42:38 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-06-04 14:39:54 . 2007-06-16 20:30:12 457248 ----a-w- C:\Windows\system32\nvuninst.exe
2009-05-31 16:42:42 . 2009-05-31 16:41:45 0 d-----w- C:\Program Files\GWFreaks
2009-05-23 10:44:13 . 2007-10-05 14:58:47 0 d-----w- C:\Program Files\Common Files\Logitech
2009-05-22 09:43:30 . 2009-05-22 09:43:17 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 05:50:28 . 2009-06-17 18:03:25 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-05-09 05:34:34 . 2009-06-17 18:03:26 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-04-25 17:26:43 . 2009-04-25 17:13:50 177885 ----a-w- C:\Windows\hpoins27.dat
2009-04-23 12:15:07 . 2009-06-11 11:10:51 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-04-23 12:14:10 . 2009-06-11 11:11:16 623616 ----a-w- C:\Windows\system32\localspl.dll
2009-04-21 11:39:47 . 2009-06-11 11:11:43 2034688 ----a-w- C:\Windows\system32\win32k.sys
2009-02-08 11:10:16 . 2008-06-25 19:09:42 134648 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
2006-05-03 09:06:54 . 2008-09-07 20:47:12 163328 --sh--r- C:\Windows\System32\flvDX.dll
2007-02-21 10:47:16 . 2008-09-07 20:47:12 31232 --sh--r- C:\Windows\System32\msfDX.dll
2008-03-16 12:30:52 . 2008-09-07 20:47:12 216064 --sh--r- C:\Windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-11-10 18:36:10 16384]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16:56 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 16:11:16 151552]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [2008-05-02 00:44:08 805392]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-30 00:34:36 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-07-16 12:02:45 1948440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 15:10:28 35696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 15:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-06-05 11:39:22 292136]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-06-10 06:34:46 13785632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-17 20:50:43 148888]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-15 09:26:18 4874240]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - C:\Windows\KHALMNPR.Exe [2008-02-29 01:12:38 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - C:\Windows\KHALMNPR.Exe [2008-02-29 01:12:38 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 09:09:52 44168]

C:\Users\Adriano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-20 143360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-11-10 169472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-3-9 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,23,cf,dc,98,07,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-216507969-2710457650-4199290572-1001]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-216507969-2710457650-4199290572-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CB74BAA-900C-494E-9499-CAB4099F7DF8}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{799934F4-509A-479F-9B29-3FEF40686880}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A6D9E5B1-D13F-49F7-9A21-32BCA8EAE9BA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D7C341E-F2A0-4AFF-81FF-4596AE4DD637}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F9309F68-C179-4187-8178-572F9BBEF02C}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC34A36D-11F4-4050-BF1A-4C4F2AFF3A21}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DA24A35B-65C4-491F-8DE0-543FD29E92D2}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CAC29A5C-A3E2-4622-A79A-4DEEEB7D65D0}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{8EA5D523-8EE7-40C8-B829-24C3803D0CB8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{84673E50-E58B-4243-8671-55437BB9BBF8}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0205DBB3-0EDE-494D-A78F-906EB42EBC04}"= TCP:2300:age of mythology
"{0BE949A3-DE0F-46C6-A293-815B0D6834FE}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{791F9EAC-AAB1-4486-BCF6-EDBC2F2299F9}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1B52C353-8DEA-464F-8290-71C12F92466D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{19DBD531-0B93-40B5-98D1-9FC79D8B994D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{026DC23A-ACC7-40A2-9743-F07BAE556E44}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{B5A2CA16-DA45-46B1-A0D4-BB6D9347766C}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{D3D08961-2901-4352-A02E-B7074B268A41}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= UDP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:battlefrontII
"UDP Query User{D0D72F3F-7DDD-49A5-ADF2-9C0AB4784537}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= TCP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:battlefrontII
"TCP Query User{08EF39B9-4E16-4A1B-80E0-6FA097288072}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DCD3F4C5-9568-447D-B800-06EAA3587C9B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{3B5DF83E-3981-491C-AADC-A82197DC3634}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{CC648D14-6B33-4927-B587-4EF9A76ED49B}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{68F7F22D-6CE8-49AD-9DBF-259B4DD00176}"= UDP:C:\Program Files\DiskTrix\UltimateDefragLite\UDefrag.exe:UltimateDefrag Lite
"{F44FCBBB-AB6B-4DCA-8D6F-D72DADC9C7C4}"= TCP:C:\Program Files\DiskTrix\UltimateDefragLite\UDefrag.exe:UltimateDefrag Lite
"TCP Query User{B4271375-7A2A-40D0-9CEE-7447ADA8D7DA}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{AC089B08-7733-4F13-9ABB-890D295DC2A4}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{5426BFC4-8426-4A79-8205-073261EBE879}C:\\program files\\world of warcraft\\wow-2.3.0-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{2B41F0BE-4D3F-42CF-96F9-F2CB91795ABE}C:\\program files\\world of warcraft\\wow-2.3.0-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{521C2CD9-7012-4C0C-BC5B-DC180DBF6A56}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{9C96E39A-D45D-41FB-813A-A0FAACE2A2D8}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{D45E539C-AF11-4ABD-8FBC-C01D5E94805D}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{30B8C929-B81B-4929-A3B9-BD2B2D88D060}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{373BD64E-95F6-4C04-A535-A436EA9F43DC}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{987D16C5-6659-46D5-8B2E-5D55EBC1B50B}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"TCP Query User{04ED09AE-173A-425A-800F-A48AB7B76F0D}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{F3AE4E10-85C3-4CCD-8D45-1C18742107B9}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{0D2AFBC4-138D-4021-8E63-761AA1F9ABCA}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{19660CDC-5F10-4145-8FB9-A771F042BCEE}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{530DEBE0-58A5-4500-8C90-3B501FAB302D}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"UDP Query User{C0BE0370-5115-4683-AAA3-62CCBFAD8A64}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{9024172E-4694-434E-A790-F3313A9AC0E4}"= UDP:C:\Program Files\Logitech\SetPoint\Launcher.exe:Launcher
"{C1B3F177-BB73-4A6D-AD4C-1D7426002822}"= TCP:C:\Program Files\Logitech\SetPoint\Launcher.exe:Launcher
"{270FB888-3F2F-408D-B877-CFA2D25CE178}"= UDP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{4C2A50D4-3905-42DB-BA90-44B08C41613D}"= TCP:C:\Program Files\CCleaner\CCleaner.exe:CCleaner
"{B1755D9F-3549-47B6-B458-CD9953888837}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{7B80FED9-043B-4F66-AF45-45B472448CB2}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{06555F3C-3699-4D81-949C-87EED6B6A700}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{EC1B9DC2-067D-4F3E-9D1B-9F4389AF36CB}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1266DA6C-C739-4EE9-9974-7976C7DC7B16}C:\\users\\adriano\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= UDP:C:\users\adriano\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"UDP Query User{324933E5-4C9D-44BD-9FF2-304C9C1084E0}C:\\users\\adriano\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= TCP:C:\users\adriano\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"TCP Query User{D6B0EACC-AF44-4C88-8724-CFA50144615B}C:\\program files\\copytracker\\apache\\bin\\apache.exe"= UDP:C:\program files\copytracker\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{F24E7606-1265-4C66-ADC6-7B54E8C8BFBB}C:\\program files\\copytracker\\apache\\bin\\apache.exe"= TCP:C:\program files\copytracker\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{9EE531A9-BB79-42D3-B7F4-E9A30203A15C}C:\\program files\\copytracker\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\copytracker\mysql\bin\mysqld.exe:mysqld
"UDP Query User{18842237-2B1C-41D7-9951-D5E50A8C3BCD}C:\\program files\\copytracker\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\copytracker\mysql\bin\mysqld.exe:mysqld
"TCP Query User{87BC95D7-C1A3-4154-B288-0101F86632D0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{048E3CC6-B56E-44E1-A002-76D60667D74D}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{A606D972-FC8F-44B9-91BB-38D38C315578}C:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{33DF6121-CC64-40E2-8433-FA55D0437B67}C:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{640AAD6D-386F-4BF6-9501-B31044EB44E2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{88018790-57AE-44BF-9331-5F12814BCD6C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1729456F-CC8D-4A9D-8AD3-57C2B2EF73C3}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{3602985E-71C7-4F9F-91A2-21D7C59D02D8}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{B69CAB13-E919-4DED-B457-03B0AEF216A6}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"{CB3EC063-5469-4BB5-A2AF-8727CC43A269}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B359451D-19BD-409D-BF8B-09D1A03C74A6}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{B8401D26-6DD9-4D26-B87D-9DBA404D257C}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{0B5C5FB8-9B36-4974-A01B-096B16D00420}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{8CE8DA90-D4F8-4D54-80D3-3B3D022482AF}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1982C0D4-2711-4B0C-A577-32125B878F7A}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{D270F380-848D-46F2-B4DD-C62057CA177C}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{69303E09-DBFB-413B-A03A-CCC4C998E4CF}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{AFC75F68-F732-47F2-958C-2D3C2FB9E8BC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7D859326-2BE1-4F11-A861-17FB41C0A0E3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{20655A79-7B1D-4185-AEC6-76B6F5A8D162}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{76F359CA-F821-49C6-A56A-4C756B74A85C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{0E3BA166-CBD1-4405-974D-B47BDDFCDE31}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{EB579D5E-9E4B-44DC-8380-0585680AA2D2}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"{AF75F764-6D0C-4B2B-81A9-41481179F1ED}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{746A3AE9-8F5F-462C-B340-9DA089317DDE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{913E7B4F-67E2-4D46-998D-333331622465}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0CA514F1-4355-497A-A5A5-A36293EE353D}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{F9A799D5-7EA8-4C08-839C-02227010D548}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{D2B80AA9-7170-41FD-A043-4DB5F3D21F83}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{52CC2DCA-7CAB-4185-ACD7-BF0A014B88BE}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{A2E081A2-C46E-4113-88BE-11D1F781E241}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{803D9FF9-CDC9-4F6D-ADB1-E162541101C5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{E90C9623-D75F-4C87-876A-F2E34EA7C22A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{9EABD6BE-134B-43CD-8CF0-A4598ACBF2B7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{12AD6F28-0DB6-4BA5-8F46-CCCDFD010306}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C59461BA-BC5F-4F7E-BF27-3EBF287F751C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0A0DCBF0-442E-4FC0-AA35-D3B812D4869C}"= UDP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{70910771-C82F-407F-BAA4-0BC03B12751B}"= TCP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [25.12.2008 17:11:34 335752]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [29.01.2009 23:12:38 108552]
R2 acedrv10;acedrv10;C:\Windows\System32\drivers\ACEDRV10.sys [28.10.2007 17:35:14 583128]
R2 acehlp10;acehlp10;C:\Windows\System32\drivers\acehlp10.sys [26.10.2007 15:53:46 250560]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [25.12.2008 17:11:04 907032]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [25.12.2008 17:11:03 298776]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03.09.2006 10:32:28 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [31.05.2008 15:36:34 810320]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\System32\nvSCPAPISvr.exe [10.06.2009 06:33:00 232960]
R3 APL531;Hercules Dualpix HD Webcam;C:\Windows\System32\drivers\HDvidv.sys [20.12.2008 17:41:24 285952]
R3 camfilt2;camfilt2;C:\Windows\System32\drivers\camfilt2.sys [20.12.2008 17:41:24 103720]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10.05.2006 09:13:52 29696]
S2 TeamViewer4;TeamViewer 4;"C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe" -service --> C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe [?]
S3 CrystalSysInfo;CrystalSysInfo;C:\Program Files\MediaCoder\SysInfo.sys [25.09.2007 16:59:46 15152]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [14.01.2009 09:53:36 23152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
IE: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
IE: {{01AD691E-7E65-4CDB-AA07-23D0C691F239} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - C:\Users\Adriano\AppData\Roaming\Mozilla\Firefox\Profiles\wzmey6nd.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
0
Réponse 16 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 juil. 2009 à 18:39
ok remets un rapport RSIT et dis si encore des soucis

_____________

et si je suis pas dispo pour avancer colle un scan en ligne de chez bitdefender ou kaspersky ou panda


______________

reg cleaner est bien comme ccleaner
sinon glary utilitie aussi (ne pas mettre l'askbar)
http://www.commentcamarche.net/telecharger/telecharger 34055557 glary utilities
0
Réponse 17 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
18 juil. 2009 à 19:28
Logfile of random's system information tool 1.06 (written by random/random)
Run by Adriano at 2009-07-18 19:27:10
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 199 GB (67%) free of 297 GB
Total RAM: 3070 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:15, on 18.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\Users\Adriano\Desktop\RSIT.exe
C:\Program Files\trend micro\Adriano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/de-ch?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Adriano\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FreshDownload - {01AD691E-7E65-4CDB-AA07-23D0C691F239} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Users\Adriano\temp\TeamViewer\Version4\TeamViewer_Service.exe (file missing)
0
Réponse 18 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
19 juil. 2009 à 19:31
Slt,
J'ai fait Hijackthis, et en plus CCleaner, advanced system care, les scans en ligne, AVG, Spybot, regcleaner, une défragmentation avec Auslogik disk defrag, les nettoyages inclus dans Windows et pas de problèmes détectés :)

Pour Toolscleaner, quand j'appuie sur commencer, le programme ne répond plus :( . En tout cas merci pour tout et surtout merci pour avoir pris ton temps. Le problème est résolu je suppose? :)
0
Réponse 19 / 20
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 juil. 2009 à 22:58
oui c'est résolu

tu peux faire un scan en ligne par sureté

sinon bonne suite
0
Réponse 20 / 20
Ros_Capitano Messages postés 18 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 24 juillet 2009 1
20 juil. 2009 à 12:29
ok merci pour tout
0

Discussions similaires

erreur McUICnt.exe
Nanou -
pablito -

7 réponses
Point d'entrée introuvable
sam -
Riri41 -

9 réponses
Erreur : Pas d'entrée video
benzzz -
Jbdjd -

16 réponses