Sujet Précédent Sujet Suivant

Sos pc et navigation tres lent

Résolu/Fermé
fred - 18 oct. 2009 à 11:20
 Utilisateur anonyme - 19 oct. 2009 à 12:16
Bonjour,
voila que depuis une semaine mon pc est tres lent surtout la navigation sur le net et l affichage des pages mon navigateur est opera 10. jn ai scanné avec mbam ad aware ainsi que l antivirus bullguard ; y a rien . de plus j ai 40 processus qui prennnen 650 mo dedié et les ptites fleches de ma livebox qui clignote tout le temps ; merci de votre aide
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
18 oct. 2009 à 11:31
Pour vérifier une infection.

Bonjour

• Télécharge : http://images.malwareremoval.com/random/RSIT.exe
/!\ Important (Sous Vista) /!\
Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
0
fred
18 oct. 2009 à 12:31
AS TU RE9U LE RAPPORT RSIT ?
0
Réponse 2 / 14
fred
18 oct. 2009 à 11:58
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 11:47:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 105 GB (72%) free of 146 GB
Total RAM: 3006 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:07, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ver
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
Réponse 3 / 14
Utilisateur anonyme
18 oct. 2009 à 12:33
• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : c:\windows\system32\bglsp.dll
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.
0
fred
18 oct. 2009 à 13:04
ntivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.18 -
AhnLab-V3 5.0.0.2 2009.10.17 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.17 -
BitDefender 7.2 2009.10.18 -
CAT-QuickHeal 10.00 2009.10.18 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2643 2009.10.18 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 -
eTrust-Vet 35.1.7072 2009.10.16 -
F-Prot 4.5.1.85 2009.10.17 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.18 -
Ikarus T3.1.1.72.0 2009.10.18 -
Jiangmin 11.0.800 2009.10.18 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.18 -
McAfee 5774 2009.10.17 -
McAfee+Artemis 5774 2009.10.17 -
McAfee-GW-Edition 6.8.5 2009.10.18 -
Microsoft 1.5101 2009.10.18 -
NOD32 4519 2009.10.18 -
Norman 6.03.02 2009.10.17 -
nProtect 2009.1.8.0 2009.10.18 -
Panda 10.0.2.2 2009.10.17 -
PCTools 4.4.2.0 2009.10.17 -
Prevx 3.0 2009.10.18 -
Rising 21.51.62.00 2009.10.18 -
Sophos 4.46.0 2009.10.18 -
Sunbelt 3.2.1858.2 2009.10.17 -
Symantec 1.4.4.12 2009.10.18 -
TheHacker 6.5.0.2.045 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.18 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.17 -

Additional information
File size: 87376 bytes
MD5...: e44a9f6f331f8c43ec462f6e2190bcb0
SHA1..: 8f9fe3fefa4d04723ff91a51e80cc3f50f7d23b9
SHA256: 1a64278769d9af9de92842f63da8331da11776867b647bd03372f7cb331c11d5
ssdeep: 1536:OKmfaW7z7RlPjxJcYAJKXsdxw51SqzZZcDOfpMNSRTT:saW7zFlPjQRJK8s<BR>lzZ5fpM<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xdf50<BR>timedatestamp.....: 0x49f5e6e1 (Mon Apr 27 17:09:53 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xd3eb 0xe000 6.13 eb99ab907c6a5e5e60d0d5030eafa60d<BR>.rdata 0xf000 0x1d2c 0x2000 4.70 9751c411e2889a71c00993e55a46aae0<BR>.data 0x11000 0xce4 0x1000 0.34 c328ac3c21cc615114bfb42674b4ad79<BR>.rsrc 0x12000 0x4d0 0x1000 4.03 324e9f596dd9f6fb0e9bc15540a1d680<BR>.reloc 0x13000 0xcaa 0x1000 5.48 a5e44c25e9456ae3f1214f9f09ff46ef<BR><BR>( 6 imports ) <BR>> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, WPUCompleteOverlappedRequest, -, -, WSCEnumProtocols, WSCDeinstallProvider, WSCWriteProviderOrder, WSCGetProviderPath, WSCInstallProvider<BR>> RPCRT4.dll: UuidCreate<BR>> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, GetCurrentThreadId, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, InterlockedExchange, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, Sleep, TlsAlloc, InterlockedDecrement, DebugBreak, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetModuleFileNameW, CloseHandle, GetLastError, InitializeCriticalSection, FreeLibrary, MultiByteToWideChar, GetVersionExW, LoadLibraryW, GetProcAddress, LoadLibraryA, GetSystemDirectoryA, ExpandEnvironmentStringsA, lstrcpyW, HeapAlloc, HeapFree, HeapCreate, HeapDestroy, ExpandEnvironmentStringsW, WideCharToMultiByte, WaitForSingleObject, GetExitCodeThread, CreateEventW, CreateThread, GetCurrentProcessId, SetEvent, ExitThread, ResetEvent, InterlockedIncrement, CreateIoCompletionPort, GetSystemInfo, CreateSemaphoreW, PostQueuedCompletionStatus, WaitForMultipleObjectsEx, ReleaseSemaphore, GetQueuedCompletionStatus, WaitForSingleObjectEx, TlsFree<BR>> USER32.dll: IsWindow, DefWindowProcW, PostQuitMessage, UnregisterClassW, DestroyWindow, DispatchMessageW, TranslateMessage, GetMessageW, CreateWindowExW, RegisterClassW, PostMessageW<BR>> ole32.dll: StringFromGUID2<BR>> MSVCR80.dll: _crt_debugger_hook, __clean_type_info_names_internal, memcpy, _unlock, __dllonexit, _lock, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, _malloc_crt, _encode_pointer, sscanf_s, wcsncpy_s, _vsnwprintf_s, getchar, _onexit, _except_handler4_common, memset, __CppXcptFilter, atol, atoi, free, wcsrchr, sprintf_s, vsprintf_s, wcscpy_s, __2@YAPAXI@Z, strcpy_s, wcstombs_s, strncmp, tolower, _strnicmp<BR><BR>( 5 exports ) <BR>DllRegisterServer, DllUnregisterServer, EnableProxy, GetLspGuid, WSPStartup<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
sigcheck:<BR>publisher....: BullGuard Ltd.<BR>copyright....: (c)2009, BullGuard Ltd. All rights reserved.<BR>product......: BullGuard<BR>description..: BGLsp<BR>original name: BGLsp.dll<BR>internal name: BGLsp<BR>file version.: 8, 5, 0, 5<BR>comments.....: n/a<BR>signers......: BullGuard Ltd.<BR> VeriSign Class 3 Code Signing 2004 CA<BR> Class 3 Public Primary Certification Authority<BR>signing date.: 7:13 PM 4/27/2009<BR>verified.....: -<BR>
0
Réponse 4 / 14
Utilisateur anonyme
18 oct. 2009 à 13:20
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
fred
18 oct. 2009 à 14:19
ComboFix 09-10-17.01 - Administrateur 18/10/2009 13:44.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3006.2510 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\CCM.exe
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\program files\PandoBar
c:\program files\PandoBar\bar\1.bin\P4FFXTBR.JAR
c:\program files\PandoBar\bar\1.bin\P4FFXTBR.MANIFEST
c:\program files\PandoBar\bar\1.bin\P4NTSTBR.JAR
c:\program files\PandoBar\bar\1.bin\P4NTSTBR.MANIFEST
c:\program files\PandoBar\bar\Cache\0042EE75
c:\program files\PandoBar\bar\Cache\0042F5E8
c:\program files\PandoBar\bar\Cache\0042F7EB.bin
c:\program files\PandoBar\bar\Cache\0042FA0E.bin
c:\program files\PandoBar\bar\Cache\0042FBA4.bin
c:\program files\PandoBar\bar\Cache\0042FD6A.bin
c:\program files\PandoBar\bar\Cache\0042FF0F.bin
c:\program files\PandoBar\bar\Cache\004301DE.bin
c:\program files\PandoBar\bar\Cache\004303F1.bin
c:\program files\PandoBar\bar\Cache\files.ini
c:\program files\PandoBar\bar\History\search2
c:\program files\PandoBar\bar\Settings\prevcfg2.htm
c:\recycler\S-1-5-21-1245356875-2385686690-1802670603-500
c:\recycler\S-1-5-21-1750106866-834005870-2730974974-500
c:\recycler\S-1-5-21-2330044836-733123308-2527810264-500
c:\recycler\S-1-5-21-26117862-1833438398-3783790343-500
c:\recycler\S-1-5-21-4047910898-2729944800-3444569254-500
c:\recycler\S-1-5-21-487740131-821976734-78243626-500
c:\recycler\S-1-5-21-553034175-2581091395-2867653378-500
c:\windows\cdmxtras
c:\windows\Installer\10194d0.msi
c:\windows\Installer\103bde.msi
c:\windows\Installer\10d11b.msi
c:\windows\Installer\10d7ac.msi
c:\windows\Installer\10eaff.msp
c:\windows\Installer\10eb10.msp
c:\windows\Installer\10eb21.msp
c:\windows\Installer\10eb2a.msi
c:\windows\Installer\111be0.msi
c:\windows\Installer\1120c71.msi
c:\windows\Installer\114c81c.msi
c:\windows\Installer\114c822.msi
c:\windows\Installer\114c828.msi
c:\windows\Installer\1180b35.msi
c:\windows\Installer\119014.msp
c:\windows\Installer\11901e.msp
c:\windows\Installer\11f9e44.msi
c:\windows\Installer\12274fb.msi
c:\windows\Installer\123313.msi
c:\windows\Installer\1333b4.msi
c:\windows\Installer\137b8dd.msi
c:\windows\Installer\1400b0.msi
c:\windows\Installer\1400b1.msp
c:\windows\Installer\1400b2.msp
c:\windows\Installer\1400b3.msp
c:\windows\Installer\1400b4.msp
c:\windows\Installer\1400b5.msp
c:\windows\Installer\1400ba.msi
c:\windows\Installer\148b4c.msi
c:\windows\Installer\148b55.msp
c:\windows\Installer\1492f5.msi
c:\windows\Installer\14b76fb.msi
c:\windows\Installer\14ba831.msi
c:\windows\Installer\153076.msi
c:\windows\Installer\153d950.msi
c:\windows\Installer\15515.msi
c:\windows\Installer\15a561c.msp
c:\windows\Installer\15a562e.msp
c:\windows\Installer\15dba4d.msi
c:\windows\Installer\15f39c.msi
c:\windows\Installer\15f3be7.msi
c:\windows\Installer\15f3beb.msi
c:\windows\Installer\1653c0.msi
c:\windows\Installer\1653c6.msi
c:\windows\Installer\16a126.msp
c:\windows\Installer\16a137.msp
c:\windows\Installer\16a13e.msi
c:\windows\Installer\16a14e.msp
c:\windows\Installer\16a15f.msp
c:\windows\Installer\16a171.msp
c:\windows\Installer\16a1fd.msp
c:\windows\Installer\16a211.msp
c:\windows\Installer\16a222.msp
c:\windows\Installer\16a233.msp
c:\windows\Installer\16a248.msp
c:\windows\Installer\16a24f.msi
c:\windows\Installer\16a258.msp
c:\windows\Installer\16a427b.msi
c:\windows\Installer\16a6ad.msi
c:\windows\Installer\1727a6f.msi
c:\windows\Installer\174f9be.msi
c:\windows\Installer\175fb9.msi
c:\windows\Installer\179171.msi
c:\windows\Installer\17e78f.msi
c:\windows\Installer\17ffa2.msi
c:\windows\Installer\17ffa8.msi
c:\windows\Installer\180017.msp
c:\windows\Installer\18491f.msi
c:\windows\Installer\184928.msi
c:\windows\Installer\188ca0.msi
c:\windows\Installer\188cba.msp
c:\windows\Installer\18b947.msi
c:\windows\Installer\18dd73d.msi
c:\windows\Installer\190d50c.msi
c:\windows\Installer\19440.msi
c:\windows\Installer\19529.msi
c:\windows\Installer\19e84d8.msi
c:\windows\Installer\19feae0.msi
c:\windows\Installer\1a2a59c.msi
c:\windows\Installer\1a2a5fd.msi
c:\windows\Installer\1a2a665.msi
c:\windows\Installer\1a2a66f.msi
c:\windows\Installer\1a2a697.msi
c:\windows\Installer\1a6f081.msi
c:\windows\Installer\1a7728.msi
c:\windows\Installer\1b13d3c.msi
c:\windows\Installer\1b18d1e.msi
c:\windows\Installer\1b18d25.msi
c:\windows\Installer\1b18d2d.msi
c:\windows\Installer\1c45d9f.msi
c:\windows\Installer\1c735f.msi
c:\windows\Installer\1c8904.msi
c:\windows\Installer\1dab978.msi
c:\windows\Installer\1dab9be.msi
c:\windows\Installer\1db7355.msp
c:\windows\Installer\1e029b.msi
c:\windows\Installer\1e512f.msi
c:\windows\Installer\1e96106.msi
c:\windows\Installer\1ea413.msi
c:\windows\Installer\1ea41c.msi
c:\windows\Installer\1edf78.msi
c:\windows\Installer\1edf91.msp
c:\windows\Installer\1f10673.msp
c:\windows\Installer\1f10684.msp
c:\windows\Installer\1f10695.msp
c:\windows\Installer\20c2e80.msi
c:\windows\Installer\21283d.msi
c:\windows\Installer\212846.msi
c:\windows\Installer\215ab36.msi
c:\windows\Installer\223cd.msi
c:\windows\Installer\224ef5d.msi
c:\windows\Installer\224ef66.msp
c:\windows\Installer\2284ffa.msi
c:\windows\Installer\23200.msi
c:\windows\Installer\2331501.msi
c:\windows\Installer\23649.msi
c:\windows\Installer\236b88.msi
c:\windows\Installer\23796.msi
c:\windows\Installer\237d46.msi
c:\windows\Installer\237d47.msp
c:\windows\Installer\237d48.msp
c:\windows\Installer\237d49.msp
c:\windows\Installer\237d4a.msp
c:\windows\Installer\237d4b.msp
c:\windows\Installer\237d4c.msp
c:\windows\Installer\237d4d.msp
c:\windows\Installer\237d4e.msp
c:\windows\Installer\237d4f.msp
c:\windows\Installer\23c71cb.msi
c:\windows\Installer\23c71d4.msp
c:\windows\Installer\23ee51.msi
c:\windows\Installer\24c15.msi
c:\windows\Installer\24e79.msi
c:\windows\Installer\2518c.msi
c:\windows\Installer\251a5.msp
c:\windows\Installer\251ab.msi
c:\windows\Installer\251b1.msi
c:\windows\Installer\251b9.msi
c:\windows\Installer\25513.msi
c:\windows\Installer\2551b.msi
c:\windows\Installer\25534.msp
c:\windows\Installer\2553a.msi
c:\windows\Installer\25636c6.msi
c:\windows\Installer\25636c7.msp
c:\windows\Installer\25636c8.msp
c:\windows\Installer\25636c9.msp
c:\windows\Installer\25636ca.msp
c:\windows\Installer\25636cb.msp
c:\windows\Installer\25636cc.msp
c:\windows\Installer\25636cd.msp
c:\windows\Installer\25636ce.msp
c:\windows\Installer\25636cf.msp
c:\windows\Installer\2569f6.msi
c:\windows\Installer\25d5df.msi
c:\windows\Installer\25d5e7.msp
c:\windows\Installer\25e4cd.msi
c:\windows\Installer\26124.msi
c:\windows\Installer\2653436.msi
c:\windows\Installer\265da6.msi
c:\windows\Installer\26c48.msi
c:\windows\Installer\2724ff.msp
c:\windows\Installer\2732ee.msi
c:\windows\Installer\27b3a3.msp
c:\windows\Installer\27b3b5.msp
c:\windows\Installer\28651e9.msi
c:\windows\Installer\28651f1.msi
c:\windows\Installer\28651f9.msi
c:\windows\Installer\28abd4.msi
c:\windows\Installer\2a3d49d.msi
c:\windows\Installer\2a3d722.msi
c:\windows\Installer\2a8cc.msi
c:\windows\Installer\2a94721.msp
c:\windows\Installer\2b59831.msi
c:\windows\Installer\2b5990a.msi
c:\windows\Installer\2baa3.msp
c:\windows\Installer\2cb6e4.msi
c:\windows\Installer\2cdd9e.msi
c:\windows\Installer\2d9a8.msi
c:\windows\Installer\2d9c1.msp
c:\windows\Installer\2d9c7.msi
c:\windows\Installer\2e0f1d2.msi
c:\windows\Installer\2e1a7b0.msi
c:\windows\Installer\2e1d72a.msi
c:\windows\Installer\2e1d733.msp
c:\windows\Installer\2f24bf6.msi
c:\windows\Installer\2f55f.msi
c:\windows\Installer\3017d8.msi
c:\windows\Installer\3038f2.msi
c:\windows\Installer\3038f8.msi
c:\windows\Installer\3038fe.msi
c:\windows\Installer\303904.msi
c:\windows\Installer\30390a.msi
c:\windows\Installer\303910.msi
c:\windows\Installer\303916.msi
c:\windows\Installer\30391c.msi
c:\windows\Installer\306f68.msi
c:\windows\Installer\31003e.msi
c:\windows\Installer\31f10.msi
c:\windows\Installer\3220aa.msi
c:\windows\Installer\326681e.msi
c:\windows\Installer\3433c8.msi
c:\windows\Installer\3433cd.msi
c:\windows\Installer\350592.msi
c:\windows\Installer\36e8a9.msi
c:\windows\Installer\36e8b2.msi
c:\windows\Installer\36f3662.msi
c:\windows\Installer\389fc1e.msi
c:\windows\Installer\396745.msi
c:\windows\Installer\39ddd.msi
c:\windows\Installer\3aa8f0.msi
c:\windows\Installer\3aff32.msi
c:\windows\Installer\3b8a92.msi
c:\windows\Installer\3b8a9b.msi
c:\windows\Installer\3d1c07.msi
c:\windows\Installer\3dc022.msi
c:\windows\Installer\3e7fd.msi
c:\windows\Installer\3f8de.msi
c:\windows\Installer\3fd5d.msi
c:\windows\Installer\40080.msi
c:\windows\Installer\41b7be.msi
c:\windows\Installer\41c8a8.msi
c:\windows\Installer\41c8b0.msp
c:\windows\Installer\426c00c.msi
c:\windows\Installer\42c84.msi
c:\windows\Installer\42ca4.msi
c:\windows\Installer\43cf0d.msi
c:\windows\Installer\43cf11.msi
c:\windows\Installer\43f07a.msi
c:\windows\Installer\45423.msp
c:\windows\Installer\457fd.msi
c:\windows\Installer\45cac.msi
c:\windows\Installer\46d96.msi
c:\windows\Installer\471c1.msi
c:\windows\Installer\48187.msi
c:\windows\Installer\4819e.msp
c:\windows\Installer\481a2.msi
c:\windows\Installer\481a8.msi
c:\windows\Installer\4841a9.msp
c:\windows\Installer\48eb7.msp
c:\windows\Installer\4a6220.msi
c:\windows\Installer\4bfce7.msi
c:\windows\Installer\4d5632.msi
c:\windows\Installer\4e4d95.msi
c:\windows\Installer\4e50e1.msp
c:\windows\Installer\4e50f3.msp
c:\windows\Installer\4e5105.msp
c:\windows\Installer\4e5118.msp
c:\windows\Installer\4e512e.msp
c:\windows\Installer\4e5140.msp
c:\windows\Installer\4e51ec.msp
c:\windows\Installer\4e5201.msp
c:\windows\Installer\4e5213.msp
c:\windows\Installer\4e5224.msp
c:\windows\Installer\4e5235.msp
c:\windows\Installer\4e524a.msp
c:\windows\Installer\4e52dc.msp
c:\windows\Installer\4e52e5.msi
c:\windows\Installer\4f649d.msp
c:\windows\Installer\4f752b.msi
c:\windows\Installer\4fdb56.msi
c:\windows\Installer\504c4.msi
c:\windows\Installer\505f1.msi
c:\windows\Installer\50606.msi
c:\windows\Installer\50738.msi
c:\windows\Installer\5073f.msi
c:\windows\Installer\50759.msi
c:\windows\Installer\5075f.msi
c:\windows\Installer\50765.msi
c:\windows\Installer\5076b.msi
c:\windows\Installer\50771.msi
c:\windows\Installer\514ec8.msi
c:\windows\Installer\51757.msi
c:\windows\Installer\51d62.msi
c:\windows\Installer\52f0cc.msi
c:\windows\Installer\52f418.msp
c:\windows\Installer\53fed8.msi
c:\windows\Installer\5440d.msi
c:\windows\Installer\551a5.msi
c:\windows\Installer\5a2dda.msi
c:\windows\Installer\5c85a.msi
c:\windows\Installer\5cc64c.msi
c:\windows\Installer\5cf93.msi
c:\windows\Installer\5d223.msi
c:\windows\Installer\5ebd5.msi
c:\windows\Installer\5ebee.msp
c:\windows\Installer\5f135e.msi
c:\windows\Installer\5f15c7.msi
c:\windows\Installer\5f1828.msi
c:\windows\Installer\5f87f.msi
c:\windows\Installer\61da0.msi
c:\windows\Installer\626d4.msi
c:\windows\Installer\626e9.msi
c:\windows\Installer\62d45d.msi
c:\windows\Installer\62e333.msi
c:\windows\Installer\6a85ac.msi
c:\windows\Installer\6b8a79.msi
c:\windows\Installer\6be6ee.msi
c:\windows\Installer\6be950.msi
c:\windows\Installer\6be956.msi
c:\windows\Installer\6e050a.msp
c:\windows\Installer\73df9.msi
c:\windows\Installer\74d2b.msi
c:\windows\Installer\755bd.msi
c:\windows\Installer\75cd4.msi
c:\windows\Installer\76f437.msi
c:\windows\Installer\76f44d.msi
c:\windows\Installer\782400.msi
c:\windows\Installer\782409.msi
c:\windows\Installer\78cde.msi
c:\windows\Installer\7a2aa3.msi
c:\windows\Installer\7a2def.msp
c:\windows\Installer\7b9304.msi
c:\windows\Installer\7b9305.msp
c:\windows\Installer\7b9306.msp
c:\windows\Installer\7b9307.msp
c:\windows\Installer\7b9308.msp
c:\windows\Installer\7b9309.msp
c:\windows\Installer\7b930a.msp
c:\windows\Installer\7b930b.msp
c:\windows\Installer\7b930c.msp
c:\windows\Installer\7b930d.msp
c:\windows\Installer\7c0d4.msp
c:\windows\Installer\7d209.msi
c:\windows\Installer\7e9f9.msi
c:\windows\Installer\7f0d0.msi
c:\windows\Installer\7f3fa.msp
c:\windows\Installer\7f40b.msp
c:\windows\Installer\7f41c.msp
c:\windows\Installer\7f424.msi
c:\windows\Installer\7f4af.msp
c:\windows\Installer\7f4c0.msp
c:\windows\Installer\7f4d3.msp
c:\windows\Installer\7f4e5.msp
c:\windows\Installer\7f4f6.msp
c:\windows\Installer\7f507.msp
c:\windows\Installer\7f518.msp
c:\windows\Installer\7f52a.msp
c:\windows\Installer\7f53b.msp
c:\windows\Installer\7f54c.msp
c:\windows\Installer\7fc50.msp
c:\windows\Installer\8158cc.msi
c:\windows\Installer\8158cd.msp
c:\windows\Installer\8158ce.msp
c:\windows\Installer\8158cf.msp
c:\windows\Installer\8158d0.msp
c:\windows\Installer\8158d1.msp
c:\windows\Installer\8158d2.msp
c:\windows\Installer\8158d3.msp
c:\windows\Installer\8158d4.msp
c:\windows\Installer\8158d5.msp
c:\windows\Installer\81dd5d.msi
c:\windows\Installer\81dd5e.msp
c:\windows\Installer\81dd5f.msp
c:\windows\Installer\81dd60.msp
c:\windows\Installer\81dd61.msp
c:\windows\Installer\81dd62.msp
c:\windows\Installer\82c1923.msi
c:\windows\Installer\82c1930.msi
c:\windows\Installer\85530f.msi
c:\windows\Installer\86676b.msi
c:\windows\Installer\866792.msi
c:\windows\Installer\871dda.msi
c:\windows\Installer\8b74566.msi
c:\windows\Installer\8cb8e77.msi
c:\windows\Installer\8cb8e7d.msi
c:\windows\Installer\8cb8e84.msi
c:\windows\Installer\8cb8e9e.msi
c:\windows\Installer\8cb8ea4.msi
c:\windows\Installer\8cb8eaa.msi
c:\windows\Installer\8cb8eb0.msi
c:\windows\Installer\8cb8eb6.msi
c:\windows\Installer\8d48cd.msi
c:\windows\Installer\8e4b9.msi
c:\windows\Installer\8f2420.msi
c:\windows\Installer\99543.msi
c:\windows\Installer\9a11d.msi
c:\windows\Installer\9b4bb9.msi
c:\windows\Installer\9d0111.msi
c:\windows\Installer\a16cd77.msi
c:\windows\Installer\a287b.msi
c:\windows\Installer\a2887.msp
c:\windows\Installer\a28be.msp
c:\windows\Installer\a28d4.msp
c:\windows\Installer\a28e6.msp
c:\windows\Installer\a28f8.msp
c:\windows\Installer\a290a.msp
c:\windows\Installer\a291f.msp
c:\windows\Installer\a29b8.msp
c:\windows\Installer\a2a63.msp
c:\windows\Installer\a2acf.msp
c:\windows\Installer\a2ae0.msp
c:\windows\Installer\a2b1a.msp
c:\windows\Installer\a2b2f.msp
c:\windows\Installer\a3c9ab.msi
c:\windows\Installer\a9445.msi
c:\windows\Installer\ab633.msi
c:\windows\Installer\abf26f.msi
c:\windows\Installer\ac0dc9.msi
c:\windows\Installer\ac9ab.msi
c:\windows\Installer\ad0d1.msi
c:\windows\Installer\ae20cb.msi
c:\windows\Installer\aed481.msi
c:\windows\Installer\b23e420.msi
c:\windows\Installer\b2d17c.msi
c:\windows\Installer\b2d1eb.msp
c:\windows\Installer\b770c4.msi
c:\windows\Installer\c14d26.msi
c:\windows\Installer\c14f88.msi
c:\windows\Installer\c2cc1.msp
c:\windows\Installer\c2cd2.msp
c:\windows\Installer\c2ce3.msp
c:\windows\Installer\c2ceb.msi
c:\windows\Installer\c2cfb.msp
c:\windows\Installer\c2d0c.msp
c:\windows\Installer\c2d1d.msp
c:\windows\Installer\c2d2f.msp
c:\windows\Installer\c2dbb.msp
c:\windows\Installer\c2dce.msp
c:\windows\Installer\c2ddf.msp
c:\windows\Installer\c2df0.msp
c:\windows\Installer\c2e01.msp
c:\windows\Installer\c2e13.msp
c:\windows\Installer\c841f.msi
c:\windows\Installer\c8438.msp
c:\windows\Installer\c8440.msi
c:\windows\Installer\c8cb8.msi
c:\windows\Installer\c9f7a2.msi
c:\windows\Installer\cf364.msi
c:\windows\Installer\cfbf20.msi
c:\windows\Installer\cfbf26.msi
c:\windows\Installer\cfbf2c.msi
c:\windows\Installer\cfbf32.msi
c:\windows\Installer\cfbf37.msi
c:\windows\Installer\d50957.msi
c:\windows\Installer\d8d09e.msi
c:\windows\Installer\d8d0a5.msp
c:\windows\Installer\d8e5a.msi
c:\windows\Installer\d9508e.msi
c:\windows\Installer\da334.msi
c:\windows\Installer\db043.msi
c:\windows\Installer\e00502.msi
c:\windows\Installer\e0050b.msi
c:\windows\Installer\e006bb.msi
c:\windows\Installer\e4ad97.msi
c:\windows\Installer\e4adaa.msi
c:\windows\Installer\e9be3.msi
c:\windows\Installer\e9c52.msp
c:\windows\Installer\f2808.msi
c:\windows\Installer\fb715c.msi
c:\windows\kb913800.exe
c:\windows\patch.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\Process.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-18 au 2009-10-18 ))))))))))))))))))))))))))))))))))))
.

2009-10-18 09:47 . 2009-10-18 09:48 -------- d-----w- C:\rsit
2009-10-18 00:46 . 2009-10-18 00:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HpUpdate
2009-10-18 00:46 . 2009-10-18 00:46 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-18 00:38 . 2007-06-18 16:57 219136 ----a-w- c:\windows\system32\sqlite3_engine.dll
2009-10-17 21:31 . 2009-10-17 21:31 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2009-10-17 21:26 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-17 21:24 . 2009-10-17 21:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 21:24 . 2009-10-17 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-17 21:24 . 2009-10-17 21:24 -------- d-----w- c:\program files\Lavasoft
2009-10-17 13:08 . 2009-06-30 02:48 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-10-17 12:27 . 2009-06-30 22:42 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-17 12:27 . 2006-03-02 23:30 101888 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2009-10-17 11:39 . 2009-10-17 11:45 -------- d-----w- c:\windows\NV4820860.TMP
2009-10-17 10:06 . 2009-10-17 10:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-11 15:40 . 2004-08-09 13:00 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe
2009-10-11 14:40 . 2009-10-11 14:41 -------- d-----w- C:\$WIN_NT$.~BT
2009-10-09 23:07 . 2009-10-09 23:07 724992 ----a-w- c:\windows\iun6002.exe
2009-10-09 23:07 . 2009-10-09 23:12 -------- d-----w- c:\program files\SpeedItUpFree
2009-10-03 16:00 . 2009-07-01 09:55 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-10-02 14:21 . 2009-10-02 14:21 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-09-28 13:34 . 2009-09-28 13:39 -------- d-----w- c:\program files\Uniblue
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-24 18:35 . 2009-09-24 18:35 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help
2009-09-23 06:31 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 11:37 . 2009-08-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-10-18 00:47 . 2006-09-19 13:53 -------- d-----w- c:\program files\HP
2009-10-18 00:45 . 2009-06-23 09:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WIPE
2009-10-18 00:38 . 2009-06-23 09:39 -------- d-----w- c:\program files\Wipe
2009-10-17 22:20 . 2008-11-10 22:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator
2009-10-17 19:16 . 2008-09-05 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-17 13:26 . 2008-02-17 02:09 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-17 12:36 . 2005-10-10 11:39 86024 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-17 12:36 . 2005-10-10 11:39 513088 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-17 12:21 . 2008-02-24 13:56 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-16 22:27 . 2008-08-18 16:22 -------- d-----w- c:\program files\Regcorrector
2009-10-16 22:26 . 2008-08-18 16:22 -------- d-----w- c:\program files\BeClean
2009-10-16 22:24 . 2009-08-29 20:49 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AngelCleaner
2009-10-16 14:16 . 2008-11-10 22:58 -------- d-----w- c:\program files\Spyware Terminator
2009-10-16 14:14 . 2008-11-10 22:59 -------- d-----w- c:\program files\WinClamAVShield
2009-10-16 14:14 . 2008-11-10 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-10-14 12:26 . 2008-11-30 15:39 -------- d-----w- c:\program files\a-squared HiJackFree
2009-10-14 12:24 . 2006-09-19 14:03 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-12 13:24 . 2008-10-27 14:33 -------- d-----w- c:\program files\a-squared Free
2009-10-11 06:34 . 2009-06-04 08:50 -------- d-----w- c:\program files\Glary Utilities
2009-10-10 15:36 . 2008-11-01 10:59 -------- d-----w- c:\program files\Piratrax
2009-10-10 10:04 . 2009-08-29 11:19 -------- d-----w- c:\program files\ZebHelpProcess
2009-10-03 22:18 . 2009-08-28 22:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BullGuard
2009-09-28 13:34 . 2008-03-07 23:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Uniblue
2009-09-27 16:19 . 2009-09-27 16:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 14:12 . 2009-04-30 20:02 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-04-30 20:02 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2009-02-09 12:18 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2008-08-01 12:48 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2006-09-19 13:49 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2006-09-19 13:49 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2006-09-19 13:49 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2006-09-19 13:49 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2006-09-19 13:49 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2006-09-19 13:49 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 08:27 . 2008-02-22 16:44 -------- d-----w- c:\program files\ma-config.com
2009-09-19 01:01 . 2006-09-19 13:49 485992 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-18 14:45 . 2006-09-19 13:34 -------- d-----w- c:\program files\Java
2009-09-17 12:50 . 2008-11-23 12:10 485992 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-13 08:18 . 2006-09-19 13:57 -------- d-----w- c:\program files\Fichiers communs\Real
2009-09-13 08:18 . 2009-09-13 08:18 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-09-13 08:17 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-13 08:17 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-13 08:10 . 2008-03-24 17:01 -------- d-----w- c:\program files\QuickTime
2009-09-13 08:08 . 2008-03-24 17:01 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-12 22:16 . 2008-03-04 16:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OfficeUpdate12
2009-09-11 21:55 . 2009-05-22 20:43 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 08:20 . 2008-05-10 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2008-11-23 14:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-11-23 14:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 07:45 . 2008-02-24 13:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 04:17 . 2009-09-06 04:17 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-09-05 22:58 . 2009-09-05 22:39 -------- d-----w- c:\program files\Haysoft
2009-09-04 22:03 . 2008-02-17 00:38 -------- d-----w- c:\program files\Opera
2009-09-04 21:53 . 2008-05-15 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-09-04 21:04 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 15:45 . 2009-08-30 10:42 -------- d-----w- c:\program files\PCPitstop
2009-08-30 12:17 . 2008-08-14 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-30 12:17 . 2006-09-19 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 12:10 . 2009-08-30 12:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Systweak
2009-08-30 12:07 . 2009-08-30 12:07 -------- d-----w- c:\program files\NewASOfr
2009-08-30 10:42 . 2009-08-30 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-08-29 21:18 . 2008-12-13 11:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\iolo
2009-08-29 07:56 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 22:40 . 2009-06-26 19:37 -------- d-----w- c:\program files\Trend Micro
2009-08-28 22:38 . 2009-08-28 22:38 -------- d-----w- c:\program files\BullGuard Ltd
2009-08-26 08:01 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 09:44 . 2009-07-31 22:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Software Informer
2009-08-21 21:29 . 2008-10-12 01:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-21 21:27 . 2008-10-12 01:05 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-08-19 18:49 . 2009-04-12 09:09 81920 ----a-w- c:\windows\system32\lxducaps.dll
2009-08-19 18:49 . 2009-04-12 09:09 1036288 ----a-w- c:\windows\system32\lxdudrs.dll
2009-08-14 23:12 . 2008-11-26 15:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 09:00 . 2004-08-10 11:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2004-08-10 11:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2004-08-10 11:00 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-01 22:32 . 2008-12-13 14:53 6078496 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-01 22:32 . 2008-12-13 14:53 1433632 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-01 12:19 . 2009-05-30 16:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-03-18 22:16 . 2008-03-18 22:16 251 ----a-w- c:\program files\wt3d.ini
2006-10-12 18:36 . 2008-05-29 17:03 2097152 ----a-w- c:\program files\0803.bin
2004-03-18 13:22 . 2008-08-14 20:17 5 ----a-w- c:\program files\DISK1.ID
2004-03-18 13:22 . 2008-08-14 20:17 46 ----a-w- c:\program files\SETUP.INI
2004-03-18 13:22 . 2008-08-14 20:17 421336 ----a-w- c:\program files\_SETUP.1
2004-03-18 13:22 . 2008-08-14 20:17 209 ----a-w- c:\program files\SETUP.PKG
2004-03-18 13:22 . 2008-08-14 20:17 191442 ----a-w- c:\program files\_SETUP.LIB
2001-05-03 14:58 . 2008-08-14 20:06 3495 ----a-w- c:\program files\ReadMe.txt
2001-04-23 19:46 . 2008-08-14 20:06 1021 ----a-w- c:\program files\INSTALL.txt
2001-03-16 13:26 . 2008-08-14 20:06 4206 ----a-w- c:\program files\Language.ini
2001-01-05 23:08 . 2008-08-20 17:09 532992 ----a-w- c:\program files\CacheMaster.exe
2000-11-18 23:15 . 2008-08-20 17:09 30373 ----a-w- c:\program files\CMGUIDE.HLP
2000-11-17 10:52 . 2008-08-20 17:09 54784 ----a-w- c:\program files\CMSetup.exe
2000-11-11 07:21 . 2008-08-20 17:09 169 ----a-w- c:\program files\CMSetup.ini
2000-11-11 05:52 . 2008-08-20 17:09 423 ----a-w- c:\program files\CMGuide.cnt
1997-04-17 16:48 . 2008-08-14 20:17 66750 ----a-w- c:\program files\SETUP.INS
1996-10-03 15:30 . 2008-08-14 20:17 11264 ----a-w- c:\program files\_SETUP.DLL
1996-07-24 03:00 . 2008-08-14 20:17 316789 ----a-w- c:\program files\_INST32I.EX_
1995-09-07 19:22 . 2008-08-14 20:17 8192 ----a-w- c:\program files\_ISDEL.EXE
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-12-24 14:59 . 2008-02-17 06:50 32 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-09-28 12:31 . 2008-11-23 11:05 242 --sha-r- c:\windows\system32\config\systemprofile\Bureau\RONPNJ.bat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-09-08 304464]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Opera\\OPERA.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/10/2009 23:26 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [13/05/2009 21:03 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [13/05/2009 21:03 27656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23/11/2008 15:30 142592]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [29/08/2009 00:38 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [10/08/2004 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [10/08/2004 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [10/08/2004 13:00 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 13:17 1170768]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\W32X86\3\lxduserv.exe [12/04/2009 11:09 98984]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23/03/2009 14:07 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23/03/2009 14:07 257304]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [05/12/2008 15:42 34304]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [09/05/2009 16:39 165888]
S1 SuperMounter;SuperMounter; [x]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [01/06/2009 13:50 79184]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 14:20 12648]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SBRE;SBRE; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-10-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:25]

2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-04 17:27]

2009-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 12:05]

2009-10-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 15:36]

2009-10-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-13 07:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
LSP: c:\windows\system32\BGLsp.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\892cypym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw=
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

pref(dom.disable_open_during_load, false);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 13:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,bd,3a,99,fc,2f,dc,46,ab,63,73,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,bd,3a,99,fc,2f,dc,46,ab,63,73,\

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
@DACL=(02 0000)
"NoRun"=dword:00000001

[HKEY_USERS\S-1-5-20\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D2C5E510-BE6D-42CC-9F61-E4F939078474}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Lexmark Printable Web\\bho.dll"
"ThreadingModel"="Apartment"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(1712)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(2796)
c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Ltd\BullGuard\res\fr\PluginHookRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\arservice.exe
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\windows\ehome\ehrecvr.exe
c:\ccm\CF26259.exe
c:\windows\ehome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\lxducoms.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\Lexmark 5600-6600 Series\lxdumsdmon.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-10-18 14:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-18 12:05

Avant-CF: 109 637 337 088 octets libres
Après-CF: 109 100 449 792 octets libres

843 --- E O F --- 2009-10-16 13:14
0
fred
18 oct. 2009 à 14:36
apres combofix tout fonctionner super j ai réactivé l antivirus bullguard et microsoft security essentials et là ça redevient lent ; peux tu me dire quelle etait l infection et pourquoi MBAM ne l a pas detecté merci . QUE FAIRE MAINTENANT
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Utilisateur anonyme
18 oct. 2009 à 15:08
Tu as 2 antivirus par conséquent ils rentrent en conflit et ne remplissent plus leur roles de barrieres.
Vires ce programmes:BullGuard

Post un nouveau rapport rsit.
0
fred
18 oct. 2009 à 15:39
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 15:31:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 105 GB (72%) free of 146 GB
Total RAM: 3006 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:25, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
Réponse 6 / 14
Utilisateur anonyme
18 oct. 2009 à 16:49
Ouvres ce fichier. C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

• Choisi do a system scan only cette fois-ci.
• Puis coche les lignes suivantes et appuie sur fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)

• Post un nouveau rapport.
0
fred
18 oct. 2009 à 17:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:35, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
fred
18 oct. 2009 à 17:45
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 17:39:24
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 106 GB (72%) free of 146 GB
Total RAM: 3006 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:33, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
Réponse 7 / 14
Utilisateur anonyme
18 oct. 2009 à 17:52
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.



:processes
explorer.exe

:services
fwpirfoc

:drivers
neokdss


:files
C:\WINDOWS\system32\Drivers\neokdss.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwpirfoc.sys



:commands
[emptytemp]
[purity]
[start explorer]
[reboot]



-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
fred
18 oct. 2009 à 18:09
All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Service\Driver fwpirfoc not found.
Service\Driver fwpirfoc not found.
Error: Unable to interpret <:drivers > in the current context!
Error: Unable to interpret <neokdss > in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\Drivers\neokdss.sys not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwpirfoc.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 3890419 bytes
->Temporary Internet Files folder emptied: 364561 bytes
->FireFox cache emptied: 45568488 bytes
->Opera cache emptied: 8080821 bytes

User: All Users

User: Default User
->Temp folder emptied: 3869047 bytes
->Temporary Internet Files folder emptied: 444348 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 30907700 bytes
->Opera cache emptied: 39576406 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 115348 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 44807023 bytes
->Opera cache emptied: 406411 bytes

User: NetworkService
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log scheduled to be deleted on reboot.
->Temp folder emptied: 11668 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV12804084.TMP folder deleted successfully.
C:\WINDOWS\NV14403800.TMP folder deleted successfully.
C:\WINDOWS\NV15283948.TMP folder deleted successfully.
C:\WINDOWS\NV17722112.TMP folder deleted successfully.
C:\WINDOWS\NV22042276.TMP folder deleted successfully.
C:\WINDOWS\NV22562620.TMP folder deleted successfully.
C:\WINDOWS\NV22762796.TMP folder deleted successfully.
C:\WINDOWS\NV22763716.TMP folder deleted successfully.
C:\WINDOWS\NV22963468.TMP folder deleted successfully.
C:\WINDOWS\NV2316396.TMP folder deleted successfully.
C:\WINDOWS\NV24523400.TMP folder deleted successfully.
C:\WINDOWS\NV2452356.TMP folder deleted successfully.
C:\WINDOWS\NV25043476.TMP folder deleted successfully.
C:\WINDOWS\NV25163272.TMP folder deleted successfully.
C:\WINDOWS\NV2628248.TMP folder deleted successfully.
C:\WINDOWS\NV2660520.TMP folder deleted successfully.
C:\WINDOWS\NV27043752.TMP folder deleted successfully.
C:\WINDOWS\NV29321652.TMP folder deleted successfully.
C:\WINDOWS\NV29362464.TMP folder deleted successfully.
C:\WINDOWS\NV3012896.TMP folder deleted successfully.
C:\WINDOWS\NV30401892.TMP folder deleted successfully.
C:\WINDOWS\NV31243900.TMP folder deleted successfully.
C:\WINDOWS\NV32323928.TMP folder deleted successfully.
C:\WINDOWS\NV32843444.TMP folder deleted successfully.
C:\WINDOWS\NV32883344.TMP folder deleted successfully.
C:\WINDOWS\NV33203328.TMP folder deleted successfully.
C:\WINDOWS\NV33281440.TMP folder deleted successfully.
C:\WINDOWS\NV35242476.TMP folder deleted successfully.
C:\WINDOWS\NV360452.TMP folder deleted successfully.
C:\WINDOWS\NV36521648.TMP folder deleted successfully.
C:\WINDOWS\NV36522104.TMP folder deleted successfully.
C:\WINDOWS\NV36642584.TMP folder deleted successfully.
C:\WINDOWS\NV37043620.TMP folder deleted successfully.
C:\WINDOWS\NV37043736.TMP folder deleted successfully.
C:\WINDOWS\NV37043928.TMP folder deleted successfully.
C:\WINDOWS\NV37482520.TMP folder deleted successfully.
C:\WINDOWS\NV37482724.TMP folder deleted successfully.
C:\WINDOWS\NV38043444.TMP folder deleted successfully.
C:\WINDOWS\NV39003656.TMP folder deleted successfully.
C:\WINDOWS\NV39403628.TMP folder deleted successfully.
C:\WINDOWS\NV3968936.TMP folder deleted successfully.
C:\WINDOWS\NV39842412.TMP folder deleted successfully.
C:\WINDOWS\NV40122028.TMP folder deleted successfully.
C:\WINDOWS\NV40123972.TMP folder deleted successfully.
C:\WINDOWS\NV40162536.TMP folder deleted successfully.
C:\WINDOWS\NV40443540.TMP folder deleted successfully.
C:\WINDOWS\NV4820860.TMP folder deleted successfully.
C:\WINDOWS\NV5401280.TMP folder deleted successfully.
C:\WINDOWS\NV56642564.TMP folder deleted successfully.
C:\WINDOWS\NV5922884.TMP folder deleted successfully.
C:\WINDOWS\NV592932.TMP folder deleted successfully.
C:\WINDOWS\NV6123916.TMP folder deleted successfully.
C:\WINDOWS\NV6561052.TMP folder deleted successfully.
C:\WINDOWS\NV6561064.TMP folder deleted successfully.
C:\WINDOWS\NV6641064.TMP folder deleted successfully.
C:\WINDOWS\NV6763820.TMP folder deleted successfully.
C:\WINDOWS\NV7243076.TMP folder deleted successfully.
C:\WINDOWS\NV7602052.TMP folder deleted successfully.
C:\WINDOWS\NV8281040.TMP folder deleted successfully.
C:\WINDOWS\NV8481320.TMP folder deleted successfully.
C:\WINDOWS\NV8561312.TMP folder deleted successfully.
C:\WINDOWS\NV8601328.TMP folder deleted successfully.
C:\WINDOWS\NV8603908.TMP folder deleted successfully.
%systemroot% .tmp files removed: 449252081 bytes
%systemroot%\System32 .tmp files removed: 172032 bytes
File delete failed. C:\WINDOWS\temp\TMP00000006D027103B9EFE6FEE scheduled to be deleted on reboot.
Windows Temp folder emptied: 587436 bytes
RecycleBin emptied: 91239 bytes

Total Files Cleaned = 599,08 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10182009_175523

Files moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.
File C:\WINDOWS\temp\TMP00000006D027103B9EFE6FEE not found!

Registry entries deleted on Reboot...
0
Réponse 8 / 14
Utilisateur anonyme
18 oct. 2009 à 18:36
Post un nouveau rapport rsit.
0
fred
18 oct. 2009 à 18:55
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 18:48:53
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 106 GB (73%) free of 146 GB
Total RAM: 3006 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:03, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
fred > fred
18 oct. 2009 à 19:43
bonsoir; je voulais savoir si il y a autre chose a faire ? SINON JE TE REMERCIE DE TON AIDE PRECIEUSE tu es
un vrai genie
0
Réponse 9 / 14
Utilisateur anonyme
18 oct. 2009 à 19:47
Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.



:processes
explorer.exe

:services
neokdss

:drivers



:files
C:\WINDOWS\system32\Drivers\neokdss.sys




:commands
[emptytemp]
[purity]
[start explorer]
[reboot]



-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
fred
18 oct. 2009 à 20:02
Error: Unable to interpret <Logfile of random's system information tool 1.06 (written by random/random)> in the current context!
Error: Unable to interpret <Run by Administrateur at 2009-10-18 18:48:53> in the current context!
Error: Unable to interpret <Microsoft Windows XP Professionnel Service Pack 3> in the current context!
Error: Unable to interpret <System drive C: has 106 GB (73%) free of 146 GB> in the current context!
Error: Unable to interpret <Total RAM: 3006 MB (82% free)> in the current context!
Error: Unable to interpret <Logfile of Trend Micro HijackThis v2.0.2> in the current context!
Error: Unable to interpret <Scan saved at 18:49:03, on 18/10/2009> in the current context!
Error: Unable to interpret <Platform: Windows XP SP3 (WinNT 5.01.2600)> in the current context!
Error: Unable to interpret <MSIE: Internet Explorer v8.00 (8.00.6001.18702)> in the current context!
Error: Unable to interpret <Boot mode: Normal> in the current context!
Error: Unable to interpret <Running processes:> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\smss.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\winlogon.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\services.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\lsass.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\nvsvc32.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\svchost.exe> in the current context!
Error: Unable to interpret <c:\Program Files\Microsoft Security Essentials\MsMpEng.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\svchost.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\spoolsv.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\Explorer.EXE> in the current context!
Error: Unable to interpret <C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\arservice.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\eHome\ehRecvr.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\eHome\ehSched.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\lxducoms.exe> in the current context!
Error: Unable to interpret <C:\Program Files\PC Tools Firewall Plus\FWService.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Spyware Terminator\sp_rsser.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\svchost.exe> in the current context!
Error: Unable to interpret <C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\dllhost.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\ARPWRMSG.EXE> in the current context!
Error: Unable to interpret <C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Microsoft Security Essentials\msseces.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\RUNDLL32.EXE> in the current context!
Error: Unable to interpret <C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\ctfmon.exe> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\svchost.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Opera\opera.exe> in the current context!
Error: Unable to interpret <C:\HP\KBD\KBD.EXE> in the current context!
Error: Unable to interpret <c:\windows\system\hpsysdrv.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Java\jre6\bin\jusched.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\RSIT.exe> in the current context!
Error: Unable to interpret <C:\Program Files\Trend Micro\HijackThis\Administrateur.exe> in the current context!
Error: Unable to interpret <R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank> in the current context!
Error: Unable to interpret <R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp>= in the current context!
Error: Unable to interpret <R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?gt;=&toHttps=1&redig=BD196CE4339F42A69BDE924EA1945EBF in the current context!
Error: Unable to interpret <R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?gt;=&toHttps=1&redig=BD196CE4339F42A69BDE924EA1945EBF in the current context!
Error: Unable to interpret <R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp>= in the current context!
Error: Unable to interpret <R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens> in the current context!
Error: Unable to interpret <O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll> in the current context!
Error: Unable to interpret <O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll> in the current context!
Error: Unable to interpret <O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll> in the current context!
Error: Unable to interpret <O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll> in the current context!
Error: Unable to interpret <O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll> in the current context!
Error: Unable to interpret <O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll> in the current context!
Error: Unable to interpret <O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll> in the current context!
Error: Unable to interpret <O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> in the current context!
Error: Unable to interpret <O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> in the current context!
Error: Unable to interpret <O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe> in the current context!
Error: Unable to interpret <O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')> in the current context!
Error: Unable to interpret <O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')> in the current context!
Error: Unable to interpret <O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')> in the current context!
Error: Unable to interpret <O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')> in the current context!
Error: Unable to interpret <O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll> in the current context!
Error: Unable to interpret <O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe> in the current context!
Error: Unable to interpret <O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll> in the current context!
Error: Unable to interpret <O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll> in the current context!
Error: Unable to interpret <O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab> in the current context!
Error: Unable to interpret <O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab> in the current context!
Error: Unable to interpret <O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe> in the current context!
Error: Unable to interpret <O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe> in the current context!
Error: Unable to interpret <O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe> in the current context!
Error: Unable to interpret <O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe> in the current context!
Error: Unable to interpret <O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe> in the current context!
Error: Unable to interpret <O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe> in the current context!
Error: Unable to interpret <O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe> in the current context!
Error: Unable to interpret <O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe> in the current context!
Error: Unable to interpret <O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe> in the current context!
Error: Unable to interpret <O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe> in the current context!
Error: Unable to interpret <O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe> in the current context!
Error: Unable to interpret <--> in the current context!
Error: Unable to interpret <End of file - 7407 bytes> in the current context!
Error: Unable to interpret <======Scheduled tasks folder======> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\AppleSoftwareUpdate.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\GlaryInitialize.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\Google Software Updater.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\MP Scheduled Scan.job> in the current context!
Error: Unable to interpret <======Registry dump======> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]> in the current context!
Error: Unable to interpret <Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]> in the current context!
Error: Unable to interpret <Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]> in the current context!
Error: Unable to interpret <Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]> in the current context!
Error: Unable to interpret <Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]> in the current context!
Error: Unable to interpret <Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-15 41760]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]> in the current context!
Error: Unable to interpret <JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-15 73728]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]> in the current context!
Error: Unable to interpret <{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d'outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]> in the current context!
Error: Unable to interpret <{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-11 256112]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret <"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]> in the current context!
Error: Unable to interpret <"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]> in the current context!
Error: Unable to interpret <"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]> in the current context!
Error: Unable to interpret <"lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-05-30 676520]> in the current context!
Error: Unable to interpret <"lxduamon"=C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-05-30 16040]> in the current context!
Error: Unable to interpret <"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]> in the current context!
Error: Unable to interpret <"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]> in the current context!
Error: Unable to interpret <"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]> in the current context!
Error: Unable to interpret <"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-09-24 2971608]> in the current context!
Error: Unable to interpret <"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]> in the current context!
Error: Unable to interpret <"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-09-13 198160]> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret <"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]> in the current context!
Error: Unable to interpret <"dontdisplaylastusername"=0> in the current context!
Error: Unable to interpret <"legalnoticecaption"=> in the current context!
Error: Unable to interpret <"legalnoticetext"=> in the current context!
Error: Unable to interpret <"undockwithoutlogon"=1> in the current context!
Error: Unable to interpret <"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles> in the current context!
Error: Unable to interpret <"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme> in the current context!
Error: Unable to interpret <"ShutdownWithoutLogon"=1> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]> in the current context!
Error: Unable to interpret <"NoDriveTypeAutoRun"=323> in the current context!
Error: Unable to interpret <"NoSMBalloonTip"=0> in the current context!
Error: Unable to interpret <"NoDriveAutoRun"=67108863> in the current context!
Error: Unable to interpret <"NoDrives"=0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]> in the current context!
Error: Unable to interpret <"HonorAutoRunSetting"=> in the current context!
Error: Unable to interpret <"NoResolveSearch"=> in the current context!
Error: Unable to interpret <"NoResolveTrack"=> in the current context!
Error: Unable to interpret <"NoDriveAutoRun"=> in the current context!
Error: Unable to interpret <"NoDriveTypeAutoRun"=> in the current context!
Error: Unable to interpret <"NoDrives"=> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]> in the current context!
Error: Unable to interpret <"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"> in the current context!
Error: Unable to interpret <"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"> in the current context!
Error: Unable to interpret <"C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server"> in the current context!
Error: Unable to interpret <"C:\Program Files\Opera\OPERA.EXE"="C:\Program Files\Opera\OPERA.EXE:*:Enabled:Opera Internet Browser"> in the current context!
Error: Unable to interpret <"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]> in the current context!
Error: Unable to interpret <"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"> in the current context!
Error: Unable to interpret <"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"> in the current context!
Error: Unable to interpret <======List of files/folders created in the last 1 months======> in the current context!
Error: Unable to interpret <2009-10-18 17:55:23 ----D---- C:\_OTM> in the current context!
Error: Unable to interpret <2009-10-18 16:51:52 ----SHD---- C:\Config.Msi> in the current context!
Error: Unable to interpret <2009-10-18 15:55:15 ----D---- C:\Program Files\PC Tools Firewall Plus> in the current context!
Error: Unable to interpret <2009-10-18 14:06:02 ----D---- C:\WINDOWS\temp> in the current context!
Error: Unable to interpret <2009-10-18 14:06:00 ----A---- C:\ComboFix.txt> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\zip.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\SWXCACLS.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\SWSC.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\SWREG.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\sed.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\PEV.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\NIRCMD.exe> in the current context!
Error: Unable to interpret <2009-10-18 13:43:05 ----A---- C:\WINDOWS\grep.exe> in the current context!
Error: Unable to interpret <2009-10-18 11:47:57 ----D---- C:\rsit> in the current context!
Error: Unable to interpret <2009-10-18 02:46:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\HpUpdate> in the current context!
Error: Unable to interpret <2009-10-18 02:46:51 ----D---- C:\WINDOWS\Hewlett-Packard> in the current context!
Error: Unable to interpret <2009-10-18 02:38:35 ----A---- C:\WINDOWS\system32\sqlite3_engine.dll> in the current context!
Error: Unable to interpret <2009-10-17 23:28:30 ----A---- C:\WINDOWS\ntbtlog.txt> in the current context!
Error: Unable to interpret <2009-10-17 23:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft> in the current context!
Error: Unable to interpret <2009-10-17 14:27:41 ----A---- C:\WINDOWS\system32\nvunrm.exe> in the current context!
Error: Unable to interpret <2009-10-16 15:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$> in the current context!
Error: Unable to interpret <2009-10-16 15:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$> in the current context!
Error: Unable to interpret <2009-10-16 15:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$> in the current context!
Error: Unable to interpret <2009-10-16 15:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$> in the current context!
Error: Unable to interpret <2009-10-16 15:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$> in the current context!
Error: Unable to interpret <2009-10-16 15:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$> in the current context!
Error: Unable to interpret <2009-10-16 15:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$> in the current context!
Error: Unable to interpret <2009-10-16 15:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$> in the current context!
Error: Unable to interpret <2009-10-16 15:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$> in the current context!
Error: Unable to interpret <2009-10-16 15:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$> in the current context!
Error: Unable to interpret <2009-10-11 16:41:25 ----RASH---- C:\BOOT.BAK> in the current context!
Error: Unable to interpret <2009-10-11 16:40:57 ----D---- C:\$WIN_NT$.~BT> in the current context!
Error: Unable to interpret <2009-10-11 16:40:01 ----D---- C:\WINDOWS\setupupd> in the current context!
Error: Unable to interpret <2009-10-10 01:07:48 ----A---- C:\WINDOWS\iun6002.exe> in the current context!
Error: Unable to interpret <2009-10-10 01:07:42 ----D---- C:\Program Files\SpeedItUpFree> in the current context!
Error: Unable to interpret <2009-10-04 08:02:35 ----A---- C:\WINDOWS\SchedLgU.Txt> in the current context!
Error: Unable to interpret <2009-10-03 18:00:11 ----A---- C:\WINDOWS\system32\cohelper.dll> in the current context!
Error: Unable to interpret <2009-10-02 16:21:40 ----D---- C:\Program Files\Microsoft Security Essentials> in the current context!
Error: Unable to interpret <2009-09-28 15:34:24 ----D---- C:\Program Files\Uniblue> in the current context!
Error: Unable to interpret <2009-09-27 18:20:06 ----A---- C:\WINDOWS\system32\nvcpluir.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:04 ----A---- C:\WINDOWS\system32\nvcplui.exe> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrszht.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrszhc.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrstr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrsth.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrssv.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrssl.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrssk.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrsru.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrsptb.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrspt.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrspl.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:02 ----A---- C:\WINDOWS\system32\nvrsno.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvwddi.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsko.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsja.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsit.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrshu.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrshe.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrses.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrseng.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsel.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsde.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsda.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrscs.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:20:00 ----A---- C:\WINDOWS\system32\nvrsar.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:52 ----A---- C:\WINDOWS\system32\nvwssr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:52 ----A---- C:\WINDOWS\system32\nvwss.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:50 ----A---- C:\WINDOWS\system32\nvvitvsr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:50 ----A---- C:\WINDOWS\system32\nvvitvs.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmoblsr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmobls.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmccssr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvmccss.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvgamesr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:48 ----A---- C:\WINDOWS\system32\nvgames.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvsvc32.exe> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvmctray.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvdispsr.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvdisps.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvcpl.dll> in the current context!
Error: Unable to interpret <2009-09-27 18:19:46 ----A---- C:\WINDOWS\system32\nvcolor.exe> in the current context!
Error: Unable to interpret <2009-09-27 18:19:40 ----A---- C:\WINDOWS\system32\nvmccs.dll> in the current context!
Error: Unable to interpret <2009-09-23 08:31:22 ----N---- C:\WINDOWS\system32\MpSigStub.exe> in the current context!
Error: Unable to interpret <======List of files/folders modified in the last 1 months======> in the current context!
Error: Unable to interpret <2009-10-18 18:06:36 ----SD---- C:\WINDOWS\Tasks> in the current context!
Error: Unable to interpret <2009-10-18 18:02:06 ----D---- C:\WINDOWS\system32\CatRoot2> in the current context!
Error: Unable to interpret <2009-10-18 18:01:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP> in the current context!
Error: Unable to interpret <2009-10-18 18:01:15 ----D---- C:\WINDOWS\Registration> in the current context!
Error: Unable to interpret <2009-10-18 18:00:33 ----AD---- C:\WINDOWS> in the current context!
Error: Unable to interpret <2009-10-18 17:57:57 ----D---- C:\WINDOWS\system32> in the current context!
Error: Unable to interpret <2009-10-18 17:02:40 ----RD---- C:\Program Files> in the current context!
Error: Unable to interpret <2009-10-18 17:02:29 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop> in the current context!
Error: Unable to interpret <2009-10-18 16:51:54 ----SHD---- C:\WINDOWS\Installer> in the current context!
Error: Unable to interpret <2009-10-18 16:51:42 ----DC---- C:\WINDOWS\system32\DRVSTORE> in the current context!
Error: Unable to interpret <2009-10-18 16:51:42 ----D---- C:\WINDOWS\system32\drivers> in the current context!
Error: Unable to interpret <2009-10-18 16:10:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\PCToolsFirewallPlus> in the current context!
Error: Unable to interpret <2009-10-18 15:58:33 ----D---- C:\Program Files\Fichiers communs\PC Tools> in the current context!
Error: Unable to interpret <2009-10-18 15:58:13 ----HD---- C:\WINDOWS\inf> in the current context!
Error: Unable to interpret <2009-10-18 15:58:13 ----D---- C:\WINDOWS\system32\CatRoot> in the current context!
Error: Unable to interpret <2009-10-18 14:05:54 ----D---- C:\Qoobox> in the current context!
Error: Unable to interpret <2009-10-18 14:04:29 ----D---- C:\WINDOWS\ERDNT> in the current context!
Error: Unable to interpret <2009-10-18 13:58:43 ----D---- C:\WINDOWS\Prefetch> in the current context!
Error: Unable to interpret <2009-10-18 13:57:51 ----A---- C:\WINDOWS\system.ini> in the current context!
Error: Unable to interpret <2009-10-18 13:56:01 ----D---- C:\WINDOWS\system32\config> in the current context!
Error: Unable to interpret <2009-10-18 13:55:35 ----SHD---- C:\RECYCLER> in the current context!
Error: Unable to interpret <2009-10-18 13:50:43 ----D---- C:\WINDOWS\AppPatch> in the current context!
Error: Unable to interpret <2009-10-18 13:50:37 ----D---- C:\Program Files\Fichiers communs> in the current context!
Error: Unable to interpret <2009-10-18 10:53:39 ----D---- C:\Program Files\Mozilla Firefox> in the current context!
Error: Unable to interpret <2009-10-18 02:47:08 ----D---- C:\Program Files\HP> in the current context!
Error: Unable to interpret <2009-10-18 02:45:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\WIPE> in the current context!
Error: Unable to interpret <2009-10-18 02:42:03 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia> in the current context!
Error: Unable to interpret <2009-10-18 02:38:55 ----RSHD---- C:\WINDOWS\system32\dllcache> in the current context!
Error: Unable to interpret <2009-10-18 02:38:42 ----D---- C:\Program Files\Wipe> in the current context!
Error: Unable to interpret <2009-10-18 00:20:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator> in the current context!
Error: Unable to interpret <2009-10-17 23:24:07 ----D---- C:\WINDOWS\WinSxS> in the current context!
Error: Unable to interpret <2009-10-17 21:16:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater> in the current context!
Error: Unable to interpret <2009-10-17 15:26:06 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard> in the current context!
Error: Unable to interpret <2009-10-17 15:08:15 ----D---- C:\WINDOWS\system32\ReinstallBackups> in the current context!
Error: Unable to interpret <2009-10-17 14:39:04 ----D---- C:\WINDOWS\Help> in the current context!
Error: Unable to interpret <2009-10-17 14:38:21 ----D---- C:\WINDOWS\nview> in the current context!
Error: Unable to interpret <2009-10-17 14:36:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <2009-10-17 14:21:03 ----D---- C:\Program Files\NVIDIA Corporation> in the current context!
Error: Unable to interpret <2009-10-17 12:50:01 ----SD---- C:\WINDOWS\Downloaded Program Files> in the current context!
Error: Unable to interpret <2009-10-17 11:14:13 ----SHD---- C:\System Volume Information> in the current context!
Error: Unable to interpret <2009-10-17 11:14:13 ----D---- C:\WINDOWS\system32\Restore> in the current context!
Error: Unable to interpret <2009-10-17 00:27:43 ----D---- C:\Program Files\Regcorrector> in the current context!
Error: Unable to interpret <2009-10-17 00:26:36 ----D---- C:\WINDOWS\Debug> in the current context!
Error: Unable to interpret <2009-10-17 00:26:33 ----D---- C:\Program Files\BeClean> in the current context!
Error: Unable to interpret <2009-10-17 00:24:54 ----D---- C:\Documents and Settings\Administrateur\Application Data\AngelCleaner> in the current context!
Error: Unable to interpret <2009-10-16 23:43:22 ----D---- C:\CMInstall> in the current context!
Error: Unable to interpret <2009-10-16 16:16:12 ----D---- C:\Program Files\Spyware Terminator> in the current context!
Error: Unable to interpret <2009-10-16 16:14:14 ----D---- C:\Program Files\WinClamAVShield> in the current context!
Error: Unable to interpret <2009-10-16 16:14:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator> in the current context!
Error: Unable to interpret <2009-10-16 15:59:10 ----D---- C:\WINDOWS\Microsoft.NET> in the current context!
Error: Unable to interpret <2009-10-16 15:56:08 ----RSD---- C:\WINDOWS\assembly> in the current context!
Error: Unable to interpret <2009-10-16 15:10:13 ----D---- C:\Program Files\Internet Explorer> in the current context!
Error: Unable to interpret <2009-10-16 15:09:57 ----HD---- C:\WINDOWS\$hf_mig$> in the current context!
Error: Unable to interpret <2009-10-15 08:14:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe> in the current context!
Error: Unable to interpret <2009-10-14 14:26:25 ----D---- C:\Program Files\a-squared HiJackFree> in the current context!
Error: Unable to interpret <2009-10-14 14:24:08 ----D---- C:\Program Files\Fichiers communs\Adobe> in the current context!
Error: Unable to interpret <2009-10-12 16:59:41 ----D---- C:\WINDOWS\SoftwareDistribution> in the current context!
Error: Unable to interpret <2009-10-12 15:24:07 ----D---- C:\Program Files\a-squared Free> in the current context!
Error: Unable to interpret <2009-10-12 15:16:54 ----ASH---- C:\boot.ini> in the current context!
Error: Unable to interpret <2009-10-11 16:40:57 ----A---- C:\WINDOWS\UPGRADE.TXT> in the current context!
Error: Unable to interpret <2009-10-11 08:34:57 ----D---- C:\Program Files\Glary Utilities> in the current context!
Error: Unable to interpret <2009-10-10 17:36:57 ----D---- C:\Program Files\Piratrax> in the current context!
Error: Unable to interpret <2009-10-10 12:04:36 ----D---- C:\Program Files\ZebHelpProcess> in the current context!
Error: Unable to interpret <2009-10-10 11:19:40 ----A---- C:\index.ini> in the current context!
Error: Unable to interpret <2009-10-10 10:30:37 ----D---- C:\NVIDIA> in the current context!
Error: Unable to interpret <2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe> in the current context!
Error: Unable to interpret <2009-10-01 13:05:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google> in the current context!
Error: Unable to interpret <2009-09-28 15:34:56 ----D---- C:\Documents and Settings\Administrateur\Application Data\Uniblue> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvoglnt.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuvid.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuvenc.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcuda.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcodins.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvcod.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nvapi.dll> in the current context!
Error: Unable to interpret <2009-09-27 16:12:22 ----A---- C:\WINDOWS\system32\nv4_disp.dll> in the current context!
Error: Unable to interpret <2009-09-26 10:27:32 ----D---- C:\Program Files\ma-config.com> in the current context!
Error: Unable to interpret <2009-09-19 03:01:36 ----A---- C:\WINDOWS\system32\nvudisp.exe> in the current context!
Error: Unable to interpret <======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======> in the current context!
Error: Unable to interpret <R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]> in the current context!
Error: Unable to interpret <R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]> in the current context!
Error: Unable to interpret <R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]> in the current context!
Error: Unable to interpret <R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []> in the current context!
Error: Unable to interpret <R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []> in the current context!
Error: Unable to interpret <R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []> in the current context!
Error: Unable to interpret <R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2007-08-14 34304]> in the current context!
Error: Unable to interpret <R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]> in the current context!
Error: Unable to interpret <R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]> in the current context!
Error: Unable to interpret <R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]> in the current context!
Error: Unable to interpret <R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]> in the current context!
Error: Unable to interpret <R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]> in the current context!
Error: Unable to interpret <R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]> in the current context!
Error: Unable to interpret <R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-25 4353024]> in the current context!
Error: Unable to interpret <R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]> in the current context!
Error: Unable to interpret <R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]> in the current context!
Error: Unable to interpret <R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]> in the current context!
Error: Unable to interpret <R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]> in the current context!
Error: Unable to interpret <R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]> in the current context!
Error: Unable to interpret <R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]> in the current context!
Error: Unable to interpret <R3 PCTFW-DNS;PCTools Firewall - DNS driver; \??\C:\WINDOWS\system32\drivers\pctNdis-DNS.sys []> in the current context!
Error: Unable to interpret <R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys []> in the current context!
Error: Unable to interpret <R3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-07-29 46592]> in the current context!
Error: Unable to interpret <R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []> in the current context!
Error: Unable to interpret <R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-13 19072]> in the current context!
Error: Unable to interpret <R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-04-10 165888]> in the current context!
Error: Unable to interpret <R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]> in the current context!
Error: Unable to interpret <R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]> in the current context!
Error: Unable to interpret <R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]> in the current context!
Error: Unable to interpret <R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]> in the current context!
Error: Unable to interpret <R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]> in the current context!
Error: Unable to interpret <R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]> in the current context!
Error: Unable to interpret <R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]> in the current context!
Error: Unable to interpret <S1 SuperMounter;SuperMounter; C:\WINDOWS\system32\drivers\SuperMounter.sys []> in the current context!
Error: Unable to interpret <S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []> in the current context!
Error: Unable to interpret <S3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]> in the current context!
Error: Unable to interpret <S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]> in the current context!
Error: Unable to interpret <S3 catchme;catchme; \??\C:\CCM\catchme.sys []> in the current context!
Error: Unable to interpret <S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []> in the current context!
Error: Unable to interpret <S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]> in the current context!
Error: Unable to interpret <S3 MS1000;MS1000; C:\WINDOWS\System32\DRIVERS\MS1000.sys [2008-12-12 5376]> in the current context!
Error: Unable to interpret <S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []> in the current context!
Error: Unable to interpret <S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []> in the current context!
Error: Unable to interpret <S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]> in the current context!
Error: Unable to interpret <S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]> in the current context!
Error: Unable to interpret <S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]> in the current context!
Error: Unable to interpret <S3 RTSTOR;USB Mass Storage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2008-08-06 47360]> in the current context!
Error: Unable to interpret <S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []> in the current context!
Error: Unable to interpret <S3 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBRE.sys []> in the current context!
Error: Unable to interpret <S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]> in the current context!
Error: Unable to interpret <S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []> in the current context!
Error: Unable to interpret <S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []> in the current context!
Error: Unable to interpret <S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys []> in the current context!
Error: Unable to interpret <S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]> in the current context!
Error: Unable to interpret <S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-12-13 186592]> in the current context!
Error: Unable to interpret <S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]> in the current context!
Error: Unable to interpret <S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]> in the current context!
Error: Unable to interpret <======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======> in the current context!
Error: Unable to interpret <R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-09-26 1858144]> in the current context!
Error: Unable to interpret <R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]> in the current context!
Error: Unable to interpret <R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]> in the current context!
Error: Unable to interpret <R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]> in the current context!
Error: Unable to interpret <R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2009-05-18 73728]> in the current context!
Error: Unable to interpret <R2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-24 594600]> in the current context!
Error: Unable to interpret <R2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-24 98984]> in the current context!
Error: Unable to interpret <R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]> in the current context!
Error: Unable to interpret <R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]> in the current context!
Error: Unable to interpret <R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]> in the current context!
Error: Unable to interpret <R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2009-09-23 818432]> in the current context!
Error: Unable to interpret <R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-10-16 487936]> in the current context!
Error: Unable to interpret <R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]> in the current context!
Error: Unable to interpret <R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]> in the current context!
Error: Unable to interpret <S2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]> in the current context!
Error: Unable to interpret <S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]> in the current context!
Error: Unable to interpret <S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]> in the current context!
Error: Unable to interpret <S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]> in the current context!
Error: Unable to interpret <S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]> in the current context!
Error: Unable to interpret <S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]> in the current context!
Error: Unable to interpret <S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]> in the current context!
Error: Unable to interpret <S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]> in the current context!
Error: Unable to interpret <S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]> in the current context!
Error: Unable to interpret <S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]> in the current context!
Error: Unable to interpret <-----------------EOF-----------------> in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 10182009_194816
0
fred
18 oct. 2009 à 20:11
c normal que c est marqué error ? SINONN VOICI LE RAPPORT RSITLogfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 20:05:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 106 GB (73%) free of 146 GB
Total RAM: 3006 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:24, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
Réponse 10 / 14
Utilisateur anonyme
18 oct. 2009 à 20:08
Télécharger SysProt Antirootkit à partir du lien ci-dessous
https://sites.google.com/site/sysprotantirootkit/
ou
https://www.softpedia.com/get/Security/Security-Related/SysProt-AntiRootkit.shtml

Décompressez-le dans un dossier sur votre bureau.

* Double click Sysprot.exe to start the program.
Cliquez sur l'onglet Journal.
* In the Write to log box select the following items.
o Process << Selected
o Kernel Modules << Selected
o SSDT << Selected
o Kernel Hooks << Selected
o IRP Hooks << NOT Selected
o Ports << NOT Selected
o Hidden Files << Selected
Au bas de la page
o Hidden Objects Only << Selected
Cliquez sur le bouton Créer un journal en bas à droite.
Après quelques secondes, une nouvelle fenêtre devrait apparaître.
Cliquez sur le bouton Démarrer.
Lorsqu'il est terminé une nouvelle fenêtre va apparaître pour indiquer que l'analyse est terminée.
* Ouvrez le fichier texte et copier / coller du log ici.

__________________ ________
0
fred
18 oct. 2009 à 20:22
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: AACCB5E0
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwAssignProcessToJobObject
Address: AACCB2CE
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwConnectPort
Address: AACCB310
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateFile
Address: AACCB3BE
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcess
Address: AACCBC66
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcessEx
Address: AACCBCF2
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateThread
Address: AACCBD82
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDebugActiveProcess
Address: AACCB40E
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDuplicateObject
Address: AACCB450
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwLoadDriver
Address: AACCB494
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenKey
Address: AACCB4D6
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenSection
Address: AACCB518
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenThread
Address: AACCB55A
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwProtectVirtualMemory
Address: AACCB628
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRequestWaitReplyPort
Address: AACCB59C
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRestoreKey
Address: AACCB66A
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwResumeThread
Address: AACCB6B2
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSecureConnectPort
Address: AACCB742
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetValueKey
Address: AACCB6F4
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSuspendProcess
Address: AACCB7E6
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSystemDebugControl
Address: AACCB828
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateProcess
Address: AACCB86A
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwWriteVirtualMemory
Address: AACCB8B8
Driver Base: AACC0000
Driver End: AACD4000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: NOM-FB9B15D2723:1125
Remote Address: 208.22.87.11:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: NOM-FB9B15D2723:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: NOM-FB9B15D2723:1036
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: NOM-FB9B15D2723:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: NOM-FB9B15D2723:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: NOM-FB9B15D2723:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: NOM-FB9B15D2723:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:1041
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: NOM-FB9B15D2723:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: NOM-FB9B15D2723:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: NOM-FB9B15D2723:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: NOM-FB9B15D2723:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Program Files\IObit\IObit SmartDefrag\language\Lietuviu.lng
Status: Hidden
0
fred
18 oct. 2009 à 20:31
Mais c est si infecté que ça ? c est un rootkit ?
0
Réponse 11 / 14
Utilisateur anonyme
18 oct. 2009 à 20:33
fait la manoeuvre mais cette fois en mode sans échec.

(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

Tu n'auras plus accés a internet donc fait un copié/collé du script dans le bloc note et sauvegarde le sur le bureau.

Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.



:processes
explorer.exe

:services
neokdss

:drivers



:files
C:\WINDOWS\system32\Drivers\neokdss.sys




:commands
[emptytemp]
[purity]
[start explorer]
[reboot]



-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
fred
18 oct. 2009 à 20:45
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========

Service\Driver neokdss deleted successfully.
Error: Unable to interpret <:drivers > in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\Drivers\neokdss.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 1336 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Opera cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 7252 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,15 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10182009_203559

Files moved on Reboot...

Registry entries deleted on Reboot...
0
fred
18 oct. 2009 à 20:48
y a encore des choses a faire ?
0
fred
18 oct. 2009 à 20:50
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 20:43:41
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 106 GB (73%) free of 146 GB
Total RAM: 3006 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:51, on 18/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
0
fred
18 oct. 2009 à 20:58
POURRAS TU ME DIRE A LA FIN DE LA DESINFECTION ce qu il y avait exactement car c est plutot corriace
0
fred
18 oct. 2009 à 21:18
peux tu me dire s il y a autre chose a faire svp je dois bientot m absenter.
0
Réponse 12 / 14
Utilisateur anonyme
18 oct. 2009 à 23:06
Comment se comporte ton pc ?Sur ton dernier rapport aucune infection présente.
Ton infection était dus principalement a un rootkit.
0
fred
19 oct. 2009 à 10:59
mon pc fontionne a merveille je t en remercie J ai une question de securité j ai un pc portable avec driversentry il est dit de ne jamais le coupler avec un autre outil de securité mais j ai en plus mbam ;A-squared et MSE que dois je faire et qu en penses tu ? ENCORE merci
0
Réponse 13 / 14
Utilisateur anonyme
19 oct. 2009 à 11:24
Mbam +A-squared =Double emploi.Tu peux virer A-squared
Driversentry+mse=Double emploi.Tu peux virer mse
Conclusion :Driversentry en permanence sur ton pc et scan tous les 8 jrs avec mbam.
Ne pas oublié .Un antivirus c'est bien mais avec un pare-feu c'est mieux.

Pour le pare feu installes pc tools firewall.

pare-feu
0
fred
19 oct. 2009 à 11:45
Grand merci pour ton aide bonne journnee a toi
0
fred
19 oct. 2009 à 11:50
desolé mais une autre question; comment lutter contre les rootkit ?
0
Réponse 14 / 14
Utilisateur anonyme
19 oct. 2009 à 12:16
Pour lutter contre les rootkits il faut être très prudent sur le choix des sites.
Éviter le P2P et et surtout ne pas télécharger des cracks vecteur d'infection.
Et surtout réfléchir avant de cliquer.;)
0