Sujet Précédent Sujet Suivant

PC infecté

asayad -  
 Utilisateur anonyme -
Bonjour,
mon pc est infeté? Maeci
info.txt logfile of random's system information tool 1.06 2009-10-18 12:17:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\windows\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcGIS Desktop-->MsiExec.exe /I{5DC8D05F-2FEA-4D8B-B300-A8F2F758C53F} ADD_REMOVE="TRUE"
ArcGIS License Manager-->C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
ArcGIS Tutorial Data-->MsiExec.exe /I{6AC7F416-78D5-4D98-B104-F8A39B2CF3A7}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bibliorom-->"C:\Program Files\Microsoft Référence\Bibliorom\Setup\install.exe"
BPSSR-->MsiExec.exe /I{0BF1F54D-ECAC-4E46-A5A5-A60ED0332D3E}
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\Setup.exe" -l0x40c anything
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x40c anything
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canvas 5-->C:\WINDOWS\IsUn040c.exe -fC:\Canvas5\Désinstalleur\DeIsL1.isu
Canvas 6-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canvas 6\Uninst.isu"
Canvas 9-->MsiExec.exe /I{0EF6A85A-B990-4669-AC51-995E8686EDC3}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Garmin Trip and Waypoint Manager v3-->MsiExec.exe /X{5414086B-AE06-4332-8A59-26FF0F630D1B}
Global Mapper 8-->MsiExec.exe /X{E75E8B00-1449-4C6B-BE91-56365F8E2B38}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
InCD (Ahead Software)-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mustek 1200 CP v3.0-->C:\WINDOWS\twain_32\A4CIS600\UNINST.EXE
Mustek 1200 CP v4.0-->C:\WINDOWS\twain_32\CIS600X\UNINST.EXE
Nero-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NeroMediaPlayer-->C:\WINDOWS\UNNMP.exe /UNINSTALL
OmniPage Pro 12.0-->MsiExec.exe /I{1BD54C18-9C0F-4529-B1FC-ECD871560C76}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PCI Audio Driver-->cmuninst.exe
PE Builder 3.1.10a-->"c:\pebuilder3110a\unins000.exe"
PowerQuest PartitionMagic 8.0 Demo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Python 2.1 combined Win32 extensions-->C:\Python21\UNWISE~1.EXE C:\Python21\w32inst.log
Python 2.1-->C:\Python21\\Python21\UNWISE.EXE C:\Python21\\Python21\INSTALL.LOG
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
ScanSoft RealSpeak-->msiexec /I{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SPSS 13.0 for Windows-->MsiExec.exe /X{381CC72A-6BC3-430a-A847-A7BCEB63A8A1}
Surfer 8-->MsiExec.exe /I{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}
TClockEx-->"C:\Program Files\TClockEx\unins000.exe"
TextBridge Classic 2.0-->"C:\Program Files\TextBridge Classic 2.0\bin\setup.exe" -funinst.ins
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visualisateur 1.0-->"C:\Program Files\Visualisateur\unins000.exe"
Votre Diététique-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04130A90-04B5-4EBB-8BBF-E9733493FBEF}\SETUP.EXE" -l0x40c
WebZIP-->C:\Program Files\WebZIP 7\SXUNINST.EXE
WinPhone-->C:\WINDOWS\desinst32.exe C:\WINDOWS\unin040c.exe -f"C:\Program Files\WinPhone\DeIsL2.isu"
WinPhone-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" ControlPanel
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! antivirus 4.7.844 [VPS 0622-2] (outdated)

======System event log======

Computer Name: PC
Event Code: 10005
Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments ""
pour démarrer le serveur :
{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Record Number: 5
Source Name: DCOM
Time Written: 20091011125914.000000+000
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 4
Source Name: redbook
Time Written: 20091011125225.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 3
Source Name: redbook
Time Written: 20091011125222.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20091011124404.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091011124404.000000+000
Event Type: Informations
User:

=====Application event log=====

Computer Name: PC
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091011125603.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 1001
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été supprimés.
Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
et les dernières entrées du registre d'aide.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091011125603.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 1002
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) existent déjà dans le Registre
des performances. Il n'est pas nécessaire de les réinstaller.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091011125534.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 1002
Message: Les compteurs de performances pour le service PSched (Planificateur de paquets QoS) existent déjà dans le Registre
des performances. Il n'est pas nécessaire de les réinstaller.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091011125528.000000+000
Event Type: Informations
User:

Computer Name: PC
Event Code: 1002
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) existent déjà dans le Registre
des performances. Il n'est pas nécessaire de les réinstaller.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091011125521.000000+000
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-18 12:16:46
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 23 GB (70%) free of 34 GB
Total RAM: 320 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:00, on 18/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OP12 Reminder] "C:\Program Files\ScanSoft\OmniPagePro12.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPagePro12.0\EregFre\Ereg.ini"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D10B93D-8A42-46A5-8AB4-99C507AEDE72}: NameServer = 62.251.229.223 62.251.229.237
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 7799 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-10-07 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 399424]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-06 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2009-07-11 483328]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2006-05-31 108160]
"InstantAccess"=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE [2009-07-11 37376]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE [2009-05-30 22528]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2009-05-30 155648]
"OP12 Reminder"=C:\Program Files\ScanSoft\OmniPagePro12.0\EregFre\Ereg.exe [2009-07-11 61440]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"TClockEx"=C:\Program Files\TClockEx\TCLOCKEX.EXE [2000-03-09 89088]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-08 39408]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Disabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"G:\Ped Intgration\Doc de référence APC\Dossier 1\Dossier 1.exe"="G:\Ped Intgration\Doc de référence APC\Dossier 1\Dossier 1.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xluw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xluw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winimpajm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winimpajm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgic.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgic.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:ipsec"
"C:\WINDOWS\system32\RVHOST.exe"="C:\WINDOWS\system32\RVHOST.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlfwth.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlfwth.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winucqnnx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winucqnnx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yirxs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yirxs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnogtwo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnogtwo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincrinn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincrinn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windaqq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windaqq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winevbg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winevbg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxibf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxibf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winquhwr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winquhwr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kakb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kakb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhuhom.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhuhom.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmibjds.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmibjds.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ckfrbg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ckfrbg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jeji.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jeji.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winseioxy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winseioxy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uciwfw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uciwfw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwev.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwev.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yponwd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yponwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winarol.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winarol.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ftks.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ftks.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windqdqxj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windqdqxj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hdpl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hdpl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fauoa.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fauoa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineako.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineako.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xfpe.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xfpe.exe:*:Enabled:ipsec"
"C:\Documents and Settings\All Users\Application Data\Trojan Remover\wcd5.exe"="C:\Documents and Settings\All Users\Application Data\Trojan Remover\wcd5.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrxfc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrxfc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkokt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkokt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbtina.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbtina.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintmeym.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintmeym.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingkex.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingkex.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmgdkt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmgdkt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxvck.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxvck.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\toja.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\toja.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ayfgh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ayfgh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windlkk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windlkk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ksfo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ksfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\urpb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\urpb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dxvkbu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dxvkbu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wkxoou.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wkxoou.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbunnbx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbunnbx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fdsfl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fdsfl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingnyrsw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingnyrsw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ovenk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ovenk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\odpfrr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\odpfrr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xbxdeo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xbxdeo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwcex.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwcex.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyvcx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyvcx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winywckos.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winywckos.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qypwt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qypwt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\otby.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\otby.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wsmy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wsmy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vylv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vylv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jnhx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jnhx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pvbta.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pvbta.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winivkof.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winivkof.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hqcdxr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hqcdxr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpcoxn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpcoxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlpovgv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlpovgv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\thnj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\thnj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbebsnm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbebsnm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winweyx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winweyx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windignhk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windignhk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\grumi.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\grumi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winssltkc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winssltkc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winupcwbb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winupcwbb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msea.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msea.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjslv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjslv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrcii.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrcii.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winljpqqy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winljpqqy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkmqe.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkmqe.exe:*:Enabled:ipsec"
"C:\Program Files\CCleaner\ccleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:ipsec"
"C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sxvg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sxvg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfrqhgv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfrqhgv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqmhx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqmhx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iktar.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iktar.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\proqw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\proqw.exe:*:Enabled:ipsec"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:ipsec"
"G:\Ped Intgration\Doc de référence APC\Doc de référence APC.exe"="G:\Ped Intgration\Doc de référence APC\Doc de référence APC.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwrwoeb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwrwoeb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hapai.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hapai.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhosnhh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhosnhh.exe:*:Enabled:ipsec"
"C:\WINDOWS\AhnRpta.exe"="C:\WINDOWS\AhnRpta.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmdlh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmdlh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhyjx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhyjx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincgfo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincgfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmfedtu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmfedtu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnxwxa.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnxwxa.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c7d82e-1e51-11de-b6fc-f6fa8a1a2c7f}]
shell\AutoRun\command - I:\i.com
shell\open\command - I:\i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48bbe49e-82bc-11dd-b65d-f803d1ae937f}]
shell\AutoRun\command - g2pfnid.com
shell\explore\command - g2pfnid.com
shell\open\command - g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b1308e-4d74-11de-b73f-4d6564696130}]
shell\AutopLay\command - I:\vuglty.exe
shell\AutoRun\command - I:\vuglty.exe
shell\eXplORE\command - I:\vuglty.exe
shell\Open\command - I:\vuglty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b13091-4d74-11de-b73f-4d6564696130}]
shell\aUtOPLay\command - I:\nqwk.pif
shell\AutoRun\command - I:\nqwk.pif
shell\expLORE\command - I:\nqwk.pif
shell\OPeN\command - I:\nqwk.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d98644-9ca3-11dd-b684-4d6564696130}]
shell\AutoRun\command - g2pfnid.com
shell\explore\command - g2pfnid.com
shell\open\command - g2pfnid.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14ad060-7b44-11dd-b654-cdc8e6bab47f}]
shell\AutoRun\command - I:\kgji.exe
shell\open\command - I:\kgji.exe

======List of files/folders created in the last 1 months======

2009-10-18 12:16:46 ----D---- C:\rsit
2009-10-13 21:48:42 ----D---- C:\Program Files\CleanUp!
2009-10-12 20:06:56 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-12 19:56:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-12 19:43:04 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-12 19:42:49 ----D---- C:\Program Files\Lavasoft
2009-10-12 19:42:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-12 19:23:10 ----D---- C:\Program Files\Panda Security
2009-10-11 13:34:46 ----A---- C:\boot.ini
2009-10-11 13:10:11 ----D---- C:\WINDOWS\Prefetch
2009-10-11 12:59:45 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-11 12:59:33 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-11 12:58:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-11 12:48:22 ----A---- C:\WINDOWS\mixer.exe
2009-10-11 12:45:08 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-11 12:45:08 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-11 12:44:46 ----RA---- C:\WINDOWS\SET47.tmp
2009-10-11 12:44:44 ----RA---- C:\WINDOWS\SET3B.tmp
2009-10-11 12:44:42 ----RA---- C:\WINDOWS\SET38.tmp
2009-10-11 11:59:34 ----A---- C:\WINDOWS\setuplog.txt
2009-10-11 10:52:43 ----D---- C:\WINDOWS\pss
2009-10-07 00:13:22 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-10-07 00:03:32 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-10-06 23:55:19 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2009-10-18 12:17:00 ----D---- C:\Program Files\Trend Micro
2009-10-18 11:58:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-18 11:58:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-18 11:23:20 ----D---- C:\WINDOWS\Temp
2009-10-18 11:23:07 ----D---- C:\flexlm
2009-10-18 11:09:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-18 10:24:02 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 18:28:31 ----SHD---- C:\WINDOWS\Installer
2009-10-14 00:24:57 ----D---- C:\Program Files\a-squared Free
2009-10-13 23:53:15 ----D---- C:\WINDOWS
2009-10-13 23:53:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-13 23:53:15 ----D---- C:\Program Files\eMule
2009-10-13 23:52:52 ----D---- C:\Program Files\WinPhone
2009-10-13 22:59:41 ----D---- C:\Program Files\Messenger
2009-10-13 21:48:42 ----RD---- C:\Program Files
2009-10-12 20:40:44 ----HD---- C:\WINDOWS\inf
2009-10-12 20:06:56 ----D---- C:\WINDOWS\system32
2009-10-12 19:57:00 ----SD---- C:\WINDOWS\Tasks
2009-10-12 19:42:42 ----D---- C:\WINDOWS\WinSxS
2009-10-11 18:09:37 ----D---- C:\WINDOWS\system32\Restore
2009-10-11 18:06:11 ----A---- C:\WINDOWS\adidsl.ini
2009-10-11 13:21:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-11 13:14:16 ----D---- C:\WINDOWS\security
2009-10-11 13:13:33 ----A---- C:\WINDOWS\win.ini
2009-10-11 13:13:33 ----A---- C:\WINDOWS\system.ini
2009-10-11 13:12:49 ----D---- C:\WINDOWS\Registration
2009-10-11 13:10:44 ----SHD---- C:\System Volume Information
2009-10-11 13:08:52 ----D---- C:\WINDOWS\system32\config
2009-10-11 13:03:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-11 12:59:27 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-11 12:59:03 ----D---- C:\WINDOWS\system32\ias
2009-10-11 12:58:29 ----RD---- C:\WINDOWS\Web
2009-10-11 12:58:19 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-11 12:57:58 ----D---- C:\WINDOWS\system32\oobe
2009-10-11 12:57:57 ----D---- C:\WINDOWS\srchasst
2009-10-11 12:57:55 ----D---- C:\Program Files\Windows Media Player
2009-10-11 12:57:50 ----D---- C:\Program Files\Movie Maker
2009-10-11 12:57:42 ----D---- C:\Program Files\NetMeeting
2009-10-11 12:57:40 ----D---- C:\Program Files\Outlook Express
2009-10-11 12:57:40 ----D---- C:\Program Files\Fichiers communs\System
2009-10-11 12:57:32 ----D---- C:\Program Files\Internet Explorer
2009-10-11 12:56:34 ----D---- C:\WINDOWS\system32\Com
2009-10-11 12:56:01 ----D---- C:\WINDOWS\system32\wbem
2009-10-11 12:55:59 ----D---- C:\Program Files\Windows NT
2009-10-11 12:45:08 ----D---- C:\WINDOWS\system
2009-10-11 12:44:55 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-11 12:44:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-11 11:55:24 ----D---- C:\WINDOWS\system32\Setup
2009-10-11 11:55:22 ----D---- C:\WINDOWS\Help
2009-10-11 11:55:15 ----D---- C:\WINDOWS\system32\usmt
2009-10-11 11:55:04 ----D---- C:\WINDOWS\AppPatch
2009-10-11 11:55:02 ----D---- C:\WINDOWS\ehome
2009-10-11 11:55:01 ----D---- C:\WINDOWS\ime
2009-10-11 11:55:00 ----RSD---- C:\WINDOWS\Fonts
2009-10-11 11:54:59 ----D---- C:\WINDOWS\Media
2009-10-11 11:54:48 ----D---- C:\WINDOWS\PeerNet
2009-10-11 11:54:35 ----D---- C:\WINDOWS\system32\npp
2009-10-11 11:54:27 ----D---- C:\WINDOWS\msagent
2009-10-11 11:52:27 ----D---- C:\WINDOWS\system32\1036
2009-10-11 11:52:19 ----D---- C:\WINDOWS\twain_32
2009-10-11 11:52:06 ----D---- C:\WINDOWS\system32\icsxml
2009-10-11 11:51:35 ----D---- C:\WINDOWS\system32\1033
2009-10-11 11:50:27 ----D---- C:\WINDOWS\Driver Cache
2009-10-11 08:46:21 ----D---- C:\Program Files\Trojan Remover
2009-10-11 08:46:17 ----D---- C:\Documents and Settings\All Users\Application Data\Trojan Remover
2009-10-06 23:55:33 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-05-31 24304]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-10 434944]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R2 SFC4;SFC4; C:\WINDOWS\System32\drivers\SFC4.sys [1998-09-16 41472]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-10-30 280782]
R3 mgau;mgau; C:\WINDOWS\system32\DRIVERS\mgaum.sys [2001-08-23 320384]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\mrgltn.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-19 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-13 1858144]
R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 467968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-12 1028432]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-30 69632]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2009-05-30 82432]

-----------------EOF-----------------
Configuration: Windows XP Internet Explorer 6.0
A voir également:

2 réponses

Réponse 1 / 2
Utilisateur anonyme
 
Bonjour,
infection supports amovibles
Télécharge et installe USBFix de Chiquitine29 , C_XX et Chimay8 sur ton bureau

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Sélectionne l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite poste le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
1
Réponse 2 / 2
Utilisateur anonyme
 
bonjour,
ton pc est très infecté, je ne veux pas savoir pourquoi, ni comment !!!
je vais voir ce que je peux faire.

•télécharge GenProc sur ton bureau :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

ou ici : http://www.genproc.com/GenProc.exe

dézippe le dossier, puis double-clique sur GenProc.bat
le programme va s'executer et générer un rappor à la fin de sacn

poste le contenu du rapport généré par genproc

Aide en images : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

ou ici directement : http://www.genproc.com/GenProc.exe

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre ensuite tu suit la procédure dans l'ordre .
1