Trojan wow

seb86 -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 16 janv. 2010 à 21:45

Bonjour,
voici les 2 raport de rsit !!
je ne sais plus quoi faire pour me debarassé de ce truc!!!!merci de vos reponse
1er raport
Logfile of random's system information tool 1.06 (written by random/random)
Run by sebastien at 2010-01-13 20:29:01
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 185 GB (63%) free of 294 GB
Total RAM: 2814 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:23, on 13/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\sebastien\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\sebastien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [PCMAgent] "c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "c:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoomsmgr.exe] C:\Windows\system32\rundll32.exe C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll,Start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Anti-keylogger Service (akl_svc) - Unknown owner - C:\Program Files\Anti-keylogger\akl_svc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 13643 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-10-03 203296]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-27 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-27 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"PCMAgent"=c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [2008-09-15 143360]
"CLMLServer"=c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [2008-09-15 196608]
"PlayMovie"=c:\Program Files\CyberLink\PlayMovie\PMVService.exe [2008-08-29 172032]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2008-09-11 210216]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
"NPSStartup"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2010-01-02 3280712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-09-07 251336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-25 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"Yahoomsmgr.exe"=C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll [2009-12-27 28160]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-13 20:29:02 ----D---- C:\Program Files\trend micro
2010-01-13 20:29:01 ----D---- C:\rsit
2010-01-13 20:03:47 ----A---- C:\Windows\70496.exe
2010-01-13 20:01:39 ----A---- C:\Windows\5526616.exe
2010-01-13 19:54:10 ----D---- C:\Program Files\a-squared Anti-Malware
2010-01-13 19:53:16 ----A---- C:\Windows\5023341.exe
2010-01-13 19:45:00 ----A---- C:\Windows\4527242.exe
2010-01-13 18:28:39 ----A---- C:\Windows\740349.exe
2010-01-13 18:19:05 ----A---- C:\Windows\166390.exe
2010-01-13 18:15:13 ----A---- C:\Windows\6961841.exe
2010-01-13 16:45:38 ----D---- C:\Program Files\a-squared Free
2010-01-12 19:51:33 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-12 19:51:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-12 19:32:34 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-12 19:25:47 ----D---- C:\Program Files\Microsoft Sync Framework
2010-01-12 18:13:15 ----D---- C:\Users\sebastien\AppData\Roaming\Sunbelt Software
2010-01-12 17:51:16 ----RASHOT---- C:\Windows\winstart.bat
2010-01-12 17:50:53 ----D---- C:\Program Files\Greatis
2010-01-12 17:42:53 ----A---- C:\Windows\ntbtlog.txt
2010-01-12 17:07:44 ----D---- C:\Program Files\VS Revo Group
2010-01-11 09:59:09 ----D---- C:\ProgramData\WindowsSearch
2009-12-26 20:52:28 ----D---- C:\Users\sebastien\AppData\Roaming\Mumble
2009-12-26 20:52:11 ----D---- C:\Program Files\Mumble
2009-12-20 09:08:35 ----D---- C:\Program Files\Windows Portable Devices
2009-12-20 09:02:21 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-12-20 09:02:21 ----A---- C:\Windows\system32\UIRibbon.dll
2009-12-20 09:02:21 ----A---- C:\Windows\system32\UIAnimation.dll
2009-12-20 09:02:01 ----A---- C:\Windows\system32\WMPhoto.dll
2009-12-20 09:02:01 ----A---- C:\Windows\system32\cdd.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\d3d10warp.dll
2009-12-20 09:02:00 ----A---- C:\Windows\system32\d2d1.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\xpsservices.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\XpsPrint.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-12-20 09:01:59 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\OpcServices.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\FntCache.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\dxdiagn.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\dxdiag.exe
2009-12-20 09:01:59 ----A---- C:\Windows\system32\DWrite.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\d3d10level9.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\d3d10core.dll
2009-12-20 09:01:59 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-12-20 09:01:58 ----A---- C:\Windows\system32\dxgi.dll
2009-12-20 09:01:58 ----A---- C:\Windows\system32\d3d11.dll
2009-12-20 09:01:58 ----A---- C:\Windows\system32\d3d10_1.dll
2009-12-20 09:01:58 ----A---- C:\Windows\system32\d3d10.dll
2009-12-20 09:01:40 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-12-20 09:01:40 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-12-20 09:01:40 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-12-20 09:01:35 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-12-20 09:01:33 ----A---- C:\Windows\system32\wpdshext.dll
2009-12-20 09:01:33 ----A---- C:\Windows\system32\wpd_ci.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\WPDSp.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-12-20 09:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-12-20 09:00:51 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-12-20 09:00:51 ----A---- C:\Windows\system32\oleaccrc.dll
2009-12-20 09:00:51 ----A---- C:\Windows\system32\oleacc.dll
2009-12-18 11:38:05 ----D---- C:\Windows\system32\eu-ES
2009-12-18 11:38:05 ----D---- C:\Windows\system32\ca-ES
2009-12-18 11:38:04 ----D---- C:\Windows\system32\vi-VN
2009-12-18 08:56:02 ----D---- C:\Windows\system32\EventProviders
2009-12-16 19:47:33 ----D---- C:\ProgramData\Blizzard Entertainment

======List of files/folders modified in the last 1 months======

2010-01-13 20:29:02 ----RD---- C:\Program Files
2010-01-13 20:28:54 ----D---- C:\Windows\Temp
2010-01-13 20:07:47 ----D---- C:\Windows\System32
2010-01-13 20:07:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-13 20:07:46 ----D---- C:\Windows\inf
2010-01-13 20:04:51 ----D---- C:\Windows\system32\drivers
2010-01-13 20:04:00 ----D---- C:\Program Files\Common Files\Akamai
2010-01-13 20:03:47 ----D---- C:\Windows
2010-01-13 20:03:27 ----D---- C:\Windows\system32\catroot2
2010-01-13 19:27:41 ----SHD---- C:\System Volume Information
2010-01-13 18:14:28 ----D---- C:\Program Files\PC-Doctor for Windows
2010-01-13 16:25:01 ----D---- C:\Windows\system32\catroot
2010-01-13 16:24:58 ----D---- C:\Windows\winsxs
2010-01-12 20:40:12 ----D---- C:\Program Files\IncrediMail
2010-01-12 19:51:33 ----HD---- C:\ProgramData
2010-01-12 19:32:35 ----SHD---- C:\Windows\Installer
2010-01-12 19:32:33 ----D---- C:\Program Files\Windows Live
2010-01-12 19:31:40 ----SD---- C:\Users\sebastien\AppData\Roaming\Microsoft
2010-01-12 19:25:40 ----SD---- C:\ProgramData\Microsoft
2010-01-12 19:07:10 ----D---- C:\Program Files\Common Files
2010-01-12 18:10:03 ----AD---- C:\ProgramData\Temp
2010-01-12 17:40:47 ----D---- C:\Windows\Logs
2010-01-12 16:49:55 ----D---- C:\Windows\Prefetch
2009-12-29 11:04:49 ----D---- C:\Windows\system32\WDI
2009-12-20 11:38:20 ----D---- C:\Windows\Microsoft.NET
2009-12-20 11:38:07 ----RSD---- C:\Windows\assembly
2009-12-20 09:29:20 ----D---- C:\Windows\rescache
2009-12-20 09:12:17 ----D---- C:\Windows\system32\Tasks
2009-12-20 09:08:36 ----D---- C:\Windows\system32\fr-FR
2009-12-20 09:08:35 ----D---- C:\Windows\system32\wbem
2009-12-20 09:08:34 ----D---- C:\Windows\system32\zh-TW
2009-12-20 09:08:34 ----D---- C:\Windows\system32\zh-HK
2009-12-20 09:08:34 ----D---- C:\Windows\system32\zh-CN
2009-12-20 09:08:34 ----D---- C:\Windows\system32\uk-UA
2009-12-20 09:08:34 ----D---- C:\Windows\system32\tr-TR
2009-12-20 09:08:34 ----D---- C:\Windows\system32\th-TH
2009-12-20 09:08:34 ----D---- C:\Windows\system32\sv-SE
2009-12-20 09:08:34 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-20 09:08:34 ----D---- C:\Windows\system32\sl-SI
2009-12-20 09:08:34 ----D---- C:\Windows\system32\sk-SK
2009-12-20 09:08:34 ----D---- C:\Windows\system32\ru-RU
2009-12-20 09:08:34 ----D---- C:\Windows\system32\ro-RO
2009-12-20 09:08:34 ----D---- C:\Windows\system32\pt-PT
2009-12-20 09:08:34 ----D---- C:\Windows\system32\pt-BR
2009-12-20 09:08:34 ----D---- C:\Windows\system32\pl-PL
2009-12-20 09:08:34 ----D---- C:\Windows\system32\nl-NL
2009-12-20 09:08:34 ----D---- C:\Windows\system32\nb-NO
2009-12-20 09:08:34 ----D---- C:\Windows\system32\lv-LV
2009-12-20 09:08:34 ----D---- C:\Windows\system32\lt-LT
2009-12-20 09:08:34 ----D---- C:\Windows\system32\ko-KR
2009-12-20 09:08:34 ----D---- C:\Windows\system32\ja-JP
2009-12-20 09:08:34 ----D---- C:\Windows\system32\it-IT
2009-12-20 09:08:34 ----D---- C:\Windows\system32\hu-HU
2009-12-20 09:08:34 ----D---- C:\Windows\system32\hr-HR
2009-12-20 09:08:34 ----D---- C:\Windows\system32\he-IL
2009-12-20 09:08:34 ----D---- C:\Windows\system32\fi-FI
2009-12-20 09:08:34 ----D---- C:\Windows\system32\et-EE
2009-12-20 09:08:34 ----D---- C:\Windows\system32\es-ES
2009-12-20 09:08:34 ----D---- C:\Windows\system32\en-US
2009-12-20 09:08:34 ----D---- C:\Windows\system32\el-GR
2009-12-20 09:08:34 ----D---- C:\Windows\system32\de-DE
2009-12-20 09:08:34 ----D---- C:\Windows\system32\da-DK
2009-12-20 09:08:34 ----D---- C:\Windows\system32\cs-CZ
2009-12-20 09:08:34 ----D---- C:\Windows\system32\bg-BG
2009-12-20 09:08:34 ----D---- C:\Windows\system32\ar-SA
2009-12-18 11:43:01 ----SHD---- C:\Boot
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Sidebar
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Media Player
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Mail
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Collaboration
2009-12-18 11:38:29 ----D---- C:\Program Files\Windows Calendar
2009-12-18 11:38:29 ----D---- C:\Program Files\Movie Maker
2009-12-18 11:38:29 ----D---- C:\Program Files\Internet Explorer
2009-12-18 11:38:29 ----D---- C:\Program Files\Common Files\System
2009-12-18 11:38:28 ----D---- C:\Windows\servicing
2009-12-18 11:38:28 ----D---- C:\Program Files\Windows Defender
2009-12-18 11:38:25 ----D---- C:\Windows\system32\XPSViewer
2009-12-18 11:38:25 ----D---- C:\Windows\system32\oobe
2009-12-18 11:38:25 ----D---- C:\Windows\system32\migration
2009-12-18 11:38:25 ----D---- C:\Windows\system32\fr
2009-12-18 11:38:25 ----D---- C:\Windows\IME
2009-12-18 11:38:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-18 11:38:23 ----D---- C:\Windows\system32\SLUI
2009-12-18 11:38:23 ----D---- C:\Windows\system32\setup
2009-12-18 11:38:22 ----D---- C:\Windows\system32\manifeststore
2009-12-18 11:38:19 ----D---- C:\Windows\system32\migwiz
2009-12-18 11:38:09 ----RSD---- C:\Windows\Fonts
2009-12-18 11:38:09 ----D---- C:\Windows\AppPatch
2009-12-18 11:38:04 ----D---- C:\Windows\system32\Boot
2009-12-18 11:37:57 ----D---- C:\ProgramData\NVIDIA
2009-12-18 11:37:21 ----D---- C:\Windows\system32\RTCOM
2009-12-17 16:27:40 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-14 18:37:58 ----HD---- C:\Windows\system32\GroupPolicy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 krnl_akl;Anti-keylogger Kernel Service; \??\C:\Windows\system32\drivers\krnl_akl.sys [2009-04-21 360960]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 camfilt2;camfilt2; C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-24 2171672]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-27 7478496]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-05-22 15360]
R3 PAC7302;Hercules Classic Link; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
S3 SBAPIFS;SBAPIFS; \??\C:\Windows\system32\drivers\sbapifs.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-01-08 233472]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-27 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 akl_svc;Anti-keylogger Service; C:\Program Files\Anti-keylogger\akl_svc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-25 182768]

-----------------EOF-----------------
2 eme raport
info.txt logfile of random's system information tool 1.06 2010-01-13 20:29:26

======Uninstall list======

-->"C:\Program Files\HP Games\5 Card Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Age of Castles\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon iP2500 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2500_series /L0x000c
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Program Files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enregistrement utilisateur de Canon iP2500 series-->C:\Program Files\Canon\IJEREG\iP2500 series\UNINST.EXE
Florensia-->C:\Program Files\InstallShield Installation Information\{0C053AE9-9DB6-42EE-B991-B6C57BB5F63F}\setup.exe -runfromtemp -l0x0009 -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hercules Classic Link Webcam-->C:\Program Files\InstallShield Installation Information\{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64B9E2F5-558E-4C56-B419-A1679518F6E7}\setup.exe" -l0x9 -removeonly
HP Demo-->MsiExec.exe /X{48BF4489-0C58-4E80-BB17-94A673CE310A}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38058455-8C21-4C2F-B2F6-14ED166039CB}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jeyo Mobile Companion 2.1-->"C:\Program Files\Jeyo\JMC_WindowsMobile\unins000.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
muvee Reveal-->MsiExec.exe /X{19506BDB-4EA7-491F-E8AB-E97109FDB296}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor for Windows\uninst.exe
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Revo Uninstaller 1.85-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Version de démonstration de Microsoft Office Home and Student 2007-->c:\hp\bin\MSOffice\uninst2.cmd
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: PC-de-sebastien
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 28222
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090708112019.892182-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 28111
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090708023852.789726-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 28001
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090707163958.907525-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 27892
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090707084641.637799-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 27781
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090707033158.322946-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-sebastien
Event Code: 6001
Message: Échec de l’abonné aux notifications Winlogon <GPClient> lors d’un événement de notification.
Record Number: 502
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090511011325.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-sebastien
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {083f059f-0f9f-4e80-b58f-a60b64508eca}
Record Number: 456
Source Name: VSS
Time Written: 20090510120300.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 1000
Message: Application défaillante Skype.exe, version 4.0.0.226, horodatage 0x49e709f8, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x5044552b, ID du processus 0x13a8, heure de début de l’application 0x01c9d1664b685d50.
Record Number: 454
Source Name: Application Error
Time Written: 20090510115838.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-sebastien
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 339
Source Name: Microsoft-Windows-Search
Time Written: 20090510110636.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-RIH994FCPHD
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 322
Source Name: Microsoft-Windows-WMI
Time Written: 20081204014411.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-sebastien
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SEBASTIEN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2a8
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 5506
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090626110621.114331-000
Event Type: Succès de l'audit
User

Afficher la suite

A voir également:

Trojan wow
Wow slider - Télécharger - Présentation
Anti trojan - Télécharger - Antivirus & Antimalwares
Trojan remover - Télécharger - Antivirus & Antimalwares
Trojan killer - Télécharger - Antivirus & Antimalwares
Astuce wow - Accueil - Jeu vidéo

5 réponses

Réponse 1 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.

:processes
explorer.exe
:files
C:\Windows\70496.exe
C:\Windows\5526616.exe
C:\Windows\5023341.exe
C:\Windows\4527242.exe
C:\Windows\740349.exe
C:\Windows\166390.exe
C:\Windows\6961841.exe
C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll
C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk
C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoomsmgr.exe"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Réponse 2 / 5

seb86

voici le raport OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Windows\70496.exe not found.
File/Folder C:\Windows\5526616.exe not found.
File/Folder C:\Windows\5023341.exe not found.
File/Folder C:\Windows\4527242.exe not found.
File/Folder C:\Windows\740349.exe not found.
File/Folder C:\Windows\166390.exe not found.
File/Folder C:\Windows\6961841.exe not found.
File/Folder C:\Users\SEBAST~1\AppData\Local\Temp\5242ymg.dll not found.
File/Folder C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup not found.
File/Folder Notification de cadeaux MSN.lnk not found.
File/Folder C:\Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe not found.
File/Folder [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder Yahoomsmgr.exe"= not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: sebastien
->Temp folder emptied: 3645150 bytes
->Temporary Internet Files folder emptied: 2824943741 bytes
->Java cache emptied: 43949288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6628757 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13426544 bytes
RecycleBin emptied: 4713 bytes

Total Files Cleaned = 2 759,00 mb

OTM by OldTimer - Version 3.1.5.0 log created on 01142010_152751

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

raport malwarebytes
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3561
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

14/01/2010 15:41:51
mbam-log-2010-01-14 (15-41-51).txt

Type de recherche: Examen rapide
Eléments examinés: 96459
Temps écoulé: 3 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\5331973.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Réponse 3 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

seb86

une fois fait je peut desinstaller combofix ou me serat il utile plus tard ???
voici le raport
ComboFix 10-01-14.01 - sebastien 14/01/2010 19:55:40.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1926 [GMT 1:00]
Lancé depuis: c:\users\sebastien\Desktop\killbagle.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1972301564-3474235584-991511132-1000
c:\$recycle.bin\S-1-5-21-2078663341-3694880461-555554543-500
c:\$recycle.bin\S-1-5-21-387172161-2880252421-4039532654-500

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-14 au 2010-01-14 ))))))))))))))))))))))))))))))))))))
.

2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\users\sebastien\AppData\Roaming\Malwarebytes
2010-01-14 14:36 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 14:36 . 2010-01-14 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 14:36 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 14:20 . 2010-01-14 14:20 -------- d-----w- C:\_OTM
2010-01-13 20:31 . 2010-01-13 20:31 4 ----a-w- c:\windows\5331973.dat
2010-01-13 19:29 . 2010-01-13 19:29 -------- d-----w- c:\program files\trend micro
2010-01-13 19:29 . 2010-01-13 19:29 -------- d-----w- C:\rsit
2010-01-13 19:03 . 2010-01-13 19:03 4 ----a-w- c:\windows\70496.dat
2010-01-13 19:01 . 2010-01-13 19:01 116 ----a-w- c:\windows\5526616.dat
2010-01-13 18:54 . 2010-01-13 19:03 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-13 18:53 . 2010-01-13 18:53 116 ----a-w- c:\windows\5023341.dat
2010-01-13 18:45 . 2010-01-13 18:45 4 ----a-w- c:\windows\4527242.dat
2010-01-13 17:28 . 2010-01-13 17:28 116 ----a-w- c:\windows\740349.dat
2010-01-13 17:19 . 2010-01-13 17:19 4 ----a-w- c:\windows\166390.dat
2010-01-13 17:15 . 2010-01-13 17:15 230 ----a-w- c:\windows\6961841.dat
2010-01-13 15:45 . 2010-01-14 14:53 -------- d-----w- c:\program files\a-squared Free
2010-01-13 15:25 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:25 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 18:51 . 2010-01-14 14:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-12 18:51 . 2010-01-14 14:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-12 18:32 . 2010-01-12 18:32 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-12 18:32 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-12 18:25 . 2010-01-12 18:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-12 17:14 . 2010-01-12 17:14 0 ----a-w- c:\windows\system32\SBRC.dat
2010-01-12 17:14 . 2010-01-12 17:14 0 ----a-w- c:\windows\system32\SBFC.dat
2010-01-12 17:13 . 2010-01-12 17:13 -------- d-----w- c:\users\sebastien\AppData\Roaming\Sunbelt Software
2010-01-12 16:51 . 2010-01-12 16:51 2 --shatr- c:\windows\winstart.bat
2010-01-12 16:50 . 2010-01-12 16:50 -------- d-----w- c:\program files\Greatis
2010-01-12 16:07 . 2010-01-12 16:07 -------- d-----w- c:\program files\VS Revo Group
2010-01-12 15:56 . 2010-01-12 15:56 -------- d-----w- c:\users\sebastien\AppData\Local\Threat Expert
2010-01-11 08:59 . 2010-01-11 08:59 -------- d-----w- c:\programdata\WindowsSearch
2009-12-26 19:53 . 2009-12-26 19:53 17592 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\tf2.dll
2009-12-26 19:53 . 2009-12-26 19:53 17080 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\wow.dll
2009-12-26 19:53 . 2009-12-26 19:53 17592 ----a-w- c:\users\sebastien\AppData\Roaming\Mumble\Plugins\dods.dll
2009-12-26 19:52 . 2009-12-27 13:13 -------- d-----w- c:\users\sebastien\AppData\Roaming\Mumble
2009-12-26 19:52 . 2009-12-26 19:52 -------- d-----w- c:\program files\Mumble
2009-12-20 08:08 . 2009-12-20 08:08 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-20 08:01 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-12-20 08:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-20 08:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-20 08:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\ca-ES
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\eu-ES
2009-12-18 10:38 . 2009-12-18 10:38 -------- d-----w- c:\windows\system32\vi-VN
2009-12-18 07:56 . 2009-12-18 07:56 -------- d-----w- c:\windows\system32\EventProviders
2009-12-16 18:47 . 2009-12-16 19:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-16 16:12 . 2009-12-16 16:43 -------- d-----w- c:\users\Public\Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 19:02 . 2009-11-01 09:09 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-14 18:46 . 2008-11-22 07:52 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-14 18:46 . 2008-11-22 07:52 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-14 18:42 . 2008-11-21 23:42 -------- d-----w- c:\programdata\NVIDIA
2010-01-14 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 17:14 . 2008-11-21 23:43 -------- d-----w- c:\program files\PC-Doctor for Windows
2010-01-12 19:40 . 2009-05-10 12:13 -------- d-----w- c:\program files\IncrediMail
2010-01-12 18:32 . 2009-05-10 11:37 -------- d-----w- c:\program files\Windows Live
2010-01-12 18:31 . 2009-05-10 17:35 86576 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-01-12 18:31 . 2009-05-10 17:35 392728 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2010-01-12 18:31 . 2009-05-10 17:35 132672 ----a-w- c:\users\sebastien\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-01-12 18:31 . 2009-05-10 17:35 0 ----a-r- c:\users\sebastien\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2010-01-12 16:23 . 2009-07-01 13:30 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-12 15:45 . 2009-11-16 14:46 7592 ----a-w- c:\users\sebastien\AppData\Local\d3d9caps.dat
2009-12-20 08:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-20 08:08 . 2009-12-20 08:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-12-18 10:38 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-12-17 15:27 . 2009-05-11 04:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-02 20:43 . 2008-11-21 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 11:12 . 2009-05-10 11:56 -------- d-----w- c:\users\sebastien\AppData\Roaming\Skype
2009-11-29 09:54 . 2009-05-10 11:55 -------- d-----r- c:\program files\Skype
2009-11-29 09:54 . 2009-11-29 09:54 -------- d-----w- c:\program files\Common Files\Skype
2009-11-29 09:54 . 2009-05-10 11:55 -------- d-----w- c:\programdata\Skype
2009-11-29 09:53 . 2009-05-10 11:57 -------- d-----w- c:\users\sebastien\AppData\Roaming\skypePM
2009-11-24 23:54 . 2009-09-08 18:07 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-09-08 18:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-08 18:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-08 18:07 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-09-08 18:07 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-08 18:07 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-08 18:07 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 20:41 . 2009-11-22 20:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-22 20:39 . 2009-11-22 20:39 -------- d-----w- c:\program files\Microsoft
2009-11-22 07:25 . 2009-05-10 11:14 -------- d-----w- c:\users\sebastien\AppData\Roaming\PowerCinema
2009-11-21 06:40 . 2009-12-09 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 19:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 19:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 19:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 15:32 . 2009-05-10 14:30 216 ----a-w- c:\users\sebastien\AppData\Roaming\wklnhst.dat
2009-11-03 21:43 . 2009-12-09 19:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-09 19:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-09 19:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 07:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 21:04 2048 ----a-w- c:\windows\system32\tzres.dll
2008-11-22 08:16 . 2008-11-22 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-07 251336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-25 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-09-15 143360]
"CLMLServer"="c:\program files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-09-15 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-08-29 172032]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

c:\_otm\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\_otm\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-1-12 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,4e,50,fe,ce,7f,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/09/2009 19:07 114768]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\System32\drivers\krnl_akl.sys [21/04/2009 19:50 360960]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [13/01/2010 19:54 1858144]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21/01/2008 03:33 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/09/2009 19:07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/09/2009 19:07 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [20/08/2009 12:15 233472]
R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [10/05/2009 13:03 98432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [20/08/2009 12:15 36608]
S2 akl_svc;Anti-keylogger Service;"c:\program files\Anti-keylogger\akl_svc.exe" --> c:\program files\Anti-keylogger\akl_svc.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:33 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [12/01/2010 19:32 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/09/2008 01:58 20640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-06-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Presario&pf=cndt
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NPSStartup - (no file)
AddRemove-Notification de cadeaux MSN - c:\users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 20:02
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(212)
c:\program files\IncrediMail\bin\B4ImApp.dll
.
Heure de fin: 2010-01-14 20:05:51
ComboFix-quarantined-files.txt 2010-01-14 19:05

Avant-CF: 195 419 136 000 octets libres
Après-CF: 195 357 913 088 octets libres

- - End Of File - - EE9012E981933F4BC463956C7CC9F2AD

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > seb86

Tu peux virer combofix. Colle un rapport usbfix option 1

Réponse 4 / 5

seb86

raport usbfix

############################## | UsbFix V6.073 |

User : sebastien (Administrateurs) # PC-DE-SEBASTIEN
Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:51:48 | 15/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) Dual Core Processor 4450e
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 286,64 Go (180,94 Go free) [COMPAQ] # NTFS
D:\ -> Disque fixe local # 11,44 Go (1,56 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 596
C:\Windows\system32\wininit.exe 648
C:\Windows\system32\csrss.exe 656
C:\Windows\system32\services.exe 720
C:\Windows\system32\lsass.exe 732
C:\Windows\system32\lsm.exe 740
C:\Windows\system32\svchost.exe 888
C:\Windows\system32\nvvsvc.exe 960
C:\Windows\system32\svchost.exe 996
C:\Windows\System32\svchost.exe 1036
C:\Windows\System32\svchost.exe 1096
C:\Windows\System32\svchost.exe 1136
C:\Windows\system32\svchost.exe 1160
C:\Windows\system32\svchost.exe 1280
C:\Windows\system32\SLsvc.exe 1304
C:\Windows\system32\svchost.exe 1340
C:\Windows\system32\winlogon.exe 1460
C:\Windows\system32\svchost.exe 1532
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1712
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1740
C:\Windows\system32\rundll32.exe 1844
C:\Windows\system32\Dwm.exe 432
C:\Windows\Explorer.EXE 552
C:\Windows\System32\spoolsv.exe 1332
C:\Windows\system32\svchost.exe 1432
C:\Windows\system32\taskeng.exe 1512
C:\Program Files\Windows Defender\MSASCui.exe 2152
C:\hp\support\hpsysdrv.exe 2172
C:\Windows\System32\nvraidservice.exe 2224
C:\Windows\System32\rundll32.exe 2304
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe 2428
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe 2440
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe 2456
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2492
C:\Windows\WindowsMobile\wmdc.exe 2508
C:\Program Files\Java\jre6\bin\jusched.exe 2560
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 2568
C:\Program Files\Windows Sidebar\sidebar.exe 2584
C:\Windows\system32\taskeng.exe 2592
C:\Program Files\Windows Media Player\wmpnscfg.exe 2608
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 2616
C:\_OTM\MovedFiles\01142010_152035\C_Users\sebastien\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2676
C:\Program Files\IncrediMail\bin\IMApp.exe 3256
C:\Program Files\Windows Sidebar\sidebar.exe 3292
C:\Program Files\a-squared Anti-Malware\a2service.exe 3396
C:\Windows\System32\svchost.exe 3448
C:\Windows\system32\svchost.exe 3508
C:\Windows\system32\FsUsbExService.Exe 3548
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3708
C:\Windows\system32\svchost.exe 3820
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3888
C:\Windows\system32\svchost.exe 4012
C:\Windows\System32\svchost.exe 1932
C:\Windows\system32\SearchIndexer.exe 2028
C:\Windows\system32\WUDFHost.exe 2636
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2736
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2972
C:\Program Files\Windows Media Player\wmpnetwk.exe 3132
C:\Windows\system32\svchost.exe 2272
C:\Windows\system32\wbem\wmiprvse.exe 2188
C:\Windows\system32\wbem\unsecapp.exe 4228
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4628
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 6008
C:\Windows\system32\conime.exe 5552
C:\Windows\system32\taskeng.exe 5124
C:\Windows\System32\mobsync.exe 6068
C:\Windows\system32\wbem\wmiprvse.exe 5652

################## | Elements infectieux |

################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

################## | Cracks > Keygens > Serials |

################## | ! Fin du rapport # UsbFix V6.073 ! |

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

ok colle un rapport option 2 après avoir branché tes supports externes

puis
remets un rapport rsit
et dis si encore des soucis

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Comment supprimer le virus Trojan

Aide pour un virus

Trojan impossible à supprimer!

Quel est le MMORPG le plus ressemblant à WoW

Discussions similaires

Newsletters