Forum Clubic

Infection vundo et mywebsearch

Bonjour a vous.

Depuis mon retour de vacances trouvant mon pc assez lent je me décide a lui faire quelques scans antispyware avec spybot et malwarebyte et qu’elle n’est pas ma surprise lorsque malwarebyte me détecte 4 trojan étant mywebsearch, vundo et trojan agent.

Après suppression de ces spywares par celui ci et trouvant mon pc toujours aussi lent je me tourne vers vous pour savoir si ils ne resteraient pas installés sur mon pc (connaissant la difficulté à se débarrasser de ces saletés)

Je vous remercie d’avance pour votre aide

PS : ca sert bien d’avoir un bon antivirus sur ce coup là si il ne me détecte pas ce qu’il faut (enfin bon aucun n’est infaillible) :stuck_out_tongue:

refais Malwarebytes Analyse compléte en Mode sans ECHEC + Suppressions de toutes les infections

forum.telecharger.01net.com…

poste le rapport


Poste un log hijackthis [www.trendsecure.com...](http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)

regarde générer un rapport
pagesperso-orange.fr…


Fais bien suppressions dans malwarebytes

par précaution aprés Malwarebytes passe un coup de Vundofix
vundofix.atribune.org…

renomes Hijackthis
forum-aide-contre-virus.be…

Voici

Malwarebytes’ Anti-Malware 1.30
Version de la base de données: 1427
Windows 5.1.2600 Service Pack 3

27/11/2008 01:16:17
mbam-log-2008-11-27 (01-16-17).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 125048
Temps écoulé: 3 hour(s), 35 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:48, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\Software\auriel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.aliceadsl.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Dit] Dit.exe
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\nbj.exe”
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: Interface Chat Voila - chat10.x-echo.com…
O16 - DPF: ppctlcab - ppupdates.ca.com…
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - messenger.zone.msn.com…
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - gamingzone.ubisoft.com…
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} - appdirectory.messenger.msn.com…
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com…
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - www.bitdefender.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - messenger.zone.msn.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file - 10113 bytes

Vundofix n’a ren detecté

Suis je tranquille (ça serait trop simple ^^)

Salut,

redémarre en mode sans échec et fait ceci.STP.merci.

Relance hijack et clique sur “Do a system scan only”
Ensuite recherche ces lignes et coches les cases

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com

Ensuite clique sur “Fix checked”

refait un hijackthis en mode normal.

@+

Voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:51, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Software\auriel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.aliceadsl.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Dit] Dit.exe
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\nbj.exe”
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: Interface Chat Voila - chat10.x-echo.com…
O16 - DPF: ppctlcab - ppupdates.ca.com…
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - messenger.zone.msn.com…
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - gamingzone.ubisoft.com…
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} - appdirectory.messenger.msn.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com…
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - www.bitdefender.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - messenger.zone.msn.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file - 9991 bytes

Re,

J’ai oublier trois truc a te faire faire:

redémarre en mode sans échec et fait ceci.STP.merci.

Relance hijack et clique sur “Do a system scan only”
Ensuite recherche ces lignes et coches les cases

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com

Ensuite clique sur “Fix checked”

refait un hijackthis en mode normal.

@+

Le nouveau log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:36, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Software\auriel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.aliceadsl.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Dit] Dit.exe
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\nbj.exe”
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: Interface Chat Voila - chat10.x-echo.com…
O16 - DPF: ppctlcab - ppupdates.ca.com…
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - messenger.zone.msn.com…
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - gamingzone.ubisoft.com…
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} - appdirectory.messenger.msn.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com…
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - www.bitdefender.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - messenger.zone.msn.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file - 9651 bytes

Re,

Comment va ton pc ?

@+

Je le trouve toujours aussi lent (mais bon c’est surement dans ma tête ^^)

Hi,

Sinon on vas vérifier cela en profondeur pour en être sur.

==>Télécharge random’s system information tool (RSIT) et enregistre le sur ton bureau.

==>Double clique sur RSIT.exe pour lancer l’outil.

==>Clique sur ’ continue ’ à l’écran Disclaimer.

==>Si l’outil HIjackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur,RSIT le téléchargera et tu devras accepter la licence.

==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Le premier

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Ducrocq Guillaume at 2008-11-27 10:33:06
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (13%) free of 95 GB
Total RAM: 1535 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:35, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ducrocq Guillaume\Local Settings\Application Data\Screamer Radio\screamer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ducrocq Guillaume\Bureau\RSIT.exe
C:\Program Files\trend micro\Ducrocq Guillaume.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aliceadsl.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.aliceadsl.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Dit] Dit.exe
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\nbj.exe”
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: Interface Chat Voila - chat10.x-echo.com…
O16 - DPF: ppctlcab - ppupdates.ca.com…
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - messenger.zone.msn.com…
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - gamingzone.ubisoft.com…
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} - appdirectory.messenger.msn.com…
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - www.eset.eu…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com…
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - www.bitdefender.com…
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - messenger.zone.msn.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file - 10054 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1197806438.job
C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Cmaudio”=RunDll32 cmicnfg.cpl []
“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
“Dit”=C:\WINDOWS\Dit.exe [2004-04-02 86016]
“LVCOMSX”=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
“LogitechVideoRepair”=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
“Kernel and Hardware Abstraction Layer”=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
“ATIPTA”=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-10-28 344064]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]
“AppleSyncNotifier”=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-08-18 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“NBJ”=C:\Program Files\Ahead\Nero BackItUp\nbj.exe [2005-10-11 1961984]
“LogitechSoftwareUpdate”=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“LDM”=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-08 67128]
“WMPNSCFG”=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-24 204288]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\uTorrent\utorrent.exe”=“C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000”
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineMessageService.exe”="C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineMessageService.exe:
:Enabled:TurbineMessageService”
“C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineNetworkService.exe”=“C:\Program Files\Turbine\Turbine Download Manager - Soundtrack\TurbineNetworkService.exe::Enabled:TurbineNetworkService"
“C:\Program Files\Jeux\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe”="C:\Program Files\Jeux\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:
:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)”
“C:\Program Files\Jeux\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe”=“C:\Program Files\Jeux\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe::Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:
:Enabled:Logitech Desktop Messenger”
“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2main.exe”=“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2main.exe::Enabled:Neverwinter Nights 2 Main"
“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe”="C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:
:Enabled:Neverwinter Nights 2 AMD”
“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwupdate.exe”=“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwupdate.exe::Enabled:Neverwinter Nights 2 Updater"
“C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2server.exe”="C:\Program Files\Jeux\Atari\Neverwinter Nights 2\nwn2server.exe:
:Enabled:Neverwinter Nights 2 Server”
“C:\Program Files\Jeux\Sports Interactive\Football Manager 2008\fm.exe”=“C:\Program Files\Jeux\Sports Interactive\Football Manager 2008\fm.exe::Disabled:Football Manager 2008"
“C:\Program Files\Bonjour\mDNSResponder.exe”="C:\Program Files\Bonjour\mDNSResponder.exe:
:Enabled:Bonjour”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)”

======File associations======

.reg - open - regedit.exe “%1” %*
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-11-27 10:33:08 ----D---- C:\Program Files\trend micro
2008-11-27 10:33:06 ----D---- C:\rsit
2008-11-27 01:28:33 ----D---- C:\VundoFix Backups
2008-11-27 01:28:33 ----A---- C:\VundoFix.txt
2008-11-26 21:39:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 20:52:37 ----D---- C:\Program Files\Glary Utilities
2008-11-23 18:05:31 ----HDC---- C:\WINDOWS$NtUninstallKB957097$
2008-11-23 18:05:22 ----HDC---- C:\WINDOWS$NtUninstallKB954459$
2008-11-23 18:05:10 ----HDC---- C:\WINDOWS$NtUninstallKB955069$
2008-11-23 09:11:04 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-23 09:11:04 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-23 09:11:04 ----A---- C:\WINDOWS\system32\java.exe
2008-11-23 09:11:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-08 09:51:47 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-08 09:51:11 ----D---- C:\WINDOWS\Logs
2008-11-06 15:17:47 ----D---- C:\Documents and Settings\Ducrocq Guillaume\Application Data\Gearbox Software

======List of files/folders modified in the last 1 months======

2008-11-27 10:33:33 ----D---- C:\Documents and Settings\Ducrocq Guillaume\Application Data\Free Download Manager
2008-11-27 10:33:10 ----D---- C:\WINDOWS\Temp
2008-11-27 10:33:08 ----AD---- C:\Program Files
2008-11-27 10:16:56 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 09:48:34 ----D---- C:\Downloads
2008-11-27 09:37:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 21:39:37 ----D---- C:\WINDOWS
2008-11-26 21:32:39 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-26 20:53:15 ----HD---- C:\WINDOWS\inf
2008-11-26 20:53:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 20:52:53 ----SD---- C:\WINDOWS\Tasks
2008-11-26 10:46:26 ----D---- C:\Documents and Settings\Ducrocq Guillaume\Application Data\XnView
2008-11-26 10:46:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-26 10:33:54 ----D---- C:\WINDOWS\Prefetch
2008-11-24 08:39:01 ----SHD---- C:\WINDOWS\Installer
2008-11-24 08:38:49 ----SHD---- C:\Config.Msi
2008-11-24 08:38:00 ----D---- C:\WINDOWS\system32\drivers
2008-11-24 08:32:26 ----AD---- C:\WINDOWS\system32
2008-11-23 18:05:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 18:05:29 ----HD---- C:\WINDOWS$hf_mig$
2008-11-23 18:05:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-23 18:04:27 ----D---- C:\WINDOWS\WinSxS
2008-11-23 09:10:21 ----D---- C:\Program Files\Java
2008-11-07 21:01:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-07 14:51:32 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-11-06 17:18:34 ----D---- C:\Program Files\Jeux
2008-11-06 17:18:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-04 14:18:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-31 17:14:12 ----D---- C:\Documents and Settings\Ducrocq Guillaume\Application Data\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-12-16 82380]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-08-18 54280]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NPPTNT2;NPPTNT2; ??\C:\WINDOWS\system32\npptNT2.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SSHDRV85;SSHDRV85; ??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-05-04 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-11-08 16512]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-08-18 71688]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
R3 CardReaderFilter;Card Reader Filter; ??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-08-18 30728]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-15 41984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-08-17 10368]
R3 PRISM_A00;PRISM 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys []
S3 AdWatchDrv;AW Realtime Driver; ??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 C-Dilla;C-Dilla; ??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys []
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys []
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; ??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
S3 LHidUsbK;SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-07-19 36736]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 LUsbKbd;SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2006-07-19 14848]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-26 47360]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1); C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 245760]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S3 SANDRA;SANDRA; C:\WINDOWS\system32\drivers\SANDRA.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UKBFLT;UKBFLT; C:\WINDOWS\System32\DRIVERS\UKBFLT.sys [2003-12-19 11672]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\drivers\usb8023.sys [2008-04-13 12800]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-04-01 46080]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-01-16 126976]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d’état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Le second

info.txt logfile of random’s system information tool 1.04 2008-11-27 10:33:43

======Uninstall list======

–>C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
–>C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
–>C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent–>“C:\Program Files\uTorrent\uninstall.exe”
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
ALZip–>“C:\Program Files\ESTsoft\ALZip\unins000.exe”
Apple Mobile Device Support–>MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe”
ATI Display Driver–>rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour–>MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
C-Dilla Licence Management System–>C:\C_DILLA\setup\cdunin16.exe
C-Media 3D Audio–>C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver–>C:\WINDOWS\system32\cmirmdrv.exe
Correctif pour Lecteur Windows Media 11 (KB939683)–>“C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
Correctif pour Windows Internet Explorer 7 (KB947864)–>“C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe”
Correctif pour Windows XP (KB952287)–>“C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
Disque de souvenirs HP–>MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Converter–>C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player–>C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player–>C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Smart Security–>MsiExec.exe /I{36AD5C43-AE4C-4AA5-B85E-5F60BE4BD47E}
Extension HighMAT pour l’Assistant Graver un CD de Microsoft Windows XP–>MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Football Manager 2009 Demo–>“C:\Program Files\Jeux\Steam\steam.exe” uninstall…
Foxit Reader–>C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 2.5–>“C:\Program Files\Free Download Manager\unins000.exe”
Free iPod Video Converter 1.34–>“C:\Program Files\Free iPod Video Converter\unins000.exe”
Glary Utilities 2.8.0.366–>“C:\Program Files\Glary Utilities\unins000.exe”
HijackThis 2.0.2–>“C:\Downloads\Software\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)–>C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)–>“C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
Hotfix for Windows Media Format SDK (KB902344)–>“C:\WINDOWS$NtUninstallKB902344$\spuninst\spuninst.exe”
hp psc 1200 series–>MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Informations sur votre PC–>MsiExec.exe /I{36D6F663-DF15-45BD-B0C6-4B909308E3B6}
iTunes–>MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 10–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Kit de Connexion Alice ADSL–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe” -l0x40c ControlPanel
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Logiciel QuickCam de Logitech–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe” -l0x40c
Logitech Desktop Messenger–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe” -l0x40c UNINSTALL
Logitech SetPoint–>C:\Program Files\InstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Macromedia Flash Player 8–>MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player–>C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Medion Flash XL 2.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe” -l0x9
Microsoft .NET Framework 1.1 French Language Pack–>MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA–>MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1–>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA–>MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1–>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Data Access Components KB870669–>C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5–>“C:\WINDOWS$NtUninstallWdf01005$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)–>“C:\WINDOWS$NtUninstallKB911565$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)–>“C:\WINDOWS$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)–>“C:\WINDOWS$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)–>“C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)–>“C:\WINDOWS$NtUninstallKB898458$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)–>“C:\WINDOWS$NtUninstallKB923723$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)–>“C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)–>“C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)–>“C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)–>“C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)–>“C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)–>“C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)–>“C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)–>“C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)–>“C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)–>“C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)–>“C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)–>“C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB938464)–>“C:\WINDOWS$NtUninstallKB938464$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB941569)–>“C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB946648)–>“C:\WINDOWS$NtUninstallKB946648$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950760)–>“C:\WINDOWS$NtUninstallKB950760$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950762)–>“C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950974)–>“C:\WINDOWS$NtUninstallKB950974$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951066)–>“C:\WINDOWS$NtUninstallKB951066$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951376)–>“C:\WINDOWS$NtUninstallKB951376$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951376-v2)–>“C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951698)–>“C:\WINDOWS$NtUninstallKB951698$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951748)–>“C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB952954)–>“C:\WINDOWS$NtUninstallKB952954$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB953839)–>“C:\WINDOWS$NtUninstallKB953839$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954211)–>“C:\WINDOWS$NtUninstallKB954211$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954459)–>“C:\WINDOWS$NtUninstallKB954459$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB955069)–>“C:\WINDOWS$NtUninstallKB955069$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956391)–>“C:\WINDOWS$NtUninstallKB956391$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956803)–>“C:\WINDOWS$NtUninstallKB956803$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956841)–>“C:\WINDOWS$NtUninstallKB956841$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB957095)–>“C:\WINDOWS$NtUninstallKB957095$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB957097)–>“C:\WINDOWS$NtUninstallKB957097$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB958644)–>“C:\WINDOWS$NtUninstallKB958644$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB951072-v2)–>“C:\WINDOWS$NtUninstallKB951072-v2$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB951978)–>“C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”
Mozilla Firefox (3.0.4)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)–>C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)–>MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Digital–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM–>C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenOffice.org 3.0–>MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Package de base Microsoft de service de chiffrement pour cartes à puce–>“C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe”
Panneau de configuration MobileMe–>MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Photo et imagerie HP 2.0 - All-in-One Pilote–>MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One–>MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series–>C:\Program Files\Hewlett-Packard\Digital Imaging{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Programme de gestion Camera de Logitech®–>“C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE” UNINSTALL REMOVEPROMPT
QuickTime–>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer–>C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set–>C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^–>C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software–>C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software–>C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sid Meier’s Civilization 4 - Beyond the Sword–>C:\Program Files\InstallShield Installation Information{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x040c -removeonly
Smart Manager–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1E02403C-C469-4937-9B94-7DF9F78888FA}\Setup.exe” -l0x40c
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Steam–>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab–>C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2–>“C:\Program Files\Teamspeak2_RC2\unins000.exe”
The KMPlayer (remove only)–>“C:\Program Files\The KMPlayer\uninstall.exe”
Utilitaire de sauvegarde Windows–>MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
videon–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C39E65F4-24EF-4DC5-9FF4-F91FE332C37E}\setup.exe” -l0x40c
Visionneuse Journal Windows Microsoft–>MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
W83L518D–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe” -l0x40c
Windows Defender Signatures–>MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Genuine Advantage v1.3.0254.0–>MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component–>“C:\WINDOWS$NtUninstallWIC$\spuninst\spuninst.exe”
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sign-in Assistant–>MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Connect–>“C:\WINDOWS$NtUninstallWMCSetup$\spuninst\spuninst.exe”
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation–>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”
World of Warcraft–>C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Cartographe 1.08b–>C:\Program Files\WowCartographe\uninst.exe
XML Paper Specification Shared Components Language Pack 1.0–>“C:\WINDOWS$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe”
XnView 1.93.6–>“C:\Program Files\XnView\unins000.exe”

======Hosts File======

127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com

======Security center information======

AV: ESET Smart Security 3.0
FW: F-Secure Anti-Virus 2005 5.10 (disabled)
FW: Pare-feu personnel d’ESET

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\FICHIERS COMMUNS\GTK\2.0\BIN;C:\Program Files\ZipGenius 6;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem
“windir”=%SystemRoot%
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=x86 Family 15 Model 2 Stepping 9, GenuineIntel
“PROCESSOR_REVISION”=0209
“NUMBER_OF_PROCESSORS”=2
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“FP_NO_HOST_CHECK”=NO
“CLASSPATH”=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Re,

Ton rapport et clean.

Fait ceci maintenant:

Télécharge toolscleaner sur ton Bureau :

toolscleaner

  • Double-clique sur ToolsCleaner2.exe et laisse le travailler

  • Clique sur Recherche et laisse le scan se terminer.

  • Clique sur Suppression pour finaliser.

  • Tu peux, si tu le souhaites, te servir des Options facultatives.

  • Clique sur Quitter, pour que le rapport puisse se créer.

  • Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:)…colle le dans ta réponse

  • Modération : lien supprimé *

Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l’onglet Restauration du système, coche “Désactiver la Restauration du système”

4 Clique sur Appliquer.

5 Ensuite décoche “Désactiver la restauration du systeme”

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Message edité le 27/11/2008 à 11:48

Voila le rapport

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

–>- Recherche:

C:\VundoFix.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Ducrocq Guillaume\Bureau\Rsit.exe: trouvé !
C:\Downloads\Software\vundoFix.exe: trouvé !
C:\Downloads\Software\hijackthis.log: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !


–>- Suppression:

C:\Downloads\Software\vundoFix.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Documents and Settings\Ducrocq Guillaume\Bureau\Rsit.exe: supprimé !
C:\Downloads\Software\hijackthis.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Vundofix backups: supprimé !
C:\Rsit: supprimé !

et restauration système ainsi point de restauration crée