Virus dont la cause est inconnue

_tienneatn · Janvier 19, 2009, 11:02

Bonjour a tous et a toute, voici mon problème.
depuis quelque temps, mon ordinateur c’était mit a aller très lentement. je n’en avait pas fait de cas, mais tout récemment, j’ai commencer a recevoir des messages du firewall de windows a propos d’un quelqu’on trojan horse…après une analyse avec AVG, je n’ai rien trouver…
que faire?
merci d’avance
Étienne

(ajout); Le virus ferme plusieurs de mes programmes
Edité le 19/01/2009 à 23:13

bl4koO · Janvier 20, 2009, 12:02

Fait des sauvegardes et reinstalle windows, c’est le plus simple je pense.
Edité le 20/01/2009 à 00:02

Senosen · Janvier 20, 2009, 8:31

:hello:

Clique [ici](http://images.malwareremoval.com/random/RSIT.exe) pour télécharger random's system information tool (RSIT) par random/random et sauvegarde le sur ton [b]Bureau[/b]

Double-clique sur RSIT.exe pour l’exécuter.
Clique sur le bouton “Continue” sur la fenêtre d’avertissement.
Une fois le scan terminé, tu auras deux rapports qui seront ouverts : log.txt et info.txt (c:\rsit)
Poste les dans ta prochaine réponse s’il te plait
Note : un rapport hijackthis est contenu dans le rapport log.txt

tungstene_1_1 · Janvier 20, 2009, 2:22

vous pouvez essayer de scanner avec Malwarebytes et Rogueremover

_tienneatn · Janvier 20, 2009, 9:26

info.txt logfile of random’s system information tool 1.05 2009-01-20 15:25:07

======Uninstall list======

–>C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
–>C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNRecode.exe /UNINSTALL
–>MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com–>C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com–>MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR–>C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR–>MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Empires III - The Asian Dynasties–>C:\Program Files\InstallShield Installation Information{C43C1415-3DFC-4089-9A32-0BECF28A6046}\install.exe -runfromtemp -l0x040c
Age of Empires III - The WarChiefs–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
AGEIA PhysX v7.09.13–>MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AMD Processor Driver–>C:\Program Files\InstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0c0c -removeonly
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Assassin’s Creed–>C:\Program Files\InstallShield Installation Information{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
Assistant de connexion Windows Live–>MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ASUS Gamer OSD–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe” -l0x9 -removeonly
ASUS Smart Doctor–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036
ATI - Utilitaire de désinstallation du logiciel–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
AVG Free 8.0–>C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 2™–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe” -l0x40c -removeonly
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard–>MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CryEngine®2 Sandbox™2–>MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis WARHEAD®–>“C:\Documents and Settings\All Users\Application Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe” REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®–>C:\Documents and Settings\All Users\Application Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
CursorXP–>C:\Program Files\CursorXP\CurXPUtil.exe -u
DEVIL MAY CRY 4–>MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
Diablo II–>C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVD Shrink 3.2–>“C:\Program Files\DVD Shrink\unins000.exe”
EA Download Manager–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036
Fable - The Lost Chapters–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
GameSpy Arcade–>C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gears of War–>C:\Program Files\InstallShield Installation Information{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x0c0c
Google Earth–>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GUILD WARS–>“C:\Program Files\GUILD WARS\Gw.exe” -uninstall
Guitar Pro 5.2–>“C:\Program Files\Guitar Pro 5\unins000.exe”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
iColorFolder–>C:\Program Files\iColorFolder\uninstall.exe
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Java™ 6 Update 11–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update–>MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
La Bataille pour la Terre du Milieu II–>C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\EAUninstall.exe
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
LimeWire 4.18.3–>“C:\Program Files\LimeWire\uninstall.exe”
Logitech SetPoint–>C:\Program Files\InstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Messenger Plus! Live–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft .NET Framework 1.1 Hotfix (KB928366)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0–>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Games for Windows - LIVE Redistributable–>MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5–>“C:\WINDOWS$NtUninstallWdf01005$\spuninst\spuninst.exe”
Microsoft LifeCam–>MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office FrontPage 2003–>MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003–>MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Need For Speed Underground–>C:\Program Files\EA GAMES\Need For Speed Underground\EAUninstall.exe
Nero 7 Premium–>MsiExec.exe /I{2D7D9D86-923A-41A8-919F-437332AB1033}
NVIDIA Drivers–>C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion - Orrery–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe” -l0x9 -removeonly
Oblivion - The Fighter’s Stronghold–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A0A20753-92DF-4631-82B4-9CACE2FCED6A}\setup.exe” -l0x9 -removeonly
Oblivion–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe” -l0x9 -removeonly
OC Gear Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{791B2FDA-A428-47C6-95D9-56A107C73257}\setup.exe” -l0x9
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Patch Darluok–>“C:\WINDOWS\Patch Darluok\uninstall.exe” “/U:C:\World of Warcraft\Uninstall\uninstall.xml”
Pivot Stickfigure Animator–>MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Power Tab Editor 1.7–>MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -uninstall
PunkBuster Services–>C:\WINDOWS\system32\pbsvc.exe -u
QuickTime–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036
REALTEK GbE & FE Ethernet PCI-E NIC Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe” -l0xc0c -removeonly
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe” -l0xc0c -removeonly
Sansa Media Converter–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe” -l0x40c
Security Update for Microsoft .NET Framework 2.0 (KB928365)–>C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows XP (KB923789)–>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)–>“C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950759)–>“C:\WINDOWS$NtUninstallKB950759$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950760)–>“C:\WINDOWS$NtUninstallKB950760$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950762)–>“C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951376-v2)–>“C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951698)–>“C:\WINDOWS$NtUninstallKB951698$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951748)–>“C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
Segoe UI–>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
TRENDnet TEW-421PC or TEW-423PI–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}
Unreal Tournament 3–>MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Windows XP (KB898461)–>“C:\WINDOWS$NtUninstallKB898461$\spuninst\spuninst.exe”
Update for Windows XP (KB942763)–>“C:\WINDOWS$NtUninstallKB942763$\spuninst\spuninst.exe”
Update for Windows XP (KB951978)–>“C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)–>C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - ASUS (XG1) USB -->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\oc_gear1_ADBA1963A3120D669B1DC527B51E195D31D80A46\oc_gear1.inf
Windows Live Call–>MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform–>MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail–>MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger–>MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Writer–>MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
World of Warcraft–>C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Cartographe 1.09–>C:\Program Files\WowCartographe\uninst.exe
XviD MPEG-4 Video Codec–>C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Zune Desktop Theme–>MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: ORDI-ETIENNE
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{39CF3603-0DB7-4822-ABEA-753CE70A6EAC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 6194
Source Name: Tcpip
Time Written: 20081126173937.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 7035
Message: The SjyPkt service was successfully sent a start control.

Record Number: 6193
Source Name: Service Control Manager
Time Written: 20081126173918.000000-300
Event Type: information
User: ORDI-ETIENNE\Étienne

Computer Name: ORDI-ETIENNE
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 6192
Source Name: Service Control Manager
Time Written: 20081126173909.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 6191
Source Name: Service Control Manager
Time Written: 20081126173900.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 6190
Source Name: Service Control Manager
Time Written: 20081126173900.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: ORDI-ETIENNE
Event Code: 101
Message: msnmsgr (2224) The database engine stopped.

Record Number: 4695
Source Name: ESENT
Time Written: 20081129165426.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 103
Message: msnmsgr (2224) \.\C:\Documents and Settings\Étienne\Local Settings\Application Data\Microsoft\Messenger\a..t..n.pinklife@hotmail.com\SharingMetadata\Working\database_7010_A323_10A2_EEF2\dfsr.db: The database engine stopped the instance (0).

Record Number: 4694
Source Name: ESENT
Time Written: 20081129165426.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 102
Message: msnmsgr (2224) \.\C:\Documents and Settings\Étienne\Local Settings\Application Data\Microsoft\Messenger\a..t..n.pinklife@hotmail.com\SharingMetadata\Working\database_7010_A323_10A2_EEF2\dfsr.db: The database engine started a new instance (0).

Record Number: 4693
Source Name: ESENT
Time Written: 20081129164444.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 100
Message: msnmsgr (2224) The database engine 5.01.2600.5512 started.

Record Number: 4692
Source Name: ESENT
Time Written: 20081129164444.000000-300
Event Type: information
User:

Computer Name: ORDI-ETIENNE
Event Code: 101
Message: msnmsgr (2224) The database engine stopped.

Record Number: 4691
Source Name: ESENT
Time Written: 20081129141201.000000-300
Event Type: information
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem
“windir”=%SystemRoot%
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
“PROCESSOR_REVISION”=6b01
“NUMBER_OF_PROCESSORS”=2
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“CLASSPATH”=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Étienne at 2009-01-20 15:24:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (37%) free of 238 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:06, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Étienne\Desktop\RSIT.exe
C:\Program Files\trend micro\Étienne.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU…\Run: [CursorXP] “C:\Program Files\CursorXP\CursorXP.exe” -s
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU…\Run: [VoipBuster] “C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe” -nosplash -minimized
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

–
End of file - 8684 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
“Alcmtr”=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
“nwiz”=nwiz.exe /install []
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
“Kernel and Hardware Abstraction Layer”=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
“AVG8_TRAY”=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-30 136600]
“QuickTime Task”=C:\Program Files\QuickTime\qttask.exe [2008-08-15 155648]
“LifeCam”=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
“VX1000”=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“ASUS SmartDoctor”=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2007-07-18 1114112]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
“updateMgr”=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
“CursorXP”=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
“MSMSGS”=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
“EA Core”=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]
“VoipBuster”=C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe -nosplash -minimized []
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Wireless Configuration Utility HW.15.lnk - C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“avgrsstx.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\AVG\AVG8\avgemc.exe”=“C:\Program Files\AVG\AVG8\avgemc.exe::Enabled:avgemc.exe"
“C:\Program Files\AVG\AVG8\avgupd.exe”="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe”
“C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe”=“C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe::Enabled:Speed"
“C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe”="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe::Enabled:Unreal Tournament 3”
“C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe”=“C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe::Enabled:Age of Empires III - The WarChiefs"
“C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe”="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe::Enabled:Age of Empires III - The Asian Dynasties”
“C:\WINDOWS\system32\PnkBstrA.exe”=“C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA"
“C:\WINDOWS\system32\PnkBstrB.exe”="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB”
“C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat”=“C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat::Enabled:La Bataille pour la Terre du Milieu II"
“C:\Program Files\EA GAMES\Battlefield 2\BF2.exe”="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe::Enabled:Battlefield 2”
“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire"
“C:\Program Files\uTorrent\uTorrent.exe”="C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent”
“C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe”=“C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe::Enabled:Gears of War"
“C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe::Enabled:Nero Home”
“C:\World of Warcraft\Launcher.exe”=“C:\World of Warcraft\Launcher.exe::Enabled:World of Warcraft"
“C:\Program Files\Diablo II\Diablo II.exe”="C:\Program Files\Diablo II\Diablo II.exe::Enabled:Diablo II - Lord of Destruction”
“C:\Documents and Settings\Étienne\Desktop\death space\Dead Space\Dead Space.exe”=“C:\Documents and Settings\Étienne\Desktop\death space\Dead Space\Dead Space.exe::Enabled:Dead Space "
“C:\Program Files\Electronic Arts\EADM\Core.exe”="C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager”
“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe::Enabled:Assassin’s Creed Dx9"
“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”="C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe::Enabled:Assassin’s Creed Dx10”
“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe::Enabled:Assassin’s Creed Update"
“C:\Program Files\Microsoft LifeCam\LifeCam.exe”="C:\Program Files\Microsoft LifeCam\LifeCam.exe::Enabled:LifeCam.exe”
“C:\Program Files\Microsoft LifeCam\LifeExp.exe”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe::Enabled:LifeExp.exe"
“C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe”="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe::Enabled:VoipBuster”
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“%windir%\system32\drivers\svchost.exe”="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“%windir%\system32\drivers\svchost.exe”="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d45c87c0-5d9f-11dd-856d-0014d148f67e}]
shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

======List of files/folders created in the last 1 months======

2009-01-20 15:24:38 ----D---- C:\Program Files\trend micro
2009-01-20 15:24:37 ----D---- C:\rsit
2008-12-30 12:04:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 10:58:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-30 10:58:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-30 10:58:36 ----A---- C:\WINDOWS\system32\java.exe
2008-12-30 10:58:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-29 22:51:18 ----D---- C:\Program Files\Microsoft
2008-12-29 22:50:46 ----D---- C:\Program Files\Windows Live SkyDrive
2008-12-29 22:33:25 ----D---- C:\Program Files\Common Files\Windows Live
2008-12-29 19:34:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-29 19:34:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 19:31:53 ----D---- C:\Program Files\CCleaner
2008-12-29 14:25:21 ----D---- C:\Program Files\WowCartographe

======List of files/folders modified in the last 1 months======

2009-01-20 15:25:05 ----D---- C:\WINDOWS\Temp
2009-01-20 15:24:52 ----D---- C:\WINDOWS\Prefetch
2009-01-20 15:24:38 ----RD---- C:\Program Files
2009-01-20 15:20:04 ----D---- C:\Program Files\Mozilla Firefox
2009-01-20 15:16:36 ----A---- C:\WINDOWS\RTacDbg.txt
2009-01-20 15:16:31 ----D---- C:\WINDOWS
2009-01-19 21:44:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-19 16:46:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-19 16:35:15 ----D---- C:\WINDOWS\system32\Restore
2009-01-18 22:19:25 ----HD---- C:$AVG8.VAULT$
2009-01-18 22:05:17 ----D---- C:\Documents and Settings\Étienne\Application Data\Google
2009-01-17 10:55:53 ----D---- C:\World of Warcraft
2009-01-14 21:42:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-08 17:39:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 12:05:16 ----D---- C:\Documents and Settings
2008-12-30 10:58:54 ----SHD---- C:\WINDOWS\Installer
2008-12-30 10:58:36 ----D---- C:\WINDOWS\system32
2008-12-30 10:57:19 ----D---- C:\Program Files\Java
2008-12-30 10:18:41 ----D---- C:\Program Files\FableTLCMod
2008-12-29 23:39:37 ----RSD---- C:\WINDOWS\assembly
2008-12-29 23:37:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-29 22:54:51 ----D---- C:\Program Files\Windows Live
2008-12-29 22:54:44 ----D---- C:\WINDOWS\WinSxS
2008-12-29 22:50:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-29 22:50:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-29 22:50:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-29 22:49:54 ----HD---- C:\WINDOWS\inf
2008-12-29 22:33:25 ----D---- C:\Program Files\Common Files
2008-12-29 20:21:06 ----D---- C:\WINDOWS\Debug
2008-12-27 18:59:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-27 14:02:47 ----D---- C:\Jeux
2008-12-22 22:34:52 ----D---- C:\Program Files\Diablo II

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-29 26824]
R1 EIO;EIO; ??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-29 21419]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-29 76040]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-10-25 3712]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-01-29 306304]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 XG1;ASUS Generic USB Driver; C:\WINDOWS\System32\Drivers\OC_Gear1.sys [2006-11-17 34304]
S3 adgfrtxv;adgfrtxv; C:\WINDOWS\system32\drivers\adgfrtxv.sys []
S3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-09-05 13568]
S3 LUsbKbd;SetPoint USB Filter Driver; C:\WINDOWS\system32\drivers\LUsbKbd.sys [2006-09-05 14848]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PnkBstrK;PnkBstrK; ??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
S3 SjyPkt;SjyPkt; ??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-30 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-27 201352]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-09-17 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Merci:)

_tienneatn · Janvier 21, 2009, 4:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:10, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Documents and Settings\Étienne\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM…\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU…\Run: [CursorXP] “C:\Program Files\CursorXP\CursorXP.exe” -s
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU…\Run: [VoipBuster] “C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe” -nosplash -minimized
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

–
End of file - 8664 bytes

‘‘mbam’’ maintenant

Malwarebytes’ Anti-Malware 1.33
Version de la base de données: 1673
Windows 5.1.2600 Service Pack 3

2009-01-20 22:02:23
mbam-log-2009-01-20 (22-02-16).txt

Type de recherche: Examen complet (A:|C:|D:|E:|)
Eléments examinés: 140195
Temps écoulé: 3 hour(s), 32 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Étienne\Application Data\Google\cijwg16225165.exe (Trojan.FakeAlert) -> No action taken.

Après avoir retirer le seul virus détecté, l’ordinateur va toujours aussi lentement, prend toujours 9 ans a ouvrir:P

Merci de votre aide, je l’apprécie énormément:)

Senosen · Janvier 21, 2009, 8:00

:hello:

Tu n’as pas supprimé le fichier infecté avec MBAM. Relance MBAM et pense à supprimer ce qui est trouvé.

Télécharge Ccleaner , installe le sans la barre yahoo.

Passe le en mode registre, corrige les erreurs, accepte la sauvegarde , fais plusieurs passes.

Passe le ensuite en mode Nettoyeur.