Demande d'analyse de log (Pimi)

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse de log (Pimi)

Messagede pimi » 30 Déc 2009, 11:35

Bonjour,
Depuis quelque temps la connection internet sur mon ordinateur rame énormément.
Cela vient de mon pc puisque sur un autre la connection est très rapide. De plus si je ferme tout les processus possible la connection redevient rapide. Je n'ai pas reussi a cerner quel était le processus responsable. J'ai d'abord lancé spybot puis ad-aware et enfin ccleaner sans succès. J'ai ensuite lancé Avg. Ils m'ont tous trouvé des ptites choses mais cela n'a pas résolu mon problème. J'ai ensuite découvert votre site et c'est pour cela que je me permet de vous demander votre aide.

Voici mes logs:

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3454
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30/12/2009 11:13:12
mbam-log-2009-12-30 (11-13-09).txt

Type de recherche: Examen rapide
Eléments examinés: 133224
Temps écoulé: 6 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\avtapi32.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\avtapi32.dll (Trojan.Agent) -> No action taken.

J'ai oublié de désactiver le module résident de l'antivirus.
pimi
 
Messages: 4
Inscription: 30 Déc 2009, 10:40

Messagede pimi » 30 Déc 2009, 11:38

OTL.TXT

OTL logfile created on: 30/12/2009 11:19:59 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\Downloads\LOGS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 356,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,46 Gb Total Space | 3,26 Gb Free Space | 5,88% Space Free | Partition Type: NTFS
Drive D: | 50,38 Gb Total Space | 37,61 Gb Free Space | 74,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIMI
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/29 12:14:34 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/29 12:14:33 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/29 12:14:32 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/29 12:14:32 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/29 12:14:30 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/29 12:14:25 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/12/29 12:14:22 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/29 12:13:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\Downloads\LOGS\OTL.exe
PRC - [2009/12/10 00:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/04/23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/23 05:48:56 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:48:54 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/29 23:20:49 | 00,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008/05/02 23:57:30 | 02,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2008/05/02 23:57:30 | 00,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2008/05/02 23:57:00 | 02,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 22:46:48 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/06/01 10:52:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/06/01 10:52:10 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/30 19:49:54 | 16,269,312 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006/08/04 23:29:14 | 00,062,976 | ---- | M] (Alexander Avdonin) -- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2002/03/21 15:44:46 | 00,176,128 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Connection Assistant\bin\mpbtn.exe


========== Modules (SafeList) ==========

MOD - [2009/12/29 12:13:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\Downloads\LOGS\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/29 12:14:25 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/29 12:14:22 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/07/04 22:46:48 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/11/17 11:00:10 | 00,360,533 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006/06/19 11:50:55 | 00,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\avtapi32.dll -- (avtapi32)


========== Driver Services (SafeList) ==========

DRV - [2009/12/29 12:15:11 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/29 12:15:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/29 12:15:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/16 22:42:42 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/09 14:11:01 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/17 18:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/05/02 23:59:31 | 00,066,560 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/05/02 23:58:38 | 00,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/05/02 23:57:28 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2008/05/02 23:57:28 | 00,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008/05/02 23:57:00 | 00,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/05/02 23:57:00 | 00,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3531.sys -- (Si3531)
DRV - [2008/05/02 23:57:00 | 00,208,688 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2008/05/02 23:57:00 | 00,202,032 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008/05/02 23:57:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/05/02 23:57:00 | 00,076,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3124.sys -- (Si3124)
DRV - [2008/05/02 23:57:00 | 00,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3132.sys -- (Si3132)
DRV - [2008/05/02 23:57:00 | 00,069,296 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008/05/02 23:57:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/05/02 23:57:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 09:56:50 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2007/07/04 22:55:40 | 02,304,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/02/16 01:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/05 17:36:58 | 00,529,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/11/03 09:32:30 | 04,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/20 07:00:10 | 00,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2001/08/23 14:59:32 | 00,077,824 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati.sys -- (ati)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\S-1-5-21-1085031214-1935655697-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\S-1-5-21-1085031214-1935655697-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.12
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.20
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.3
FF - prefs.js..network.proxy.http: "195.115.25.29"
FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/29 12:14:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/13 17:27:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/13 17:27:53 | 00,000,000 | ---D | M]

[2008/12/24 00:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Extensions
[2009/12/29 06:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Firefox\Profiles\fgbxk6tq.default\extensions
[2009/03/26 08:33:55 | 00,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Firefox\Profiles\fgbxk6tq.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2009/10/13 17:28:24 | 00,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Firefox\Profiles\fgbxk6tq.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2009/10/13 17:28:23 | 00,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Firefox\Profiles\fgbxk6tq.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/05/09 15:05:43 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Mozilla\Firefox\Profiles\fgbxk6tq.default\searchplugins\daemon-search.xml
[2009/11/03 12:26:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/31 10:51:26 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/08/24 20:21:51 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/08/24 20:21:51 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 20:21:51 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/24 20:21:51 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 20:21:51 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (1029952 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 30094 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\.DEFAULT..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-18..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-19..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-20..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\Downloads\LOGS\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\3Com Connection Assistant.lnk = C:\Program Files\Connection Assistant\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 335 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 335 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 314 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 314 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1085031214-1935655697-1417001333-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0076112984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/07 15:23:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/27 13:04:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/30 10:53:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/30 10:46:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Malwarebytes
[2009/12/30 10:46:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 10:46:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/12/30 10:46:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 12:15:28 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/29 12:15:12 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/29 12:15:11 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/29 12:15:04 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/29 12:15:02 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/29 12:14:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/29 12:14:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/29 12:14:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/12/29 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\hijackthis
[2009/12/29 10:33:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\backup du registre 291209
[2009/12/29 10:32:28 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Recent
[2009/12/29 06:59:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\Lavasoft
[2009/12/29 06:25:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/12/29 06:13:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/13 19:34:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\jeu ds
[2009/12/09 12:24:41 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/12/09 12:24:40 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/12/09 12:24:39 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/12/09 12:24:37 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/12/09 12:24:37 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/12/09 12:24:05 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2008/11/07 15:40:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/07 15:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/07 15:40:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/07 15:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\Administrateur.367D48CC50BD4DD\*.tmp files -> C:\Documents and Settings\Administrateur.367D48CC50BD4DD\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/30 10:58:11 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/30 10:58:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 10:57:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 10:56:52 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\NTUSER.DAT
[2009/12/30 10:56:52 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\ntuser.ini
[2009/12/30 10:56:44 | 04,821,192 | -H-- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Local Settings\Application Data\IconCache.db
[2009/12/30 10:52:20 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2009/12/30 10:23:01 | 00,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1935655697-1417001333-500UA.job
[2009/12/30 10:22:17 | 47,219,801 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/29 12:15:12 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/29 12:15:12 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG Free 9.0.lnk
[2009/12/29 12:15:11 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/29 12:15:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/29 12:15:02 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/29 12:15:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/29 12:14:47 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/29 12:14:47 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/29 12:14:47 | 00,128,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/29 06:49:18 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/29 06:49:18 | 00,000,261 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/29 06:49:18 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009/12/28 22:28:40 | 01,029,952 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/28 22:23:20 | 00,002,467 | ---- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Bureau\Google Chrome.lnk
[2009/12/28 09:57:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 19:36:05 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\PUTTY.RND
[2009/12/11 23:23:00 | 00,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1935655697-1417001333-500Core.job
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\Administrateur.367D48CC50BD4DD\*.tmp files -> C:\Documents and Settings\Administrateur.367D48CC50BD4DD\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/30 10:52:20 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2009/12/29 12:15:12 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG Free 9.0.lnk
[2009/12/29 12:15:02 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/29 12:14:47 | 47,219,801 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/29 12:14:47 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/29 12:14:47 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/29 12:14:47 | 00,128,231 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/26 15:20:27 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/26 15:20:27 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/26 15:20:27 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/03 09:44:34 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 11:56:25 | 00,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/06/16 20:11:50 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2009/05/28 16:29:30 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\PnkBstrK.sys
[2009/05/09 14:11:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/09 12:00:16 | 00,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/04/22 16:59:33 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/18 11:43:41 | 00,000,153 | ---- | C] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Local Settings\Application Data\fusioncache.dat
[2009/04/18 11:43:33 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/03/26 08:41:39 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Application Data\$_hpcst$.hpc
[2008/12/24 00:13:49 | 00,000,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\AW1012d.ini
[2008/12/23 23:40:07 | 00,000,184 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ntuser.ini
[2008/12/23 23:39:33 | 00,000,177 | ---- | C] () -- C:\WINDOWS\System32\drivers\compatibility.ini
[2008/12/23 23:39:33 | 00,000,125 | ---- | C] () -- C:\WINDOWS\System32\drivers\extensions.ini
[2008/12/23 23:39:33 | 00,000,111 | ---- | C] () -- C:\WINDOWS\System32\drivers\profiles.ini
[2008/12/06 12:09:56 | 00,000,161 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/12/02 16:33:42 | 00,014,208 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/12/02 16:33:29 | 00,014,025 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/02 16:16:43 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/02 23:57:28 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2008/05/02 23:57:00 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/06/19 11:50:55 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\59df8eb8.dll
[2006/06/19 11:50:55 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\9e548833.dll
[2006/04/16 12:41:36 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\a60d37a4.dll

========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/04/13 10:40:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2008/05/02 23:57:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/05/02 23:57:00 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys

<MD5>
[2008/05/02 23:57:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/05/02 23:57:00 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CA35DB7A5FCDF891
<End>
pimi
 
Messages: 4
Inscription: 30 Déc 2009, 10:40

Messagede pimi » 30 Déc 2009, 11:40

OTL Extras logfile created on: 30/12/2009 11:19:59 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrateur.367D48CC50BD4DD\Mes documents\Downloads\LOGS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 356,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,46 Gb Total Space | 3,26 Gb Free Space | 5,88% Space Free | Partition Type: NTFS
Drive D: | 50,38 Gb Total Space | 37,61 Gb Free Space | 74,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIMI
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1085031214-1935655697-1417001333-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- Reg Error: Key error.
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"25:TCP" = 25:TCP:*:Enabled:File and Printer Sharing
"8904:TCP" = 8904:TCP:*:Enabled:aneq
"1552:TCP" = 1552:TCP:*:Enabled:aneq
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\TFPTools3_0\TFPTools.exe" = C:\Program Files\TFPTools3_0\TFPTools.exe:*:Enabled:TFPTools -- ()
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- (adsltv.org)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Jeux\Volley\Volley\volley.exe" = C:\Jeux\Volley\Volley\volley.exe:*:Enabled:volley -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Jeux\Capitalism 2\cap2.exe" = C:\Jeux\Capitalism 2\cap2.exe:*:Enabled:cap2 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\VoipDiscount\VoipDiscount.exe" = C:\Program Files\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003C932A-0064-B581-3935-284D2CE76A89}" = Catalyst Control Center Core Implementation
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}" = Catalyst Control Center Localization German
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{174D7CC5-1117-29D3-8422-2E54ADF7DB5D}" = Catalyst Control Center Localization Norwegian
"{1E0E1039-E45D-7EA2-E377-E00C2857E0C2}" = ccc-core-static
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21A1D4A5-3D9B-9434-4F97-40367BDF4E47}" = Catalyst Control Center Graphics Full New
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23894154-0961-CD0A-BAC0-67E6E96165C3}" = CCC Help Chinese Standard
"{24DFAAD6-E1ED-F588-2AD5-2EA4FE9113AE}" = CCC Help Korean
"{26886987-D038-7438-8DF2-ED3B1888E052}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Programme d'installation Atheros Client
"{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}" = Catalyst Control Center Localization Spanish
"{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}" = Catalyst Control Center Localization Hungarian
"{306682DE-BB8E-CD56-9F6B-DE209469418A}" = CCC Help Turkish
"{310477AD-884B-736D-B2C8-7BE9433B243D}" = CCC Help Swedish
"{31814F2E-FA58-AFE8-DC97-3BD97F7191C2}" = CCC Help Greek
"{354F7470-D8E3-95D0-3488-B9E32D5E9636}" = CCC Help German
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{380FAC97-C47F-C5A9-2A51-DFF8DE144B37}" = Catalyst Control Center Localization Italian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{407A5080-4B1C-A43D-9EED-A3B5EDBCF593}" = CCC Help Polish
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46FE06BF-2A08-9D00-ABFD-7F967817E275}" = Catalyst Control Center Localization Swedish
"{48D87CF2-9E6A-47B3-980B-2C1D3EF56819}" = MaCalculatrice 2.3
"{4B50D80D-A482-DECD-B584-EB054EBA878A}" = ccc-core-preinstall
"{4B8ACECB-D518-99AA-B1F3-E79F905A83EE}" = Catalyst Control Center Localization Czech
"{5ABA84ED-D61B-257F-809F-A8C883865854}" = Catalyst Control Center Localization Dutch
"{5B464CAC-76BD-BDBB-8066-318D05D171DF}" = Catalyst Control Center Localization Finnish
"{5C7332EA-BFB9-24A0-BDD9-254F4B113E41}" = Catalyst Control Center Localization Polish
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6426C1E8-ADD6-F91F-C152-2ABB7AB25F9F}" = Catalyst Control Center Graphics Full Existing
"{66B5F542-952C-F50D-BFF3-BCA582B65860}" = Catalyst Control Center Localization Turkish
"{67213BA8-70C6-458D-9B64-4B93FB35E84B}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA66ACB-E93C-C7CD-F303-D473AEC8A43E}" = CCC Help Norwegian
"{6D5DC54D-B06E-32A8-A5D9-4978D7A75FA1}" = Catalyst Control Center Localization Japanese
"{6DC712D0-A8AE-70EE-215D-ECE5DB29782C}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{782BC438-2C73-77F4-F5B6-7ADC87F611BB}" = CCC Help Spanish
"{791A19F4-E4E5-F4B0-7687-F5D1C4FF799A}" = Catalyst Control Center Graphics Light
"{7BBA76B4-CC34-0AAB-6D48-BE0181E20832}" = CCC Help Dutch
"{7F311276-1CD6-1661-8BAE-DD9016FE9B8D}" = Catalyst Control Center Localization Russian
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C89CF4-F64E-6820-375C-24963DDF99C9}" = Catalyst Control Center Localization Greek
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0D145D-EB41-E1DB-6250-0146B02CBA3A}" = CCC Help Japanese
"{8F5D6849-1A7E-B0B2-F1DE-C0FF21F9E78C}" = CCC Help French
"{944DA8EF-FD4E-1FD9-D88A-B22D78913BE6}" = Catalyst Control Center Localization Portuguese
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F5E039-D2F5-18C0-F0C9-6981F73514CC}" = Catalyst Control Center Localization French
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9E684286-287F-AE06-6909-31A0944A9B4F}" = Catalyst Control Center Localization Danish
"{A0CE9CC5-B17D-3FD5-20B9-A2509B475A20}" = ccc-utility
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35D49A6-F3CF-87AA-6FF1-777D8A06BAB1}" = CCC Help English
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B2CEACB9-7690-30B5-D80A-B138DB4F0E37}" = Catalyst Control Center Localization Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D26970AA-C66F-142F-7C66-A73FC3546F57}" = CCC Help Russian
"{D88DB576-0989-879A-38B1-7ED6224B2F52}" = Catalyst Control Center Localization Thai
"{D8B87EBC-12C2-D4FC-F085-A062D4906216}" = CCC Help Danish
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2A05D36-56EF-84FC-E7D7-090D6E5F09BC}" = CCC Help Finnish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4DA4D2C-F57F-782E-752E-9286E5713297}" = Catalyst Control Center Localization Korean
"{E4E118EF-5286-915B-7DBD-D931AB9AF200}" = CCC Help Portuguese
"{E5B85BE7-55B5-0A14-7634-FEF92BCB87FB}" = CCC Help Chinese Traditional
"{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F384BD83-C317-94DA-A4AB-3E75E43F4F8C}" = Catalyst Control Center Localization Chinese Standard
"{F622BE4A-363F-F2B6-1F98-54E5E99B1750}" = CCC Help Thai
"{F6D39840-BB27-A191-BDF2-1841CA805D24}" = CCC Help Czech
"3Com Connection Assistant" = 3Com Connection Assistant
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"adsl TV" = adsl TV
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"BSPlayer1" = BSPlayer
"CloneCD" = CloneCD
"Diablo II" = Diablo II
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Hamachi" = Hamachi 1.0.3.0
"HControl" = ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"LineRider" = Line Rider
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"SopCast" = SopCast 3.0.1
"ST6UNST #1" = Hero Editor V1.03
"TaskSwitchXP" = TaskSwitchXP
"TvFreePlayer Tools" = TvFreePlayer Tools
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-1935655697-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/11/2009 15:38:12 | Computer Name = PIMI | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Mail -- Windows Installer a rencontré une erreur
inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème
lié au package. Le code d'erreur est 2762. Les arguments sont : , ,

Error - 24/11/2009 15:38:15 | Computer Name = PIMI | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,

Error - 24/11/2009 15:38:15 | Computer Name = PIMI | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,

Error - 28/12/2009 13:29:32 | Computer Name = PIMI | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BF à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 28/12/2009 13:29:32 | Computer Name = PIMI | Source = VSS | ID = 8193
Description =

Error - 28/12/2009 15:45:54 | Computer Name = PIMI | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BA à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 29/12/2009 09:49:01 | Computer Name = PIMI | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BA à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 29/12/2009 09:49:01 | Computer Name = PIMI | Source = VSS | ID = 8193
Description =

Error - 30/12/2009 05:34:55 | Computer Name = PIMI | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BF à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 30/12/2009 05:34:55 | Computer Name = PIMI | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 29/12/2009 09:42:08 | Computer Name = PIMI | Source = Srv | ID = 2000
Description = L'appel du serveur à un service système a échoué de façon inattendue.

Error - 29/12/2009 09:45:38 | Computer Name = PIMI | Source = Service Control Manager | ID = 7034
Description = Le service Assistance TCP/IP NetBIOS s'est terminé de façon inattendue
pour la 1ème fois.

Error - 29/12/2009 09:45:42 | Computer Name = PIMI | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
terminé de façon inattendue pour la 1ème fois.

Error - 29/12/2009 09:45:45 | Computer Name = PIMI | Source = Service Control Manager | ID = 7031
Description = Le service Appel de procédure distante (RPC) s'est terminé de manière
inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
dans 60000 millisecondes : Redémarrer l'ordinateur.

Error - 29/12/2009 09:56:40 | Computer Name = PIMI | Source = Service Control Manager | ID = 7000
Description = Le service wsimd Service n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 29/12/2009 09:56:40 | Computer Name = PIMI | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : iaStor

Error - 30/12/2009 05:17:24 | Computer Name = PIMI | Source = Service Control Manager | ID = 7000
Description = Le service wsimd Service n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 30/12/2009 05:17:24 | Computer Name = PIMI | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : iaStor

Error - 30/12/2009 05:59:17 | Computer Name = PIMI | Source = Service Control Manager | ID = 7000
Description = Le service wsimd Service n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 30/12/2009 05:59:17 | Computer Name = PIMI | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : iaStor


<End>
pimi
 
Messages: 4
Inscription: 30 Déc 2009, 10:40

Messagede nickW » 31 Déc 2009, 00:38

Bonsoir,

Un Windows pas vraiment légal! <----- peux-tu le confirmer?


Tu as installé un "gros" fichier hosts.

As-tu pensé à désactiver le service Client DNS?


Désactivation du service Client DNS
Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\svchost.exe -k NetworkService
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Faire redémarrer le PC.

Explication:
http://assiste.com.free.fr/p/hosts/host ... hosts.html
http://www.mvps.org/winhelp2002/hosts.htm (en anglais)

Note: cette manip est sans danger, et réversible.


Est-ce moins lent ou plus rapide, au choix?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede pimi » 31 Déc 2009, 10:39

tout d'abord merci pour ta reponse.

oui j'utilise windows xp ultimate, une version allégée et plus stable de windows xp pour que mon portable ne soit pas à la ramasse.

J'ai été voir le client dns mais il était déjà désactivé. La navigation sur internet peut par moment etre plus rapide mais il semble que le probleme persiste. De plus si je vais dans l'état de ma connexion au réseau sans fil, les données envoyées sont toujours 2 fois supérieurs aux paquets reçus.

Merci encore pour ton aide si tu as d'autres idées n'hésite pas.

A bientot.
pimi
 
Messages: 4
Inscription: 30 Déc 2009, 10:40

Messagede nickW » 31 Déc 2009, 17:47

Bonsoir,

Tu utilises donc une version "allégée", piratée et totalement illégale de Windows XP.

Pas d'aide de ma part.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 21 invités

cron