PC tres lent

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

PC tres lent

Messagede franck1967 » 09 Mar 2011, 22:19

Bonsoir, j'essaie de nettoyer l'ordinateur... relativement ancien de ma femme. Mais je pêche. Celui ci est très lent...

Permettez moi de vous joindre un Hijackthis... Puis les autres fichiers selon protocole

Avec mes remerciements

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:53:10, on 09/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=GRfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravure de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 8588 bytes
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent Hijackthis

Messagede franck1967 » 11 Mar 2011, 09:50

Waouhh pas très réactif le forum... :furious3:
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent Hijackthis

Messagede nickW » 11 Mar 2011, 12:38

nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC tres lent Hijackthis

Messagede franck1967 » 12 Mar 2011, 01:01

Euh en fait, c'est moi qui n'ai pas su lire correctement ...... La prochaine fois ..... désolé.....

Donc le Pc de ma femme rame +++ et enfin, désolé, je suis le protocole...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6027

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/03/2011 23:49:52
mbam-log-2011-03-11 (23-49-43).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 151105
Temps écoulé: 6 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent Hijackthis

Messagede franck1967 » 12 Mar 2011, 01:02

OTL logfile created on: 11/03/2011 23:56:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sl\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

254,00 Mb Total Physical Memory | 96,00 Mb Available Physical Memory | 38,00% Memory free
1 010,00 Mb Paging File | 750,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,16 Gb Total Space | 3,62 Gb Free Space | 19,95% Space Free | Partition Type: FAT32
Drive D: | 9,76 Gb Total Space | 8,69 Gb Free Space | 89,03% Space Free | Partition Type: FAT32

Computer Name: ACER-86U03S59CR | User Name: sl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 16:19:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sl\Bureau\OTL.exe
PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 16:04:20 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/18 09:22:04 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 03:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/22 12:07:00 | 000,282,624 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZpAcer.EXE
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/14 13:20:02 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/11/15 17:40:26 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/11 16:19:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sl\Bureau\OTL.exe
MOD - [2011/02/23 16:04:12 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashShell.dll
MOD - [2010/08/23 18:12:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/11/18 09:34:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 16:04:20 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 15:56:56 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 15:56:46 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 15:55:50 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 15:55:48 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 15:54:58 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 15:54:56 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/21 09:45:18 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/10/21 09:45:16 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/10/21 09:45:16 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/03/15 09:05:46 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/10/19 23:00:06 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2005/01/07 17:05:28 | 000,147,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2003/11/13 22:47:00 | 000,640,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/15 18:00:56 | 000,173,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)
DRV - [2003/08/04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003/05/26 15:32:00 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\WLAN Card Utilities\ASNDIS5.sys -- (ASNDIS5)
DRV - [2003/05/14 18:44:06 | 000,740,044 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/04/08 13:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2002/12/27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2669302297-2589800181-2619313026-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2669302297-2589800181-2619313026-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/02/28 19:33:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/15 10:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/15 17:21:38 | 000,000,000 | ---D | M]

[2009/03/15 17:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sl\Application Data\Mozilla\Extensions
[2009/03/15 17:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sl\Application Data\Mozilla\Firefox\Profiles\0vfvr3ui.default\extensions
[2009/09/26 12:36:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sl\Application Data\Mozilla\Firefox\Profiles\0vfvr3ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/02/28 22:07:22 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\sl\Application Data\Mozilla\Firefox\Profiles\0vfvr3ui.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2009/09/26 13:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sl\Application Data\Mozilla\Firefox\Profiles\0vfvr3ui.default\extensions\staged-xpis
[2009/03/15 17:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/28 19:33:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/10/30 23:09:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/03 18:23:50 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/03 18:23:50 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/03/03 18:23:50 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/03 18:23:50 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/03 18:23:50 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/03/04 18:48:22 | 000,430,672 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14825 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZpAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2669302297-2589800181-2619313026-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\sl\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2669302297-2589800181-2619313026-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\sl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/28 23:16:46 | 000,000,034 | ---- | M] () - C:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{19a411e1-6cb1-11df-aa56-00c09f4835f5}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{19a411e1-6cb1-11df-aa56-00c09f4835f5}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{19a411e1-6cb1-11df-aa56-00c09f4835f5}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{56966bf1-50dc-11de-a79e-00c09f4835f5}\Shell - "" = AutoRun
O33 - MountPoints2\{56966bf1-50dc-11de-a79e-00c09f4835f5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 23:33:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/11 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/11 23:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/03/11 16:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Application Data\Malwarebytes
[2011/03/11 16:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/03/11 16:29:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/11 16:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/11 16:29:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/11 16:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/11 16:26:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sl\Bureau\mbam-setup-1.50.1.1100.exe
[2011/03/11 16:21:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sl\Bureau\OTL.exe
[2011/03/11 10:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Application Data\GlarySoft
[2011/03/11 10:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Glary Utilities
[2011/03/11 10:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/03/11 01:24:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sl\Recent
[2011/03/11 00:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\CodeStuff Starter
[2011/03/11 00:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2011/03/09 23:26:10 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/03/09 21:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\HiJackThis
[2011/03/09 21:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/04 21:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZoneAlarm
[2011/03/04 21:27:57 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/03/04 21:27:40 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/03/04 21:27:40 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/03/04 21:27:14 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/03/04 21:27:06 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/03/04 21:27:06 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/03/04 21:27:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/03/04 21:27:04 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/03/04 21:27:03 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/03/04 21:26:58 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/03/04 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/03/04 21:25:07 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/03/04 21:25:06 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/03/04 21:25:05 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/03/04 18:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy
[2011/03/04 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/04 18:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/01 00:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\xp-AntiSpy
[2011/03/01 00:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2011/03/01 00:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\Microsoft Bootvis
[2011/03/01 00:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Bootvis
[2011/02/28 19:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\avast! Free Antivirus
[2011/02/28 19:34:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/28 19:34:56 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/28 19:34:47 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/28 19:34:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/28 19:34:46 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/28 19:34:45 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/28 19:34:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/28 19:34:44 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/28 19:33:24 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/28 19:33:23 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/28 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/28 19:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/10 00:01:04 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/11 23:27:34 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/03/11 23:27:30 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\NTREGOPT.lnk
[2011/03/11 23:27:30 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\ERUNT.lnk
[2011/03/11 22:55:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 22:55:36 | 266,915,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/11 16:30:00 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/11 16:30:00 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/11 16:25:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sl\Bureau\mbam-setup-1.50.1.1100.exe
[2011/03/11 16:21:40 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\scan.zip
[2011/03/11 16:19:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sl\Bureau\OTL.exe
[2011/03/11 10:19:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/03/11 10:18:14 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/03/11 10:18:12 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\Glary Utilities.lnk
[2011/03/11 01:31:22 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/11 01:25:30 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\HiJackThis.lnk
[2011/03/11 00:47:04 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\CodeStuff Starter.lnk
[2011/03/11 00:47:04 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\CodeStuff Starter.lnk
[2011/03/09 22:57:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\sl\Local Settings\Application Data\housecall.guid.cache
[2011/03/08 11:55:00 | 000,407,206 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/03/08 11:55:00 | 000,346,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/08 11:55:00 | 000,066,340 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/03/08 11:54:58 | 000,054,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 10:38:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 23:09:36 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/04 23:09:34 | 000,002,252 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\Google Chrome.lnk
[2011/03/04 22:51:10 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/04 22:51:10 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/03/04 22:36:04 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/03/04 21:28:52 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/04 21:28:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/04 21:28:04 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\ZoneAlarm Security.lnk
[2011/03/04 20:18:08 | 000,000,180 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/04 18:21:32 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/04 18:21:32 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\Spybot - Search & Destroy.lnk
[2011/03/01 00:44:56 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011/03/01 00:43:04 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk
[2011/03/01 00:43:04 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\xp-AntiSpy.lnk
[2011/02/28 23:16:46 | 000,000,034 | ---- | M] () -- C:\autoexec.bat
[2011/02/28 20:59:14 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/02/28 19:35:02 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2011/02/28 19:34:48 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/28 19:14:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.SYD
[2011/02/28 19:14:58 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/02/23 16:04:22 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 16:04:18 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 15:56:56 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 15:56:46 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 15:55:50 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 15:55:48 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 15:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 15:54:58 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 15:54:56 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/18 17:28:28 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/02/18 17:28:24 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/02/18 17:28:24 | 000,104,448 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/02/18 17:28:24 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/02/18 17:28:24 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/02/18 17:28:22 | 000,715,264 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/02/18 17:28:22 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/02/18 17:28:22 | 000,228,864 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/02/18 17:28:22 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/02/18 17:28:22 | 000,108,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/02/18 17:28:22 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/02/10 23:22:36 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\sl\Bureau\LGMobile update.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 23:27:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\sl\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/03/11 23:27:28 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\NTREGOPT.lnk
[2011/03/11 23:27:28 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\ERUNT.lnk
[2011/03/11 16:29:59 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/11 16:29:59 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/11 16:24:10 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\scan.zip
[2011/03/11 10:19:32 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/03/11 10:18:12 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/03/11 10:18:11 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\Glary Utilities.lnk
[2011/03/11 00:47:03 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\CodeStuff Starter.lnk
[2011/03/11 00:47:02 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\CodeStuff Starter.lnk
[2011/03/09 22:57:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sl\Local Settings\Application Data\housecall.guid.cache
[2011/03/09 21:17:16 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\HiJackThis.lnk
[2011/03/04 22:51:09 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/03/04 21:28:02 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\ZoneAlarm Security.lnk
[2011/03/04 21:26:58 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/04 20:18:05 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/04 18:21:30 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/04 18:21:30 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\Spybot - Search & Destroy.lnk
[2011/03/01 00:43:02 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\sl\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk
[2011/03/01 00:43:02 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\sl\Bureau\xp-AntiSpy.lnk
[2011/02/28 23:16:43 | 000,000,034 | ---- | C] () -- C:\autoexec.bat
[2011/02/28 19:35:01 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/12/30 16:23:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/12/30 16:23:00 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/07/07 14:05:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/06/09 12:02:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/05/06 15:53:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/07 08:37:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/05 18:22:54 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/15 22:25:11 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\sl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 08:52:35 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2009/03/15 08:52:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/03/15 07:44:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/14 18:42:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/03/14 18:35:11 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009/03/14 18:35:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/09/10 04:09:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Alaunch.ini
[2003/09/01 16:19:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/01 14:01:15 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Aspire 1350.ini
[2003/09/01 13:33:35 | 000,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys
[2003/09/01 13:33:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btw_ci.dll
[2003/09/01 13:33:34 | 000,051,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys
[2003/09/01 13:30:56 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/09/01 13:30:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2003/09/01 13:28:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/09/01 13:16:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003/09/01 13:16:34 | 000,000,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/09/01 13:06:05 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE
[2003/09/01 13:06:05 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/09/01 13:06:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2003/09/01 13:06:05 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI
[2003/09/01 13:03:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/01 12:58:09 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/01 12:56:39 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/01 12:51:56 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/01 12:51:06 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,407,206 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[1980/01/01 00:00:00 | 000,346,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 00:00:00 | 000,066,340 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[1980/01/01 00:00:00 | 000,054,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2003/09/01 13:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2009/03/15 10:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/12 15:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/07 16:57:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/03 16:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/12/30 16:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/02/28 19:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2003/09/01 13:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\InterTrust
[2009/03/15 10:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\Azureus
[2009/03/16 18:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\Template
[2009/03/20 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\OpenOffice.org
[2009/03/28 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\Canneverbe_Limited
[2009/03/28 14:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\DeepBurner
[2009/06/13 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\ACD Systems
[2009/08/24 18:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\Canon
[2010/04/02 23:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\DataCast
[2010/06/10 19:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\Icones
[2010/08/01 21:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/11 10:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sl\Application Data\GlarySoft
[2003/09/01 13:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InterTrust
[2011/03/11 10:19:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2009/03/19 18:01:22 | 023,892,017 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/19 18:01:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/04/24 12:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2009/03/19 18:01:22 | 023,892,017 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/19 18:01:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/03/15 10:39:12 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 03:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 03:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2008/04/14 03:34:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe
[2004/08/20 00:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/20 00:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/20 00:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
[2008/04/14 03:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/20 00:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/20 00:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/20 00:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/20 00:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent Hijackthis

Messagede franck1967 » 12 Mar 2011, 01:03

OTL Extras logfile created on: 11/03/2011 23:56:58 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sl\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

254,00 Mb Total Physical Memory | 96,00 Mb Available Physical Memory | 38,00% Memory free
1 010,00 Mb Paging File | 750,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,16 Gb Total Space | 3,62 Gb Free Space | 19,95% Space Free | Partition Type: FAT32
Drive D: | 9,76 Gb Total Space | 8,69 Gb Free Space | 89,03% Space Free | Partition Type: FAT32

Computer Name: ACER-86U03S59CR | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2669302297-2589800181-2619313026-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
"C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\WINDOWS\System32\ZoneLabs\vsmon.exe" = C:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4FEC0D0D-1279-4C46-B6F8-B73C5247A6A9}" = Foxit Reader
"{6472655F-9F8D-4CF1-B038-A45AC7787903}" = SAGEM F@st 1500
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FF8FA9E5-2605-4B1D-8A5C-C1A42924FC4A}" = Sagem WLAN Card Utilities/Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspire 1350" = Aspire 1350
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CodeStuff Starter" = CodeStuff Starter
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities 2.32.0.1126
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"OpenEtna win Flasher" = OpenEtna win Flasher
"PROPLUS" = Microsoft Office Professional Plus 2007
"S3" = KM400/KN400 Display Driver and Utilities
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.8a
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2669302297-2589800181-2619313026-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 17:46:05 | Computer Name = ACER-86U03S59CR | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 02/02/2011 11:31:45 | Computer Name = ACER-86U03S59CR | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 02/02/2011 11:31:48 | Computer Name = ACER-86U03S59CR | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 09/02/2011 14:49:01 | Computer Name = ACER-86U03S59CR | Source = Application Error | ID = 1000
Description = Application défaillante kp500-utils-fr.exe, version 0.4.2.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 09/02/2011 14:52:23 | Computer Name = ACER-86U03S59CR | Source = Application Error | ID = 1000
Description = Application défaillante kp500-utils-fr.exe, version 0.4.2.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 09/02/2011 17:48:32 | Computer Name = ACER-86U03S59CR | Source = Application Error | ID = 1000
Description = Application défaillante kp500-utils-fr.exe, version 0.4.2.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000003.

Error - 09/02/2011 17:55:37 | Computer Name = ACER-86U03S59CR | Source = Application Error | ID = 1000
Description = Application défaillante kp500-utils-fr.exe, version 0.4.2.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0xd6003660.

Error - 09/02/2011 17:58:49 | Computer Name = ACER-86U03S59CR | Source = Application Error | ID = 1000
Description = Application défaillante kp500-utils-fr.exe, version 0.4.2.0, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 10/02/2011 03:06:58 | Computer Name = ACER-86U03S59CR | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 28/02/2011 16:43:57 | Computer Name = ACER-86U03S59CR | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3986, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 11/03/2011 05:46:09 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 11/03/2011 05:59:53 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 11/03/2011 06:57:30 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
Dnscache à une transaction.

Error - 11/03/2011 07:02:13 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 11/03/2011 10:12:21 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 11/03/2011 17:22:34 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 11/03/2011 17:22:51 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
Dnscache à une transaction.

Error - 11/03/2011 17:38:11 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7022
Description = Le service TrueVector Internet Monitor est en attente de démarrage.

Error - 11/03/2011 17:38:11 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 11/03/2011 17:57:31 | Computer Name = ACER-86U03S59CR | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd


< End of report >
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent Hijackthis

Messagede franck1967 » 12 Mar 2011, 01:04

Merci pour tout et .... Bon courage
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent

Messagede nickW » 13 Mar 2011, 00:24

Bonsoir,

Primo, une manip:

Tu as installé le fichier hosts de Spybot-S&D (ou un autre fichier hosts).
As-tu pensé à désactiver le service Client DNS?

Désactivation du service Client DNS
Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\svchost.exe -k NetworkService
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Faire redémarrer le PC.

Explication:
http://assiste.com.free.fr/p/hosts/host ... hosts.html
http://www.mvps.org/winhelp2002/hosts.htm (en anglais)

Note: cette manip est sans danger, et réversible.

Est-ce moins lent ou plus rapide, au choix?


Secundo, des questions:

1/ As-tu utilisé la fonction "Supprimer" de MBAM avant d'effectuer l'analyse OTL?

2/ As-tu désinstallé Ad-Aware?

3/ Quelle est la version de avast! installée?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC tres lent

Messagede franck1967 » 14 Mar 2011, 19:12

Bonsoir,

Merci pour ta réponse.

J'ai bien modifié services.msc en fonction de ce que tu m'as donné comme instruction. Malheureusement, il semble aussi long au redémarrage.

Pour ce qui est du résultat de MBAM, non je n'ai pas supprimé ce qu'il avait trouvé car ce n'était pas dans les instructions...

Quant à ad-aware, il ne figure pas dans ajout/suppression de programme donc -théoriquement- il ne devrait plus apparaitre ? Donc naïvement, j'écrirais qu'il n'existe plus ! Ai-je tord ?

Enfin, j'ai la dernière version d'avast 6.0.1000

Merci encore et j'attends ton retour ...
franck1967
 
Messages: 13
Inscription: 09 Mar 2011, 22:11

Re: PC tres lent

Messagede nickW » 15 Mar 2011, 23:19

Bonsoir,

1/ Ad_Aware a été incomplètement désinstallé: un service essaie toujours (sans succès) de démarrer.
Ci-dessous, SystemLook va rechercher dans le Registre les références à ce service. Note: cela peut être un peu long.

2/ MBAM va supprimer ce qu'il a détecté.


Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: SystemLook (de jpshortstuff)
Faire un double clic sur SystemLook.exe pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:regfind
lbd.sys



Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités