Cheval de Troie encore et toujours
Forum Sécurité - Virus : Cheval de Troie encore et toujours
Salut Destrio et merci de ta réponse. 
Le scan s'est fait instantanément
Logfile of random's system information tool 1.05 (written by random/random)
Run by Note Bleue at 2009-02-20 10:56:50
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 10 GB (66%) free of 15 GB
Total RAM: 479 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:10, on 20/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Note Bleue\Bureau\RSIT.exe
C:\Program Files\trend micro\Note Bleue.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKCU\..\Run: [Intel Physical Address Aventis 1.3] C:\WINDOWS\wciactrl.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Intel Physical Address Aventis 1.3] C:\WINDOWS\wciactrl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Intel Physical Address Aventis 1.3] C:\WINDOWS\wciactrl.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Telephony (WindowsTelephony) - Unknown owner - C:\WINDOWS\system\svhost.exe (file missing)
--
End of file - 4961 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-17 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-17 806912]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"Microsoft(R) System Manager"=C:\WINDOWS\system32\sysmgr.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel Physical Address Aventis 1.3"=C:\WINDOWS\wciactrl.exe [2009-02-14 671744]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WindowsTelephony]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WindowsTelephony]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoStrCmpLogical"=0
"NoInstrumentation"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system\svhost.exe"="C:\WINDOWS\system\svhost.exe:*:WindowsTelephony"
"C:\WINDOWS\System32\43.scr"="C:\WINDOWS\System32\43.scr:*:WindowsTelephony"
"C:\WINDOWS\System32\44.scr"="C:\WINDOWS\System32\44.scr:*:WindowsTelephony"
"C:\WINDOWS\System32\10.scr"="C:\WINDOWS\System32\10.scr:*:WindowsTelephony"
"C:\WINDOWS\System32\15.scr"="C:\WINDOWS\System32\15.scr:*:WindowsTelephony"
"C:\WINDOWS\System32\76.scr"="C:\WINDOWS\System32\76.scr:*:WindowsTelephony"
"C:\WINDOWS\System32\68.scr"="C:\WINDOWS\System32\68.scr:*:WindowsTelephony"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69497eb8-ceb3-11dd-bea9-000c765dcb08}]
shell\AutoRun\command - D:\imo.exe
shell\open\command - D:\imo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96638a04-e3d7-11dd-bf0b-000c765dcb08}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a33f478-cc64-11dd-be9b-000c765dcb08}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
======File associations======
.js - edit -
.js - open -
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2009-02-20 10:56:51 ----D---- C:\Program Files\trend micro
2009-02-20 10:56:50 ----D---- C:\rsit
2009-02-20 10:48:17 ----RSH---- C:\WINDOWS\system32\txsocm32.dll
2009-02-19 21:15:43 ----RSH---- C:\WINDOWS\system32\frnscli32.dll
2009-02-19 17:21:51 ----A---- C:\Documents and Settings\Note Bleue\Application Data\install.txt
2009-02-19 16:47:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-14 20:07:42 ----RSH---- C:\WINDOWS\wciactrl.exe
2009-02-09 11:09:11 ----A---- C:\WINDOWS\system32\msvcrt2.dll
2009-02-07 20:12:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-30 13:55:06 ----D---- C:\Documents and Settings\Note Bleue\Application Data\U3
2009-01-22 17:59:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-22 17:59:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-22 17:59:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-22 17:59:04 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2009-02-20 10:56:51 ----RD---- C:\Program Files
2009-02-20 10:51:09 ----D---- C:\Program Files\Mozilla Firefox
2009-02-20 10:48:22 ----D---- C:\WINDOWS\Temp
2009-02-20 10:48:20 ----D---- C:\WINDOWS
2009-02-20 10:48:17 ----D---- C:\WINDOWS\system32
2009-02-19 23:00:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-19 22:14:25 ----SHD---- C:\WINDOWS\Installer
2009-02-19 22:13:20 ----D---- C:\WINDOWS\system32\drivers
2009-02-19 22:13:20 ----D---- C:\WINDOWS\Prefetch
2009-02-19 18:53:45 ----HD---- C:\$AVG8.VAULT$
2009-02-19 17:24:57 ----HD---- C:\WINDOWS\inf
2009-02-19 17:24:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-19 16:49:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-19 10:38:02 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-02-19 10:31:55 ----D---- C:\WINDOWS\system
2009-02-16 21:49:41 ----A---- C:\WINDOWS\winamp.ini
2009-02-15 11:27:39 ----D---- C:\Documents and Settings\Note Bleue\Application Data\OpenOffice.org2
2009-02-07 20:12:19 ----D---- C:\Documents and Settings\Note Bleue\Application Data\dvdcss
2009-01-31 16:07:11 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-22 17:58:48 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-05-09 41600]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-31 107272]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-09 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-10-24 38784]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-10-24 311936]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys []
S3 sysdrv32;Play Port I/O Driver; \??\C:\WINDOWS\system32\drivers\sysdrv32.sys []
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-19 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-22 152984]
S2 WindowsTelephony;Windows Telephony; C:\WINDOWS\system\svhost.exe []
S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-02-20 10:57:11
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ableton Live v6.0.7-->"C:\Program Files\Ableton\Live 6.0.7\unins000.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
FL Studio 5-->C:\Program Files\Image-Line\FLStudio5\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuaudio.exe Uninstall C:\WINDOWS\system32\nvaudio.nvu,NVIDIA Audio Driver
OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_7859.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sonic Foundry Sound Forge 6.0e-->MsiExec.exe /I{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}
Steinberg Cubase SX v2.01-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Ultrafunk Sonitus:fx R3 plug-in uninstaller-->C:\Program Files\Sonitus-fx-R3\uninstall.exe
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Waves Diamond Bundle v5.0-->C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wuschel's ASIO4ALL-->C:\Program Files\Wuschel's ASIO4ALL\uninstall.exe
Hosts File Missing
======Security center information======
AV: AVG Anti-Virus Free
System event log
Computer Name: XPSP2-A2387A340
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 8345
Source Name: Service Control Manager
Time Written: 20090130133503.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 8344
Source Name: Service Control Manager
Time Written: 20090130133503.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 8343
Source Name: Service Control Manager
Time Written: 20090130133503.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: XPSP2-A2387A340
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 8342
Source Name: Service Control Manager
Time Written: 20090130133503.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{F0499A10-BC81-4E64-B83D-44C699C1B766} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 8341
Source Name: Tcpip
Time Written: 20090130133352.000000+060
Event Type: Informations
User:
Application event log
Computer Name: XPSP2-A2387A340
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20081117203100.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20081117203056.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20081117203011.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20081117202948.000000+060
Event Type: Informations
User:
Computer Name: XPSP2-A2387A340
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20081117202933.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
-----------------EOF-----------------
Par sKe69 il y a 1 jour :
