PC ralenti suite à l'ouverture d'un programme pris sur emule

[Falkra]

Quand tu as lancé Gmer, sans lancer le scan, il y avait des infos dans la fenêtre ?

C'est un pré rapport, tu peux faire "save" et le poster ?

[romian21]

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-07-10 10:59:58

Windows 6.0.6001 Service Pack 1

 

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

 

---- EOF - GMER 1.0.14 ----

[Falkra]

Ok, ça c'est légitime, pas de souci.

 

Est-ce que tu peux faire le scan avec seulement System, Modules, Processes, Threads et Libraries ?

Ca c'est très rapide, poste le rapport de ce mini scan si ça marche.

[romian21]

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-07-10 11:06:02

Windows 6.0.6001 Service Pack 1

 

 

---- System - GMER 1.0.14 ----

 

SSDT 873C42E8 ZwAlertResumeThread

SSDT 873C4710 ZwAlertThread

SSDT 873C21F8 ZwAllocateVirtualMemory

SSDT 86B1B288 ZwConnectPort

SSDT 873C4098 ZwCreateMutant

SSDT 873C2388 ZwCreateThread

SSDT 873C4F38 ZwFreeVirtualMemory

SSDT 873C4168 ZwImpersonateAnonymousToken

SSDT 873C4228 ZwImpersonateThread

SSDT 873C4E58 ZwMapViewOfSection

SSDT 873BCF90 ZwOpenEvent

SSDT 873C22C8 ZwOpenProcessToken

SSDT 873C4BF8 ZwOpenThreadToken

SSDT 8735DEE0 ZwResumeThread

SSDT 873C4B38 ZwSetContextThread

SSDT 873C4CC8 ZwSetInformationProcess

SSDT 873C4A68 ZwSetInformationThread

SSDT 873BCED0 ZwSuspendProcess

SSDT 873C48E8 ZwSuspendThread

SSDT 873C2468 ZwTerminateProcess

SSDT 873C49A8 ZwTerminateThread

SSDT 873C4D98 ZwUnmapViewOfSection

SSDT 873C4008 ZwWriteVirtualMemory

 

---- EOF - GMER 1.0.14 ----

[Falkra]

Là ça devient intéressant.

 

Fais clic droit sur ces entrées et fais restore SSDT, sur chaque, un peu long, mais utile, ça peut débloquer des fichiers planqués.

Ensuite scanne pour Registry, Files et Services (idem, poste le rapport).

[romian21]

Je n'ai pas eu de rapport mais : "Gmer hasn't found any system modification" dans une fenêtre.

Modifié le 10 juillet 2008 par romian21

[Falkra]

Pour Registry + Files + Services ?

Cool.

 

Poste un nouveau rapport HijackThis stp. On va peut-être faire un script.

[romian21]

Oui pour Registry+Files+Services.

Voici le rapport Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:47, on 10/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\taskeng.exe

C:\Users\Florian\Desktop\gmer.exe

C:\Karcher\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 9491 bytes

[Falkra]

Tu peux fermer Gmer.

 

On va faire un petit test.

 

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.

NB : Tu dois être connecté avec des droits d'Administrateur.

1. ferme toutes les applications et fenêtres
   
2. double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
   Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
   
3. s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
   • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
     Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
     
   • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
     main.txt <- ouvert en premier plan et en plein écran
     extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
     

S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
  
• quand le traitement est terminé, un fichier texte s'affiche :
  main.txt <- ouvert en premier plan et en plein écran
  

[*] copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post

[*] Copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)

[*] Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner

[*] n'oublie pas de réactiver les protections si elles ont été stoppées.

 

Ce que fait DSS :

• crée un point de restauration dans Windows XP et Vista
  
• nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  
• vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
  

[romian21]

Voici Main.txt:

Deckard's System Scanner v20071014.68

Run by Florian on 2008-07-10 11:43:13

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

33: 2008-07-09 22:30:47 UTC - RP586 - ComboFix created restore point

32: 2008-07-09 14:11:00 UTC - RP585 - Opération de restauration

31: 2008-07-09 13:59:41 UTC - RP584 - Opération de restauration

30: 2008-07-09 13:45:45 UTC - RP583 - Windows Update

29: 2008-07-09 12:21:21 UTC - RP582 - Point de contrôle planifié

 

 

-- First Restore Point --

1: 2008-06-25 07:38:29 UTC - RP552 - Point de contrôle planifié

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Florian.exe) ---------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:45:30, on 10/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Users\Florian\Desktop\dss.exe

C:\Karcher\Florian.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 9346 bytes

 

-- File Associations -----------------------------------------------------------

 

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

All drivers whitelisted.

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-07-10 11:10:00 258 --a------ C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

2008-07-04 20:43:31 528 --a------ C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Florian.job

 

 

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

 

2008-07-10 00:30:27 68096 --a------ C:\Windows\zip.exe

2008-07-10 00:30:27 49152 --a------ C:\Windows\VFind.exe

2008-07-10 00:30:27 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-07-10 00:30:27 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-07-10 00:30:27 98816 --a------ C:\Windows\sed.exe

2008-07-10 00:30:27 80412 --a------ C:\Windows\grep.exe

2008-07-10 00:30:27 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-07-10 00:30:07 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-07-10 00:30:03 0 d-------- C:\327882R2FWJFW

2008-07-09 22:24:24 0 d-------- C:\Users\All Users\Malwarebytes

2008-07-09 22:24:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-09 21:15:33 0 d-------- C:\Karcher

2008-07-09 17:51:09 0 d-------- C:\Program Files\a-squared Anti-Malware

2008-07-09 17:23:21 0 d-------- C:\Users\All Users\Grisoft

2008-07-09 17:23:21 0 d-------- C:\Users\All Users\avg7

2008-07-09 14:43:56 37888 --a------ C:\Windows\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>

2008-07-09 14:43:56 0 --a------ C:\Windows\system32\Installed.dat

2008-07-09 14:43:56 0 d-a------ C:\Users\All Users\TEMP

2008-07-07 23:49:25 0 d-------- C:\Users\All Users\Sony

2008-07-07 23:44:24 0 d-------- C:\Program Files\Sony Setup

2008-07-04 19:20:53 0 d-------- C:\Users\All Users\Sony Corporation

2008-07-03 22:13:11 0 d-------- C:\Windows\system32\Iosubsys

2008-07-03 22:12:51 0 d-------- C:\Program Files\Sony

2008-07-03 22:11:07 0 d-------- C:\Program Files\Common Files\Sony Shared

2008-06-12 09:27:01 0 d-------- C:\Program Files\Boilsoft ASF Converter

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-07-10 11:39:36 669340 --a------ C:\Windows\system32\perfh00C.dat

2008-07-10 11:39:36 123350 --a------ C:\Windows\system32\perfc00C.dat

2008-07-09 22:24:28 0 d-------- C:\Users\Florian\AppData\Roaming\Malwarebytes

2008-07-09 17:32:19 0 d-------- C:\Users\Florian\AppData\Roaming\AVG7

2008-07-09 16:16:53 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-07-09 16:16:53 0 d-------- C:\Program Files\Common Files\SureThing Shared

2008-07-09 16:16:49 0 d-------- C:\Program Files\Windows Mail

2008-07-09 16:16:49 0 d-------- C:\Program Files\Microsoft Works

2008-07-09 16:16:49 0 d-------- C:\Program Files\Google

2008-07-08 21:24:58 0 d-------- C:\Users\Florian\AppData\Roaming\Sony

2008-07-08 20:20:03 0 d-------- C:\Program Files\Common Files\AVSMedia

2008-07-08 07:56:55 0 d-------- C:\Users\Florian\AppData\Roaming\OpenOffice.org2

2008-07-04 06:46:14 0 d-------- C:\Program Files\Windows Live Toolbar

2008-07-03 22:13:10 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-07-03 22:11:07 0 d-------- C:\Program Files\Common Files

2008-06-23 21:27:22 424 --a------ C:\Users\Florian\AppData\Roaming\wklnhst.dat

2008-05-31 14:38:43 174 --ahs---- C:\Program Files\desktop.ini

2008-05-31 14:29:14 0 d-------- C:\Program Files\Windows Calendar

2008-05-31 14:29:13 0 d-------- C:\Program Files\Windows Sidebar

2008-05-31 14:29:13 0 d-------- C:\Program Files\Movie Maker

2008-05-31 14:29:11 0 d-------- C:\Program Files\Windows Collaboration

2008-05-31 14:29:10 0 d-------- C:\Program Files\Windows Journal

2008-05-31 14:29:09 0 d-------- C:\Program Files\Windows Photo Gallery

2008-05-31 14:29:04 0 d-------- C:\Program Files\Windows Defender

2008-05-31 09:35:16 0 d-------- C:\Program Files\Norton Internet Security

2008-05-31 09:35:12 0 d-------- C:\Program Files\Symantec

2008-05-19 16:58:39 0 d-------- C:\Program Files\Neuf

2008-05-19 16:09:40 0 d-------- C:\Program Files\eMule

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 15:42]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [20/11/2006 13:34]

"KBD"="C:\HP\KBD\KbdStub.EXE" [08/12/2006 17:16]

"RtHDVCpl"="RtHDVCpl.exe" [15/01/2008 11:26 C:\WINDOWS\RtHDVCpl.exe]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 00:11]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 22:59]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [26/10/2006 18:18]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 16:02]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 16:06]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/09/2007 10:52]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/08/2007 18:59]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/08/2007 18:59]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/08/2007 18:59]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09:33]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 09:33]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/02/2005 18:15]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [29/08/2007 16:42]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 09:33]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"Launcher"=%WINDIR%\SMINST\launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableUIADesktopToggle"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca9b676f-bcf8-11dc-8f0c-00112ffcab8a}]

AutoRun\command- K:\LaunchU3.exe

 

*Newly Created Service* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-07-10 11:47:31 ------------

 

Voici extra.txt:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Édition Familiale Premium (build 6001) SP 1.0

Architecture: X86; Language: French

 

CPU 0: AMD Athlon 64 X2 Dual Core Processor 4600+

Percentage of Memory in Use: 42%

Physical Memory (total/avail): 2045.82 MiB / 1173.76 MiB

Pagefile Memory (total/avail): 4330.17 MiB / 3264.34 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1898.51 MiB

 

C: is Fixed (NTFS) - 292.93 GiB total, 171.2 GiB free.

D: is Fixed (NTFS) - 5.16 GiB total, 3.98 GiB free.

E: is CDROM (No Media)

F: is Removable (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

 

\\.\PHYSICALDRIVE0 - ST3320820AS ATA Device - 298.09 GiB - 2 partitions

\PARTITION0 (bootable) - Système de fichiers installable - 292.93 GiB - C:

\PARTITION1 - Système de fichiers installable - 5.16 GiB - D:

 

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

 

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

 

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

 

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

 

\\.\PHYSICALDRIVE5 - HP Photosmart C4190 USB Device

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled

AV: Norton Internet Security v2007 (Symantec Corporation)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

AS: Norton Internet Security v2007 (Symantec Corporation)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Florian\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC-DE-FLORIAN

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Florian

LOCALAPPDATA=C:\Users\Florian\AppData\Local

LOGONSERVER=\\PC-DE-FLORIAN

NUMBER_OF_PROCESSORS=2

OnlineServices=Services en ligne

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PCBRAND=Pavilion

PLATFORM=HPD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=4b02

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Florian\AppData\Local\Temp

TMP=C:\Users\Florian\AppData\Local\Temp

USERDOMAIN=PC-de-Florian

USERNAME=Florian

USERPROFILE=C:\Users\Florian

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

Florian

Joséphine

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) -->

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

Compact Wireless-G USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x40c

DNA --> "C:\Users\Florian\Program Files\DNA\btdna.exe" /UNINSTALL

eMule --> "C:\Program Files\eMule\Uninstall.exe"

FLV Player --> C:\Program Files\FLV Player\uninstall.exe

Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"

Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HijackThis 2.0.2 --> "C:\Karcher\HijackThis.exe" /uninstall

HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly

HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9

HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly

HP On-Screen Caps/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe

HP Photosmart Essential 2.01 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}

MainConcept for Software Encoder --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E7A02A01-C75A-4490-A168-5CA709A3D862}

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Media Manager for WALKMAN 1.1 --> MsiExec.exe /X{125CF05E-8533-478F-AD92-314A000D9164}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}

Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe

Neuf - Media Center --> C:\Program Files\Neuf\Media Center\uninstall.exe

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}

Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}

Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI

OcxSetup --> MsiExec.exe /I{C3DC29BC-A8CF-4578-9DFC-37F049C44771}

OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

OpenOffice.org 2.3 --> MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}

Outils de diagnostic du matériel --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe

Programme de gestion Camera de Logitech® --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}

QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver --> RtlUpd.exe -r -m

Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Shop for HP Supplies --> C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Solution de clavier multimédia amélioré --> C:\HP\KBD\Install.exe /u

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type79981 / Error

Event Submitted/Written: 07/10/2008 11:10:58 AM

Event ID/Source: 1010 / Perflib

Event Description:

EmdCacheC:\Windows\system32\emdmgmt.dll4

 

Event Record #/Type79971 / Success

Event Submitted/Written: 07/10/2008 10:48:35 AM

Event ID/Source: 5617 / WinMgmt

Event Description:

 

 

Event Record #/Type79968 / Success

Event Submitted/Written: 07/10/2008 10:48:30 AM

Event ID/Source: 5615 / WinMgmt

Event Description:

 

 

Event Record #/Type79961 / Success

Event Submitted/Written: 07/10/2008 10:48:21 AM

Event ID/Source: 902 / Software Licensing Service

Event Description:

Le service de gestion des licences du logiciel a démarré.

 

Event Record #/Type79945 / Error

Event Submitted/Written: 07/10/2008 10:45:18 AM

Event ID/Source: 1000 / Application Error

Event Description:

Application défaillante gmer.exe, version 1.0.14.14536, horodatage 0x4807a13f, module défaillant gmer.dll, version 1.0.14.14536, horodatage 0x4807a134, code d’exception 0xc0000005, décalage d’erreur 0x0000c6a4,

ID du processus 0x14cc, heure de début de l’application 0xgmer.exe0.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type196633 / Error

Event Submitted/Written: 07/10/2008 10:49:34 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Parallel port driver%%1058

 

Event Record #/Type196584 / Error

Event Submitted/Written: 07/10/2008 10:48:13 AM

Event ID/Source: 15016 / HTTP

Event Description:

\Device\Http\ReqQueueKerberos

 

Event Record #/Type196570 / Error

Event Submitted/Written: 07/10/2008 10:48:07 AM

Event ID/Source: 6008 / EventLog

Event Description:

L'arrêt système précédant à 10:46:41 le 10/07/2008 n'était pas prévu.

 

Event Record #/Type196508 / Error

Event Submitted/Written: 07/10/2008 10:26:33 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Parallel port driver%%1058

 

Event Record #/Type196465 / Error

Event Submitted/Written: 07/10/2008 10:26:08 AM

Event ID/Source: 15016 / HTTP

Event Description:

\Device\Http\ReqQueueKerberos

 

 

 

-- End of Deckard's System Scanner: finished at 2008-07-10 11:47:31 ------------

 

Voici moved.txt:

Directories/Files moved to C:\Deckard\System Scanner\backup

 

2008-07-10 10:50:09 974 --a------ C:\Users\Florian\AppData\Local\Temp\callingapps.xml

2008-07-10 00:53:18 0 d-------- C:\Users\Florian\AppData\Local\Temp\Google Toolbar

2008-07-10 10:54:02 170 --a------ C:\Users\Florian\AppData\Local\Temp\jusched.log

2008-07-10 11:40:09 0 d-------- C:\Users\Florian\AppData\Local\Temp\Low

2008-07-10 10:50:16 1392 --a------ C:\Users\Florian\AppData\Local\Temp\LVCOMSX.LOG

2008-07-10 10:50:09 195862 --a------ C:\Users\Florian\AppData\Local\Temp\qcemptysound.wav

2008-07-10 10:49:09 0 d-------- C:\Users\Florian\AppData\Local\Temp\WPDNSE

2008-07-10 10:12:51 0 d-------- C:\Users\Florian\AppData\Local\Temp\{34f7dca3-1506-4ae0-81e0-b5d1c1bf2887}

2008-07-10 00:56:54 16384 --a------ C:\Users\Florian\AppData\Local\Temp\~DF60CB.tmp

2008-07-10 00:56:54 512 --a-----t C:\Users\Florian\AppData\Local\Temp\~DF60DE.tmp

2008-07-09 23:23:36 114688 --a------ C:\Users\Florian\AppData\Local\Temp\~DFC9C2.tmp

2008-07-10 10:50:20 0 --a------ C:\Windows\temp\ehprivjob.log

2008-07-10 10:28:41 0 --a------ C:\Windows\temp\ehprivjob1.log

2008-07-10 11:38:13 1754 --a------ C:\Windows\temp\LVCOMSX.LOG

2008-07-10 02:07:20 1272 --a------ C:\Windows\temp\MpCmdRun.log

2008-07-10 10:32:09 0 d-------- C:\Windows\temp\slu4b43.tmp

2008-07-10 11:13:26 58760 --a------ C:\Windows\temp\symlcsv1.exe

2008-03-24 19:33:02 1527056 --a------ C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe <Verified; Adobe Systems Incorporated; Adobe® Flash® Player ActiveX>

 

-*- End of Logfile -*-