Se connecter / S'enregistrer
Votre question

Probleme de virus et de protection en temps réelle

Tags :
  • Protéger son ordinateur
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Août 2009 05:07:43

Bonjour,

Depuis quelque temps, mon ordinateur est très lent. Je possédais avg free 8.5, alors j'ai acheter une licence pour kaspersky. Je l'ai installer et surprise la protection en temps réelle ne s'active pas.

Donc j'imagine qu'il y a une virus derrière tous cela.

merci et j'espère que vous pourrez réglé mon problème.

Scan par :Random's System Information Tool (RSIT)

log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Famille at 2009-08-24 23:04:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 121 GB (79%) free of 153 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:44, on 2009-08-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Famille\Desktop\RSIT.exe
C:\Program Files\trend micro\Famille.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sondiscos.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Safe.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Famille] C:\Documents and Settings\Famille\Famille.exe /i
O4 - HKCU\..\Run: [] C:\DOCUME~1\Famille\LOCALS~1\Temp\yz3ce5.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: ziwvhqcg - ziwvhqcg.dll (file missing)
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Google Update (gupdate1c9e370449a9616) (gupdate1c9e370449a9616) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebClient WebClientDcomLaunch (webclientdcomlaunch) - Unknown owner - C:\WINDOWS\system32\asctrlsc.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5594 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1243212291.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-19 148888]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Famille"=C:\Documents and Settings\Famille\Famille.exe /i []
""=C:\DOCUME~1\Famille\LOCALS~1\Temp\yz3ce5.exe []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2008-08-16 60416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ziwvhqcg]
ziwvhqcg.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Remote Desktop Control 2\apc_host.exe"="C:\Program Files\Remote Desktop Control 2\apc_host.exe:*:Enabled:Remote Desktop Control - Host Module"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe:*:Enabled:Zoo Tycoon 2 Endangered Species Trial Version Executable"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18720083-459d-11de-98ae-000ea626560d}]
shell\autorun\command - cache\tmp983.exe
shell\open\command - cache\tmp983.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18720087-459d-11de-98ae-000ea626560d}]
shell\autorun\command - J:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe
shell\open\command - J:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88d7cbd2-44dc-11de-98ad-c2b41e7e8c23}]
shell\autorun\command - M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe


======List of files/folders created in the last 1 months======

2009-08-24 23:04:19 ----D---- C:\Program Files\trend micro
2009-08-24 23:04:10 ----D---- C:\rsit
2009-08-24 22:00:03 ----D---- C:\Program Files\Kaspersky Lab
2009-08-24 22:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-24 21:48:31 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-20 22:41:31 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-19 21:29:15 ----D---- C:\Program Files\ma-config.com
2009-08-19 21:29:15 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-08-17 13:02:36 ----D---- C:\Program Files\Microsoft
2009-08-17 13:02:22 ----D---- C:\Program Files\Windows Live SkyDrive
2009-08-17 13:02:03 ----D---- C:\Program Files\Windows Live
2009-08-17 12:58:45 ----D---- C:\Program Files\Common Files\Windows Live
2009-08-16 19:58:46 ----D---- C:\usbdos
2009-08-13 15:46:45 ----D---- C:\Documents and Settings\Famille\Application Data\Help
2009-08-11 11:42:04 ----A---- C:\WINDOWS\system32\antiwpa.dll
2009-08-10 22:37:27 ----A---- C:\WINDOWS\orolemun.dll
2009-08-10 22:21:13 ----D---- C:\Documents and Settings\Famille\Application Data\Malwarebytes
2009-08-10 22:21:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-10 22:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-10 22:19:40 ----A---- C:\WINDOWS\okeqovabupicer.dll
2009-08-10 18:37:03 ----A---- C:\WINDOWS\ovuqesuhelehizu.dll
2009-08-10 15:10:32 ----A---- C:\WINDOWS\obonunevifohahur.dll
2009-08-10 13:04:32 ----A---- C:\WINDOWS\ifelohawu.dll
2009-08-10 10:58:32 ----A---- C:\WINDOWS\evowocuc.dll
2009-08-10 08:52:32 ----A---- C:\WINDOWS\ocuzuwip.dll
2009-08-09 20:27:31 ----A---- C:\WINDOWS\ozaratiqefa.dll
2009-08-09 18:21:30 ----A---- C:\WINDOWS\aqonetix.dll
2009-08-09 16:15:30 ----A---- C:\WINDOWS\ebuhotep.dll
2009-08-09 14:09:30 ----A---- C:\WINDOWS\ijajuger.dll
2009-08-09 12:03:30 ----A---- C:\WINDOWS\oyedubayav.dll
2009-08-09 09:57:30 ----A---- C:\WINDOWS\ibobasebiw.dll
2009-08-09 07:51:30 ----A---- C:\WINDOWS\enuliyojoqoziyi.dll
2009-08-09 05:45:30 ----A---- C:\WINDOWS\ezebetovapuz.dll
2009-08-09 03:39:30 ----A---- C:\WINDOWS\utiduyeviwepa.dll
2009-08-09 01:33:30 ----A---- C:\WINDOWS\epurutewot.dll
2009-08-08 23:27:30 ----A---- C:\WINDOWS\uvojubet.dll
2009-08-08 21:21:30 ----A---- C:\WINDOWS\ecupocitalude.dll
2009-08-08 19:15:31 ----A---- C:\WINDOWS\ikirumecahal.dll
2009-08-08 17:09:30 ----A---- C:\WINDOWS\iruwugonajero.dll
2009-08-08 15:03:30 ----A---- C:\WINDOWS\uyixuyiru.dll
2009-08-08 12:57:30 ----A---- C:\WINDOWS\ejalamolim.dll
2009-08-08 10:51:30 ----A---- C:\WINDOWS\obunoses.dll
2009-08-08 08:45:30 ----A---- C:\WINDOWS\oleditem.dll
2009-08-08 06:39:30 ----A---- C:\WINDOWS\emopebehamicunoj.dll
2009-08-08 04:33:30 ----A---- C:\WINDOWS\ipalazahi.dll
2009-08-08 02:27:30 ----A---- C:\WINDOWS\edububukukaseg.dll
2009-08-08 00:21:30 ----A---- C:\WINDOWS\ovanasul.dll
2009-08-07 22:15:30 ----A---- C:\WINDOWS\ozehiyim.dll
2009-08-07 20:09:35 ----A---- C:\WINDOWS\udaxitig.dll
2009-08-07 18:03:30 ----A---- C:\WINDOWS\ojesigih.dll
2009-08-07 15:57:30 ----A---- C:\WINDOWS\ubejamehigatag.dll
2009-08-06 19:46:58 ----A---- C:\WINDOWS\idowenuqavefogu.dll
2009-08-06 17:40:58 ----A---- C:\WINDOWS\opacehenu.dll
2009-08-06 06:56:18 ----A---- C:\WINDOWS\asunavecazucule.dll
2009-08-05 21:51:54 ----A---- C:\WINDOWS\abefukin.dll
2009-08-05 20:58:05 ----A---- C:\WINDOWS\oxunecatevihepay.dll
2009-08-04 20:02:51 ----A---- C:\WINDOWS\ikiqaxac.dll
2009-08-04 17:56:50 ----A---- C:\WINDOWS\ewoqazejowedi.dll
2009-08-03 20:07:23 ----A---- C:\WINDOWS\odecakenakohod.dll
2009-08-03 18:01:20 ----A---- C:\WINDOWS\ofacufic.dll
2009-07-29 21:25:01 ----A---- C:\WINDOWS\esaxeqetalajoqi.dll
2009-07-29 19:19:03 ----A---- C:\WINDOWS\okeweloh.dll
2009-07-29 17:13:03 ----A---- C:\WINDOWS\elufujahozazohec.dll

======List of files/folders modified in the last 1 months======

2009-08-24 23:04:19 ----RD---- C:\Program Files
2009-08-24 23:04:11 ----D---- C:\WINDOWS\Prefetch
2009-08-24 22:15:24 ----SHD---- C:\WINDOWS\Installer
2009-08-24 22:14:59 ----D---- C:\Program Files\Mozilla Firefox
2009-08-24 22:09:36 ----A---- C:\WINDOWS\win.ini
2009-08-24 22:06:20 ----D---- C:\WINDOWS\Temp
2009-08-24 22:03:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-24 22:00:39 ----D---- C:\WINDOWS\system32\drivers
2009-08-24 22:00:31 ----HD---- C:\WINDOWS\inf
2009-08-24 22:00:31 ----D---- C:\WINDOWS\LastGood
2009-08-24 22:00:22 ----D---- C:\WINDOWS\system32
2009-08-24 21:59:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-24 21:54:44 ----D---- C:\WINDOWS
2009-08-24 21:45:01 ----D---- C:\Program Files\Google
2009-08-24 19:15:50 ----D---- C:\Documents and Settings\Famille\Application Data\Microsoft Games
2009-08-24 19:15:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2009-08-24 19:13:42 ----D---- C:\Program Files\Microsoft Games
2009-08-24 19:06:59 ----D---- C:\Program Files\Remote Desktop Control 2
2009-08-24 18:56:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-24 18:55:45 ----SD---- C:\WINDOWS\Tasks
2009-08-22 10:33:33 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2009-08-20 21:29:57 ----A---- C:\WINDOWS\NetwkCfg.txt
2009-08-20 21:27:16 ----A---- C:\wizard.txt
2009-08-17 13:03:33 ----SD---- C:\Documents and Settings\Famille\Application Data\Microsoft
2009-08-17 13:02:46 ----D---- C:\WINDOWS\WinSxS
2009-08-17 13:02:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-17 13:02:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-17 13:02:08 ----RSD---- C:\WINDOWS\Fonts
2009-08-17 12:58:45 ----D---- C:\Program Files\Common Files
2009-08-12 18:30:35 ----A---- C:\WINDOWS\setuplog.txt
2009-08-12 18:25:54 ----D---- C:\WINDOWS\Registration
2009-08-10 23:00:41 ----RSHD---- C:\ReCycLEr
2009-08-10 22:59:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-24 213008]
R1 tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 klfltdev;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2008-04-13 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 3a05554a;3a05554a; C:\WINDOWS\System32\drivers\3a05554a.sys []
S1 8d3e3569;8d3e3569; C:\WINDOWS\System32\drivers\8d3e3569.sys []
S1 ed65b08d;ed65b08d; C:\WINDOWS\System32\drivers\ed65b08d.sys [2009-06-05 99020]
S3 az26rxxt;az26rxxt; C:\WINDOWS\system32\drivers\az26rxxt.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2009-06-04 14336]
R2 avp;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-19 152984]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 gupdate1c9e370449a9616;Service Google Update (gupdate1c9e370449a9616); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
S2 webclientdcomlaunch;WebClient WebClientDcomLaunch; C:\WINDOWS\system32\asctrlsc.exe srv []
S3 idrivert;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

-----------------EOF-----------------




info:

info.txt logfile of random's system information tool 1.06 2009-08-24 23:05:45

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Zoo Tycoon2 - Marine Mania Demo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{FDBE4583-26AB-4DBE-8263-07836871002D}

======Security center information======

AV: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: FAMILYROOM
Event Code: 7000
Message: The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 5314
Source Name: Service Control Manager
Time Written: 20090807154703.000000-240
Event Type: error
User:

Computer Name: FAMILYROOM
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 5313
Source Name: DCOM
Time Written: 20090807154703.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYROOM
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 5312
Source Name: DCOM
Time Written: 20090807154703.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILYROOM
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 5308
Source Name: W32Time
Time Written: 20090807154624.000000-240
Event Type: error
User:

Computer Name: FAMILYROOM
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 5307
Source Name: W32Time
Time Written: 20090807154624.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: FAMILYROOM
Event Code: 1000
Message: Faulting application BNE.tmp, version 0.0.0.0, faulting module BNE.tmp, version 0.0.0.0, fault address 0x00007000.

Record Number: 407
Source Name: Application Error
Time Written: 20090610204059.000000-240
Event Type: error
User:

Computer Name: FAMILYROOM
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 9 days.


Record Number: 400
Source Name: Windows Product Activation
Time Written: 20090610203958.000000-240
Event Type: warning
User:

Computer Name: FAMILYROOM
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 10 days.


Record Number: 379
Source Name: Windows Product Activation
Time Written: 20090609181736.000000-240
Event Type: warning
User:

Computer Name: FAMILYROOM
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Record Number: 369
Source Name: Application Error
Time Written: 20090608170323.000000-240
Event Type: error
User:

Computer Name: FAMILYROOM
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 11 days.


Record Number: 366
Source Name: Windows Product Activation
Time Written: 20090608170242.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


chow

Autres pages sur : probleme virus protection temps reelle

a c 267 8 Sécurité
25 Août 2009 05:52:09

Bonjour,

C'est la fête dans ton PC :D 

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS