Se connecter / S'enregistrer
Votre question

[résolu] Démarrage lent - son vidéo saccadé

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Juillet 2009 16:09:16

Bonjour,


Mon ordinateur à les symptomes suivant depuis hier (aucune action anormale de ma part) démarrage lent, temps d'accès au disque dur long, grattage du disque dur + utilisation du processeur à chaque manip. Son et vidéo saccadés toutes les 3-4 secondes. Je ne suis pas sur que ce soit un quelconque virus, peut être simplement mon disque dur.

voiçi les tâches effectuées jusqu'a présent:

- Gestionnaire de périphérique -> Côntroleurs ATA/ATAPI IDE -> Désinstalation du canel IDE principal -> reboot
- CCleaner effectué
- scan spybot à jour / RAZ
- scan Antivir à jour / à tourné pendant 6h... j'ai arreté à 97% RAZ

Voici le log RSIT et Hijack

merci par avance



info.txt logfile of random's system information tool 1.06 2009-07-25 15:57:59

======Uninstall list======

-->F:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
AGEIA PhysX v7.07.24-->MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
Applian FLV Player-->"F:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:F:\Program Files\FLV Player\Uninstall\uninstall.xml"
Archiveur WinRAR-->F:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->F:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->F:\Program Files\Azureus\uninstall.exe
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DriverAgent Plugin for Netscape by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_np.inf,TVICHW32Remove
Fallout 3-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly
FindyKill-->F:\Program Files\FindyKill\Uninstal.exe
Gimp 2.6.1-->"F:\Program Files\Gimp-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"G:\Démarrage ordi\Tests\HijackThis.exe" /uninstall
ioCentre-->F:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\Setup.exe -runfromtemp -l0x040c -removeonly
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Magic Online III-->F:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"F:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Windows XP (KB923789)-->F:\WINDOWS\system32\MacroMed\Flash\genuinst.exe F:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mozilla Firefox (3.0.12)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->F:\WINDOWS\IsUninst.exe -f"F:\Program Files\MSI\Live Update 3\Uninst.isu"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->F:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance-->"F:\Program Files\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x040c -removeonly
NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA System Update-->"F:\Program Files\InstallShield Installation Information\{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe" -runfromtemp -l0x040c -removeonly
NVIDIA System Update-->MsiExec.exe /I{6F69C969-2942-4E7B-B594-75B37664B8BA}
Panda ActiveScan 2.0-->F:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Inspector File Recovery-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PTFB Pro 3.6.0.1-->"F:\Program Files\Technology Lighthouse\PTFB Pro\unins000.exe"
Real Alternative 1.9.0-->"F:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RivaTuner v2.09-->"F:\Program Files\RivaTuner v2.09\uninstall.exe"
Satsuki Decoder Pack 4000-->F:\Program Files\Satsuki Decoder Pack\Uninstall.exe
SD-JukeboxV5-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{82625564-5A7A-11D7-AECE-00105A5D0C38}\Setup.exe" -l0x40c
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
SpeedFan (remove only)-->"F:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunbelt Personal Firewall-->MsiExec.exe /X{2736EE90-D7F8-499E-AA60-E65D4C2FE069}
TeamSpeak 2 RC2-->"F:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
VideoLAN VLC media player 0.8.6h-->F:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"F:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
World of Warcraft-->F:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Wow Cartographe 1.09-->F:\Documents and Settings\tom\Bureau\wowcarto\WowCartographe\uninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by tom at 2009-07-25 15:57:38
WIN_XP Service Pack 2
System drive F: has 14 GB (35%) free of 40 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:57, on 25/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
F:\WINDOWS\system32\sdpasvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\MSI\Live Update 3\LMonitor.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\tom\Bureau\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\tom.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCX...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASRInst_V] F:\WINDOWS\system32\regsvr32.exe "F:\Program Files\Fichiers communs\Panasonic\PSL_DMOG726Dec.dll" /s
O4 - HKLM\..\Run: [LiveMonitor] F:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1060284298-854245398-839522115-1004\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - F:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 7057 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - F:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"RTHDCPL"=F:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=F:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
"avgnt"=F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ASRInst_V"=F:\WINDOWS\system32\regsvr32.exe [2004-08-05 12288]
"LiveMonitor"=F:\Program Files\MSI\Live Update 3\LMonitor.exe [2009-02-24 498688]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"NVIDIA nTune"=F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-06-06 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\Azureus\Azureus.exe"="F:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Panasonic\SD-JukeboxV5\sd-jukebox.exe"="F:\Program Files\Panasonic\SD-JukeboxV5\sd-jukebox.exe:*:Enabled:SD-JukeboxV5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Panasonic\SD-JukeboxV5\sd-jukebox.exe"="F:\Program Files\Panasonic\SD-JukeboxV5\sd-jukebox.exe:*:Enabled:SD-JukeboxV5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40087994-33dc-11de-8bb6-0019dbb59304}]
shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mamisoa.exe
shell\setup\command - C:\mamisoa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86215194-b314-11dd-abbc-0019dbb59304}]
shell\AutoRun\command - 9.cmd
shell\explore\command - 9.cmd
shell\open\command - 9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8d2d9e7-4ea8-11dd-aae6-81b6995b30d3}]
shell\AutoRun\command - 9.cmd
shell\explore\command - 9.cmd
shell\open\command - 9.cmd


======List of files/folders created in the last 1 months======

2009-07-25 15:57:38 ----D---- F:\rsit
2009-07-25 15:21:43 ----RA---- F:\WINDOWS\system32\tmp1.tmp
2009-07-24 01:29:40 ----D---- F:\Program Files\Panda Security
2009-07-24 01:03:56 ----D---- F:\WINDOWS\Sun
2009-07-23 23:05:26 ----A---- F:\WINDOWS\ntbtlog.txt
2009-07-23 22:11:59 ----D---- F:\Program Files\Trend Micro
2009-07-19 23:45:10 ----D---- F:\Documents and Settings\tom\Application Data\Technology Lighthouse
2009-07-19 23:45:04 ----AD---- F:\Documents and Settings\All Users\Application Data\TEMP
2009-07-19 23:45:00 ----D---- F:\Program Files\Technology Lighthouse
2009-07-14 23:21:37 ----SHD---- F:\Config.Msi
2009-07-14 18:53:17 ----D---- F:\Documents and Settings\tom\Application Data\Wizards of the Coast

======List of files/folders modified in the last 1 months======

2009-07-25 15:49:48 ----D---- F:\Program Files\Mozilla Firefox
2009-07-25 15:48:07 ----D---- F:\WINDOWS\Temp
2009-07-25 15:43:37 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-07-25 15:35:13 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 15:21:43 ----D---- F:\WINDOWS\system32
2009-07-25 15:18:36 ----A---- F:\WINDOWS\NeroDigital.ini
2009-07-25 15:08:52 ----D---- F:\WINDOWS\system32\CatRoot2
2009-07-25 10:50:41 ----D---- F:\WINDOWS\Prefetch
2009-07-24 09:55:16 ----A---- F:\WINDOWS\win.ini
2009-07-24 09:55:16 ----A---- F:\WINDOWS\system.ini
2009-07-24 09:18:26 ----D---- F:\WINDOWS
2009-07-24 01:40:05 ----D---- F:\WINDOWS\system32\drivers
2009-07-24 01:31:33 ----HD---- F:\WINDOWS\inf
2009-07-24 01:29:40 ----RD---- F:\Program Files
2009-07-23 22:38:26 ----D---- F:\Program Files\Spybot - Search & Destroy
2009-07-23 21:03:47 ----D---- F:\WINDOWS\Minidump
2009-07-15 19:33:49 ----D---- F:\WINDOWS\Microsoft.NET
2009-07-15 19:33:48 ----RSD---- F:\WINDOWS\assembly
2009-07-14 23:22:44 ----SHD---- F:\WINDOWS\Installer
2009-07-14 23:22:34 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-07-14 23:22:08 ----D---- F:\WINDOWS\WinSxS
2009-07-14 23:21:44 ----D---- F:\WINDOWS\system32\mui
2009-07-14 23:21:44 ----D---- F:\Program Files\Internet Explorer
2009-07-14 18:52:14 ----HD---- F:\Program Files\InstallShield Installation Information
2009-07-07 20:18:10 ----D---- F:\Documents and Settings\tom\Application Data\teamspeak2
2009-07-04 22:03:28 ----D---- F:\Documents and Settings\tom\Application Data\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aslm75;aslm75; \??\F:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; F:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-02 75096]
R1 intelppm;Pilote de processeur Intel; F:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 SbFw;SbFw; F:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 269736]
R1 sbhips;Sunbelt HIPS Driver; F:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; F:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 Audsub3;Audsub3; \??\F:\WINDOWS\SYSTEM32\Drivers\Audsub3.sys []
R2 NVR0FLASHDev;NVR0FLASHDev; \??\F:\WINDOWS\nvflash.sys []
R3 avgntflt;avgntflt; \??\F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 gHidPnp;USB Device Enhanced Function Driver; F:\WINDOWS\System32\Drivers\gHidPnp.Sys [2007-04-13 16384]
R3 gMouPS2;PS2 Scroll Mouse Device; F:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 gMouUsb;USB Mouse Device Drv; F:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); F:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 mouhid;Pilote HID de souris; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; F:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-10-13 58112]
R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-10-13 19968]
R3 NVR0Dev;NVR0Dev; \??\F:\WINDOWS\nvoclock.sys []
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service; F:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; F:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
S3 ENTECH;ENTECH; \??\F:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MEI006E;MEI006E; F:\WINDOWS\system32\drivers\MEI006E.sys [2005-08-05 15760]
S3 RivaTuner32;RivaTuner32; \??\F:\Program Files\RivaTuner v2.09\RivaTuner32.sys []
S3 TVICHW32;TVICHW32; \??\F:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbscan;Pilote de scanneur USB; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; F:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-15 611664]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 nTuneService;Performance Service; F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-06-06 155648]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SbPF.Launcher;SbPF.Launcher; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 95528]
R2 SDPASVC;SDPAUMS server service; F:\WINDOWS\system32\sdpasvc.exe [2001-08-07 49152]
R2 UpdateCenterService;Update Center Service; F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688]
S2 SPF4;Sunbelt Personal Firewall 4; F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 1357096]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; F:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; F:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

-----------------EOF-----------------

Autres pages sur : resolu demarrage lent video saccade

a c 267 8 Sécurité
25 Juillet 2009 16:13:10

Bonjour,

Tu as une infection USB.

  • Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    25 Juillet 2009 17:32:10


    ############################## | UsbFix V6.011 |

    User : tom (Administrateurs) # AZY
    Update on 24/07/09 by Chiquitine29 & C_XX
    Start at: 16:19:07 | 25/07/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html



    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled



    ############################## | Processus actifs |

    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    F:\Program Files\Java\jre6\bin\jqs.exe
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    F:\WINDOWS\system32\sdpasvc.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
    F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\WINDOWS\RTHDCPL.EXE
    F:\Program Files\Java\jre6\bin\jusched.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    F:\Program Files\MSI\Live Update 3\LMonitor.exe
    F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    F:\Program Files\Mozilla Firefox\firefox.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | Registre # Clés Run infectieuses |


    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{40087994-33dc-11de-8bb6-0019dbb59304}
    Shell\AutoRun\command =F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mamisoa.exe
    Shell\setup\command =C:\mamisoa.exe

    HKCU\..\..\Explorer\MountPoints2\{86215194-b314-11dd-abbc-0019dbb59304}
    Shell\AutoRun\command =9.cmd
    Shell\explore\Command =9.cmd
    Shell\open\Command =9.cmd

    HKCU\..\..\Explorer\MountPoints2\{b8d2d9e7-4ea8-11dd-aae6-81b6995b30d3}
    Shell\AutoRun\command =9.cmd
    Shell\explore\Command =9.cmd
    Shell\open\Command =9.cmd

    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # UsbFix V6.011 ! |

    Contenus similaires
    a c 267 8 Sécurité
    25 Juillet 2009 17:34:55

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    25 Juillet 2009 18:51:00


    ############################## | UsbFix V6.011 |

    User : tom (Administrateurs) # AZY
    Update on 24/07/09 by Chiquitine29 & C_XX
    Start at: 17:40:29 | 25/07/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html



    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled



    ############################## | Processus actifs |

    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    F:\Program Files\Java\jre6\bin\jqs.exe
    F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    F:\WINDOWS\system32\sdpasvc.exe
    F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | All Drives ... |


    ################## | Registre # Clés Run infectieuses |


    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{40087994-33dc-11de-8bb6-0019dbb59304}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{86215194-b314-11dd-abbc-0019dbb59304}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{b8d2d9e7-4ea8-11dd-aae6-81b6995b30d3}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [11/12/2008 14:22|--a------|0] -> C:\AUTOEXEC.BAT
    [11/12/2008 14:22|--a------|0] -> C:\CONFIG.SYS
    [01/09/2008 12:46|-rahs----|0] -> C:\IO.SYS
    [01/09/2008 12:46|-rahs----|0] -> C:\MSDOS.SYS
    [17/04/2005 17:52|--a------|61] -> D:\Ma config internet.txt
    [11/12/2008 14:56|---hs----|215] -> F:\boot.ini
    [05/08/2004 14:00|-rahs----|4952] -> F:\Bootfont.bin
    [13/12/2008 13:02|--a------|5364] -> F:\FindyKill.txt
    [05/08/2004 14:00|-rahs----|47564] -> F:\NTDETECT.COM
    [01/09/2008 12:52|-rahs----|252240] -> F:\ntldr
    [?|?|?] -> F:\pagefile.sys
    [27/08/2008 01:01|--a------|253119] -> F:\rapport.txt
    [25/07/2009 18:37|--a------|2532] -> F:\UsbFix.txt

    ################## | Vaccination |

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # UsbFix V6.011 ! |

    25 Juillet 2009 19:16:53

    Ok alors la solution au problème viens bien du mode pio/dma.

    j'avais effectué la manip uniquement pour le canal ide primaire et non pour le secondaire, celui çi était effectivement bloqué en PIO même si l'option dma si possible était activé, j'ai donc désinstaller puis reboot.

    d'ou et comment ça c'est mis de cette façon, mystère...
    a c 267 8 Sécurité
    25 Juillet 2009 19:19:46

    Cool :) 

    Plus de souci ?
    25 Juillet 2009 19:24:07

    oui merci bien pour l'aide !
    a c 267 8 Sécurité
    25 Juillet 2009 19:28:03

  • Désinstalle HijackThis.

  • Supprime le programme RSIT ainsi que le dossier RSIT situé sur F:\.

  • Mets à jour AntiVir.

    Pour supprimer les popups d'AntiVir : Lien

    Bonne soirée ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS