Un cheval de troie m'attaque !!
Anonymous_1
Messages postés
65
Statut
Membre
-
Anonymous_1 Messages postés 65 Statut Membre -
Anonymous_1 Messages postés 65 Statut Membre -
Bonjour, j’ai un problème dans mon PC. J’ai deux cheval de troie, quand j’essaie de le supprimé avec Avast, il réappara juste après quelques secondes (C:/Documents and Settings/Yvon/Application Data/_f0fec310bcb98f620cbdba49ce75fd88/down (ic007.exe (apparu une seule fois) et im001.exe infini !) Et après j’ai le cheval de troie (en trois versions), la première qui apparaît infini sauf c’est je pèse sur Rien faire (sur Avast), C:/Documents and Settings/Yvon/Local Settings/Temporary Internet Files/Content.IE5/FAFIKSBL , le deuxième qui est apparu une fois seulement : C:/Documents and Settings/Yvon/Local Settings/Temporary Internet Files/Content.IE5/626C29N0 et le troisième qui apparu une seule fois aussi C:/Documents and Settings/Yvon/Local Settings/Temporary Internet Files/Content.IE5/HYCDS2A5 .
J’ai fait un scan HiJackThis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:18, on 2009-02-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Yvon\Application Data\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par INFO CLICK®
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Yvon\Application Data\svchost.exe"
O4 - HKLM\..\RunServices: [Windows Updates] update.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infoclick.ca
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
O17 - HKLM\Software\..\Telephony: DomainName = Home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Home
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
J’ai fait un scan HiJackThis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:18, on 2009-02-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Yvon\Application Data\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yvon\Mes documents\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par INFO CLICK®
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Yvon\Application Data\svchost.exe"
O4 - HKLM\..\RunServices: [Windows Updates] update.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infoclick.ca
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
O17 - HKLM\Software\..\Telephony: DomainName = Home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Home
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
A voir également:
- Un cheval de troie m'attaque !!
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Qu'est ce que le cheval au poker - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
25 réponses
Je l'ai faites, mais j'ai pas d'infos sur les virus.
Total de fichiers analysés : 104753
Nombre de virus trouvés : 10
Nombre d'objets infectés : 39
Nombre d'objets suspects : 0
Durée de l'analyse : 01:38:22
Total de fichiers analysés : 104753
Nombre de virus trouvés : 10
Nombre d'objets infectés : 39
Nombre d'objets suspects : 0
Durée de l'analyse : 01:38:22
Salut Anonymous_1
Hummm pas de rapport plus précis, c'est bien dommage car je ne peux rien faire avec ça.
De toutes façons deux trois choses restent à régler comme tu peux le constater.
Peux tu essayer avec BitDefender en ligne ?
> Scanne ton PC avec BitDefender en ligne http://www.bitdefender.fr/scan_fr/scan8/ie.html (uniquement sous Internet Explorer)
- Clique sur J'accepte puis accepte également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et installe le.
- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...) si possible. Allume les si necessaire.
- Ensuite, clique sur Cliquez ici pour scanner.
- Patiente jusqu'à la fin du scan qui peut durer assez longtemps...
- Poste le rapport une fois terminé.
Tuto : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId131054
Pendant que Bitdefender fait son analyse tu peux faire ceci :
1°/
Je t'avais demander un virus total de :
qui n'a pas aboutit. Note que le chemin d'accès tient sur deux lignes car il est long ;)
Peux-tu la refaire.
PS : Si Virus total te dit que le fichier a déjà été analysé alors demande une nouvelle analyse.
2°/
Ensuite,
> Télécharge DirLook (de jpshortstuff) : http://jpshortstuff.247fixes.com/DirLook.exe
- Double-clique sur DirLook.exe pour le lancer.
- Assure-toi que "Show Hidden Files" et "BBCode Ouput" soient bien cochés.
- Copie/colle le contenu suivant dans le champ texte principal :
c:\documents and settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88
- Clique sur le bouton <DirLook> pour lancer l'examen. Quand il est terminé, une fenêtre du Bloc-notes va s'ouvrir avec le résultat du scan.
- Poste le contenu ce rapport dans ta prochaine réponse. (Le rapport se trouve aussi ici C:\dl_log.txt).
Note : Il se peut que l'examen prenne plus de temps pour de gros répertoires.
- Refais la même chose avec :
c:\windows\cfig
c:\windows\Vbox
c:\windows\Noslip
c:\documents and settings\LocalService\Application Data\agi
c:\program files\Rewards1 Hack
Et puis il restera normalement encore deux étapes et on aura terminer.
;)
Bonne journée.
Hummm pas de rapport plus précis, c'est bien dommage car je ne peux rien faire avec ça.
De toutes façons deux trois choses restent à régler comme tu peux le constater.
Peux tu essayer avec BitDefender en ligne ?
> Scanne ton PC avec BitDefender en ligne http://www.bitdefender.fr/scan_fr/scan8/ie.html (uniquement sous Internet Explorer)
- Clique sur J'accepte puis accepte également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et installe le.
- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...) si possible. Allume les si necessaire.
- Ensuite, clique sur Cliquez ici pour scanner.
- Patiente jusqu'à la fin du scan qui peut durer assez longtemps...
- Poste le rapport une fois terminé.
Tuto : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId131054
Pendant que Bitdefender fait son analyse tu peux faire ceci :
1°/
Je t'avais demander un virus total de :
C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88\down\mini000.exe
qui n'a pas aboutit. Note que le chemin d'accès tient sur deux lignes car il est long ;)
Peux-tu la refaire.
PS : Si Virus total te dit que le fichier a déjà été analysé alors demande une nouvelle analyse.
2°/
Ensuite,
> Télécharge DirLook (de jpshortstuff) : http://jpshortstuff.247fixes.com/DirLook.exe
- Double-clique sur DirLook.exe pour le lancer.
- Assure-toi que "Show Hidden Files" et "BBCode Ouput" soient bien cochés.
- Copie/colle le contenu suivant dans le champ texte principal :
c:\documents and settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88
- Clique sur le bouton <DirLook> pour lancer l'examen. Quand il est terminé, une fenêtre du Bloc-notes va s'ouvrir avec le résultat du scan.
- Poste le contenu ce rapport dans ta prochaine réponse. (Le rapport se trouve aussi ici C:\dl_log.txt).
Note : Il se peut que l'examen prenne plus de temps pour de gros répertoires.
- Refais la même chose avec :
c:\windows\cfig
c:\windows\Vbox
c:\windows\Noslip
c:\documents and settings\LocalService\Application Data\agi
c:\program files\Rewards1 Hack
Et puis il restera normalement encore deux étapes et on aura terminer.
;)
Bonne journée.
J’ai fait les analyses et voici :
Virus Total :
Fichier mini000.exe reçu le 2009.02.09 14:16:31 (CET)
Situation actuelle: terminé
Résultat: 15/39 (38.47%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.09 -
AhnLab-V3 5.0.0.2 2009.02.09 -
AntiVir 7.9.0.76 2009.02.09 TR/Dldr.Ophym
Authentium 5.1.0.4 2009.02.08 -
Avast 4.8.1335.0 2009.02.08 -
AVG 8.0.0.229 2009.02.09 Worm/Autoit.PCB
BitDefender 7.2 2009.02.09 -
CAT-QuickHeal 10.00 2009.02.09 -
ClamAV 0.94.1 2009.02.09 -
Comodo 972 2009.02.09 -
DrWeb 4.44.0.09170 2009.02.09 -
eSafe 7.0.17.0 2009.02.09 Win32.TRDldr.Ophym
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.08 -
F-Secure 8.0.14470.0 2009.02.09 Trojan.Win32.VB.jpo
Fortinet 3.117.0.0 2009.02.09 W32/BackDoor.JPO!tr
GData 19 2009.02.09 -
Ikarus T3.1.1.45.0 2009.02.09 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.09 Trojan.Win32.VB.jpo
McAfee 5520 2009.02.08 Generic BackDoor.k
McAfee+Artemis 5520 2009.02.08 Generic BackDoor.k
Microsoft 1.4306 2009.02.09 -
NOD32 3838 2009.02.09 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.09 Trojan/W32.Agent.1406931.B
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.09 -
Prevx1 V2 2009.02.09 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.09 Trojan.Dldr.Ophym
Sophos 4.38.0 2009.02.09 Mal/VBDrop-B
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.09 W32.Spybot.Worm
TheHacker 6.3.1.5.250 2009.02.09 Trojan/VB.jpo
TrendMicro 8.700.0.1004 2009.02.09 TROJ_PLEPILM.A
VBA32 3.12.8.12 2009.02.08 Trojan.Win32.VB.jpo
ViRobot 2009.2.9.1596 2009.02.09 -
VirusBuster 4.5.11.0 2009.02.08 -
Information additionnelle
File size: 469621 bytes
MD5...: 3184ec59543d53434a2efda6e73c4dc4
SHA1..: cb778354afe09c7a625bd6d5d35351645ef772c2
SHA256: 082b45e5608b7bf8617bb19dd415780bf0e28c48cc35bf6e1a3c317dbb969d66
SHA512: af0e3df133e4c4a9e5980574dbfd4210cb1b8e87a22e635f393a8f898fcff530
761e719b5976312f51873ab45fda295c548dd366f33b67e568b84aa5c5980b5d
ssdeep: 12288:rLTBRlCdHddPKhPEPnfYoP+YMOQWAVimrvBksDihV8lfU:vTBRlCdHddPK
6P5MHWKZvBksDi4lfU
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2060
timedatestamp.....: 0x4986fc0e (Mon Feb 02 13:58:38 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcc18 0xd000 5.66 da26e6b3392d9e092c78833db69511df
.data 0xe000 0x680 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0xf000 0x51704 0x52000 7.99 b14ad26415cbc03098bda5a24438f006
( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaEnd, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaResume, __vbaStrCat, __vbaVarCmpNe, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaVarCmpGe, __vbaAryDestruct, __vbaVarPow, -, __vbaExitProc, __vbaStrLike, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaBoolVarNull, __vbaVarTstLt, _CIsin, -, __vbaErase, -, __vbaVarCmpGt, __vbaVarZero, -, __vbaChkstk, -, __vbaFileClose, -, __vbaStrCmp, -, __vbaVarTstEq, __vbaPutOwner3, __vbaAryConstruct2, DllFunctionCall, __vbaVarOr, -, __vbaStrR4, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, -, _CIsqrt, __vbaVarAnd, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaVarDiv, -, -, __vbaVarCmpLe, __vbaFPException, -, __vbaUbound, __vbaVarCat, -, -, _CIlog, __vbaFileOpen, -, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, __vbaI4Var, __vbaVarCmpEq, __vbaVarAdd, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaVarMod, -, __vbaFpI4, -, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaI4ErrVar, __vbaFreeObj, __vbaFreeStr
( 0 exports )
Dir Look :
DirLook.exe v2.0 by jpshortstuff
Log created at 08:25 on 09/02/2009
==================================[b]
Contents of "c:\documents and settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88"
/b
[b][color=blue]---FOLDERS---/b/color
[b]down/b (Created on 06/02/2009 at 21:30) d-----
[b][color=blue]---FILES---/b/color
[b]control.ini/b (550 bytes - created on 06/02/2009 at 21:31, modified on 08/02/2009 at 15:50) --a---
[b]save.ini/b (236 bytes - created on 06/02/2009 at 21:30, modified on 08/02/2009 at 15:47) --a---
==================================
[b][color=blue]=EOF=/b/color
(Excuse-moi mais j’avais vérifié et supprimé les autres fichiers à vérifié)
Et BitDefender Online Scanner :
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Mon, Feb 09, 2009 - 08:55:56
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés 120799
Infectés Fichiers 6
Virus Détectés
Trojan.Generic.968972 1
Trojan.Generic.1404608 1
Trojan.Generic.1363712 2
Trojan.Downloader.JLPF 1
BehavesLike:Trojan.Downloader 1
--------------------------------------------------------------------------------
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
Virus Total :
Fichier mini000.exe reçu le 2009.02.09 14:16:31 (CET)
Situation actuelle: terminé
Résultat: 15/39 (38.47%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.09 -
AhnLab-V3 5.0.0.2 2009.02.09 -
AntiVir 7.9.0.76 2009.02.09 TR/Dldr.Ophym
Authentium 5.1.0.4 2009.02.08 -
Avast 4.8.1335.0 2009.02.08 -
AVG 8.0.0.229 2009.02.09 Worm/Autoit.PCB
BitDefender 7.2 2009.02.09 -
CAT-QuickHeal 10.00 2009.02.09 -
ClamAV 0.94.1 2009.02.09 -
Comodo 972 2009.02.09 -
DrWeb 4.44.0.09170 2009.02.09 -
eSafe 7.0.17.0 2009.02.09 Win32.TRDldr.Ophym
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.08 -
F-Secure 8.0.14470.0 2009.02.09 Trojan.Win32.VB.jpo
Fortinet 3.117.0.0 2009.02.09 W32/BackDoor.JPO!tr
GData 19 2009.02.09 -
Ikarus T3.1.1.45.0 2009.02.09 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.09 Trojan.Win32.VB.jpo
McAfee 5520 2009.02.08 Generic BackDoor.k
McAfee+Artemis 5520 2009.02.08 Generic BackDoor.k
Microsoft 1.4306 2009.02.09 -
NOD32 3838 2009.02.09 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.09 Trojan/W32.Agent.1406931.B
Panda 9.5.1.2 2009.02.08 -
PCTools 4.4.2.0 2009.02.09 -
Prevx1 V2 2009.02.09 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.09 Trojan.Dldr.Ophym
Sophos 4.38.0 2009.02.09 Mal/VBDrop-B
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.09 W32.Spybot.Worm
TheHacker 6.3.1.5.250 2009.02.09 Trojan/VB.jpo
TrendMicro 8.700.0.1004 2009.02.09 TROJ_PLEPILM.A
VBA32 3.12.8.12 2009.02.08 Trojan.Win32.VB.jpo
ViRobot 2009.2.9.1596 2009.02.09 -
VirusBuster 4.5.11.0 2009.02.08 -
Information additionnelle
File size: 469621 bytes
MD5...: 3184ec59543d53434a2efda6e73c4dc4
SHA1..: cb778354afe09c7a625bd6d5d35351645ef772c2
SHA256: 082b45e5608b7bf8617bb19dd415780bf0e28c48cc35bf6e1a3c317dbb969d66
SHA512: af0e3df133e4c4a9e5980574dbfd4210cb1b8e87a22e635f393a8f898fcff530
761e719b5976312f51873ab45fda295c548dd366f33b67e568b84aa5c5980b5d
ssdeep: 12288:rLTBRlCdHddPKhPEPnfYoP+YMOQWAVimrvBksDihV8lfU:vTBRlCdHddPK
6P5MHWKZvBksDi4lfU
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2060
timedatestamp.....: 0x4986fc0e (Mon Feb 02 13:58:38 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcc18 0xd000 5.66 da26e6b3392d9e092c78833db69511df
.data 0xe000 0x680 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0xf000 0x51704 0x52000 7.99 b14ad26415cbc03098bda5a24438f006
( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaEnd, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaResume, __vbaStrCat, __vbaVarCmpNe, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaVarCmpGe, __vbaAryDestruct, __vbaVarPow, -, __vbaExitProc, __vbaStrLike, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaBoolVarNull, __vbaVarTstLt, _CIsin, -, __vbaErase, -, __vbaVarCmpGt, __vbaVarZero, -, __vbaChkstk, -, __vbaFileClose, -, __vbaStrCmp, -, __vbaVarTstEq, __vbaPutOwner3, __vbaAryConstruct2, DllFunctionCall, __vbaVarOr, -, __vbaStrR4, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, -, _CIsqrt, __vbaVarAnd, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaVarDiv, -, -, __vbaVarCmpLe, __vbaFPException, -, __vbaUbound, __vbaVarCat, -, -, _CIlog, __vbaFileOpen, -, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaVarCmpLt, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, __vbaI4Var, __vbaVarCmpEq, __vbaVarAdd, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaVarMod, -, __vbaFpI4, -, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaI4ErrVar, __vbaFreeObj, __vbaFreeStr
( 0 exports )
Dir Look :
DirLook.exe v2.0 by jpshortstuff
Log created at 08:25 on 09/02/2009
==================================[b]
Contents of "c:\documents and settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88"
/b
[b][color=blue]---FOLDERS---/b/color
[b]down/b (Created on 06/02/2009 at 21:30) d-----
[b][color=blue]---FILES---/b/color
[b]control.ini/b (550 bytes - created on 06/02/2009 at 21:31, modified on 08/02/2009 at 15:50) --a---
[b]save.ini/b (236 bytes - created on 06/02/2009 at 21:30, modified on 08/02/2009 at 15:47) --a---
==================================
[b][color=blue]=EOF=/b/color
(Excuse-moi mais j’avais vérifié et supprimé les autres fichiers à vérifié)
Et BitDefender Online Scanner :
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Mon, Feb 09, 2009 - 08:55:56
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés 120799
Infectés Fichiers 6
Virus Détectés
Trojan.Generic.968972 1
Trojan.Generic.1404608 1
Trojan.Generic.1363712 2
Trojan.Downloader.JLPF 1
BehavesLike:Trojan.Downloader 1
--------------------------------------------------------------------------------
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
Bonsoir,
Heuu...
Quand tu dis : (Excuse-moi mais j’avais vérifié et supprimé les autres fichiers à vérifié)
Tu parles de dirlook ? Car ceux ne sont pas des fichiers mais des dossiers.
Es-tu sûr de ne pas avoir fais une connerie ?
Si tu as toujours ces dossiers :
c:\windows\cfig
c:\windows\Vbox
c:\windows\Noslip
c:\documents and settings\LocalService\Application Data\agi
c:\program files\Rewards1 Hack
Je veux bien un dirlook stp.
Bon....
pour le rapport en ligne c'est pas ça non plus. Il me faut le chemin d'accès des virus (C:\...)
Peux-tu refaire un Kaspersky en ligne et cette fois-ci cliquer sur "afficher le rapport" puis l'enregistrer sous format texte et le poster ?
Je veux bien aussi un nouveau RSIT stp.
Aller, on a bientôt fini.
Heuu...
Quand tu dis : (Excuse-moi mais j’avais vérifié et supprimé les autres fichiers à vérifié)
Tu parles de dirlook ? Car ceux ne sont pas des fichiers mais des dossiers.
Es-tu sûr de ne pas avoir fais une connerie ?
Si tu as toujours ces dossiers :
c:\windows\cfig
c:\windows\Vbox
c:\windows\Noslip
c:\documents and settings\LocalService\Application Data\agi
c:\program files\Rewards1 Hack
Je veux bien un dirlook stp.
Bon....
pour le rapport en ligne c'est pas ça non plus. Il me faut le chemin d'accès des virus (C:\...)
Peux-tu refaire un Kaspersky en ligne et cette fois-ci cliquer sur "afficher le rapport" puis l'enregistrer sous format texte et le poster ?
Je veux bien aussi un nouveau RSIT stp.
Aller, on a bientôt fini.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pour Kaspersky, c'est que quand il a finir, je trouve pas le piton pour afficher le rapport.
Voici le log de RSIT alors :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Yvon at 2009-02-10 19:51:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 117 GB (76%) free of 153 GB
Total RAM: 2039 MB (61% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2749157708-1151735276-660995637-1005.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-20 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-27 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-27 2436160]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 284184]
"LVCOMSX"=C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-20 185872]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-04-09 826880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2008-11-09 243072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-11-15 746520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-10-28 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-27 171448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yvon^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoStartMenuMFUprogramsList"=1
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\IncrediMail\bin\IncMail.exe"="C:\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88\down\mini000.exe"="C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88\down\mini000.exe:*:Enabled:WinSvrHost32"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2009-02-09 10:07:44 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-09 08:25:36 ----A---- C:\DirLook.txt
2009-02-09 07:58:29 ----D---- C:\WINDOWS\BDOSCAN8
2009-02-08 12:22:01 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-02-08 11:16:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-08 11:06:32 ----SHD---- C:\RECYCLER
2009-02-08 10:53:38 ----A---- C:\ComboFix.txt
2009-02-08 10:50:45 ----D---- C:\ComboFix
2009-02-08 08:15:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-08 08:06:13 ----A---- C:\Boot.bak
2009-02-08 08:06:10 ----RASHD---- C:\cmdcons
2009-02-08 08:03:43 ----A---- C:\WINDOWS\zip.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\VFIND.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWSC.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWREG.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\sed.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\grep.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\fdsv.exe
2009-02-08 08:03:31 ----D---- C:\WINDOWS\ERDNT
2009-02-08 08:03:31 ----D---- C:\Qoobox
2009-02-07 19:45:27 ----D---- C:\_OTMoveIt
2009-02-07 19:01:15 ----A---- C:\fixnavi.txt
2009-02-07 18:56:47 ----D---- C:\Program Files\Navilog1
2009-02-07 18:53:27 ----D---- C:\Program Files\CCleaner
2009-02-07 18:34:26 ----D---- C:\rsit
2009-02-06 17:02:40 ----D---- C:\Program Files\ESET
2009-02-06 16:30:42 ----D---- C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88
2009-02-05 17:44:18 ----D---- C:\WINDOWS\cfig
2009-02-03 07:14:31 ----D---- C:\Documents and Settings\Yvon\Application Data\HiYo
2009-02-02 12:26:58 ----D---- C:\Documents and Settings\Yvon\Application Data\Ulead Systems
2009-02-02 12:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-02-02 12:26:35 ----D---- C:\Program Files\Ulead Systems
2009-02-01 20:42:59 ----D---- C:\Program Files\Easy Gif Animator Extension
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\pywintypes25.dll
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\pythoncom25.dll
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\python25.dll
2009-01-25 08:21:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-22 18:13:56 ----AC---- C:\WINDOWS\system32\wmv8dmod.dll
2009-01-22 18:13:55 ----AC---- C:\WINDOWS\system32\mpg4c32.dll
2009-01-21 16:55:39 ----D---- C:\Documents and Settings\Yvon\Application Data\Kodak
2009-01-21 16:55:31 ----D---- C:\Program Files\SANYO
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxinsi64.exe
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxcpyi64.exe
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxcpya64.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\vxblock.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxwave.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxsfs.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxmas.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxinsa64.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxdrv.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxafs.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\px.dll
2009-01-21 07:29:56 ----RHD---- C:\Documents and Settings\Yvon\Application Data\SecuROM
2009-01-20 19:57:15 ----D---- C:\Program Files\Total Video Converter
2009-01-20 17:57:19 ----D---- C:\Program Files\Fichiers communs\xing shared
2009-01-20 17:57:13 ----AC---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-20 17:57:06 ----AC---- C:\WINDOWS\system32\pndx5032.dll
2009-01-20 17:57:06 ----AC---- C:\WINDOWS\system32\pndx5016.dll
2009-01-20 17:57:05 ----D---- C:\Program Files\Real
2009-01-20 17:57:05 ----AC---- C:\WINDOWS\system32\pncrt.dll
2009-01-14 20:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 16:11:31 ----D---- C:\Program Files\NDSROM Player
2009-01-11 13:33:40 ----HC---- C:\Documents and Settings\Yvon\Application Data\swk.ini
======List of files/folders modified in the last 1 months======
2009-02-10 19:51:26 ----D---- C:\WINDOWS\Temp
2009-02-10 19:46:08 ----D---- C:\TEMP
2009-02-10 19:37:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-02-10 18:48:48 ----D---- C:\WINDOWS\Prefetch
2009-02-10 17:10:39 ----SD---- C:\WINDOWS\Tasks
2009-02-10 06:58:32 ----AD---- C:\WINDOWS
2009-02-10 06:20:03 ----D---- C:\Program Files\LogMeIn
2009-02-09 11:49:00 ----SHD---- C:\WINDOWS\Installer
2009-02-09 11:48:59 ----D---- C:\Config.Msi
2009-02-09 10:07:44 ----D---- C:\Program Files
2009-02-09 07:58:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-09 07:58:29 ----HD---- C:\WINDOWS\inf
2009-02-09 07:58:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-08 14:25:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-08 12:22:01 ----D---- C:\WINDOWS\system32
2009-02-08 10:52:35 ----A---- C:\WINDOWS\system.ini
2009-02-08 10:52:10 ----D---- C:\WINDOWS\system32\drivers
2009-02-08 10:52:10 ----D---- C:\WINDOWS\AppPatch
2009-02-08 10:52:10 ----D---- C:\Program Files\Fichiers communs
2009-02-08 10:18:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 10:18:20 ----D---- C:\WINDOWS\Minidump
2009-02-08 10:18:20 ----D---- C:\WINDOWS\Debug
2009-02-08 08:06:13 ----RASH---- C:\boot.ini
2009-02-07 10:08:13 ----D---- C:\Documents and Settings\Yvon\Application Data\LimeWire
2009-02-06 21:23:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-06 20:03:39 ----D---- C:\Program Files\NCH Swift Sound
2009-02-06 20:00:39 ----RSD---- C:\WINDOWS\assembly
2009-02-06 19:58:54 ----D---- C:\Program Files\Free FLV to AVI MP4 3GP WMV MP3 Converter
2009-02-05 21:00:18 ----AC---- C:\WINDOWS\win.ini
2009-02-04 06:52:59 ----D---- C:\Program Files\Yahoo!
2009-02-04 06:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-02-04 06:51:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 12:26:39 ----RSD---- C:\WINDOWS\Fonts
2009-02-01 18:34:14 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-01 18:34:14 ----D---- C:\Program Files\Adobe
2009-02-01 18:34:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-30 15:39:19 ----SD---- C:\Documents and Settings\Yvon\Application Data\Microsoft
2009-01-30 07:38:37 ----D---- C:\DVDVideoSoft
2009-01-25 08:27:43 ----D---- C:\Program Files\Mozilla Firefox
2009-01-22 18:38:02 ----D---- C:\gmax
2009-01-22 18:33:11 ----AC---- C:\WINDOWS\Zmodeler.ini
2009-01-21 19:48:45 ----D---- C:\Program Files\Sanny Builder 3
2009-01-20 17:59:19 ----D---- C:\Documents and Settings\Yvon\Application Data\Real
2009-01-20 17:57:17 ----D---- C:\Program Files\Fichiers communs\Real
2009-01-18 17:14:09 ----D---- C:\Program Files\Rockstar Games
2009-01-14 20:50:25 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-12-07 18816]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-11-15 1678368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-11-15 24736]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 msqpdxserv.sys;msqpdxserv.sys; C:\WINDOWS\system32\drivers\msqpdxmxunbefy.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-07 94208]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-01-13 4096]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-07 47360]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-07-03 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2006-11-15 109344]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-07-03 167936]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
S2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe [2006-11-15 101152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 138168]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Voici le log de RSIT alors :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Yvon at 2009-02-10 19:51:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 117 GB (76%) free of 153 GB
Total RAM: 2039 MB (61% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2749157708-1151735276-660995637-1005.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-20 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-27 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-27 2436160]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 284184]
"LVCOMSX"=C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-20 185872]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Yvon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-04-09 826880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2008-11-09 243072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-11-15 746520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-10-28 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-10-27 171448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yvon^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoStartMenuMFUprogramsList"=1
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\IncrediMail\bin\IncMail.exe"="C:\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88\down\mini000.exe"="C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88\down\mini000.exe:*:Enabled:WinSvrHost32"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2009-02-09 10:07:44 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-09 08:25:36 ----A---- C:\DirLook.txt
2009-02-09 07:58:29 ----D---- C:\WINDOWS\BDOSCAN8
2009-02-08 12:22:01 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-02-08 11:16:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-08 11:06:32 ----SHD---- C:\RECYCLER
2009-02-08 10:53:38 ----A---- C:\ComboFix.txt
2009-02-08 10:50:45 ----D---- C:\ComboFix
2009-02-08 08:15:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-08 08:06:13 ----A---- C:\Boot.bak
2009-02-08 08:06:10 ----RASHD---- C:\cmdcons
2009-02-08 08:03:43 ----A---- C:\WINDOWS\zip.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\VFIND.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWSC.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\SWREG.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\sed.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\grep.exe
2009-02-08 08:03:43 ----A---- C:\WINDOWS\fdsv.exe
2009-02-08 08:03:31 ----D---- C:\WINDOWS\ERDNT
2009-02-08 08:03:31 ----D---- C:\Qoobox
2009-02-07 19:45:27 ----D---- C:\_OTMoveIt
2009-02-07 19:01:15 ----A---- C:\fixnavi.txt
2009-02-07 18:56:47 ----D---- C:\Program Files\Navilog1
2009-02-07 18:53:27 ----D---- C:\Program Files\CCleaner
2009-02-07 18:34:26 ----D---- C:\rsit
2009-02-06 17:02:40 ----D---- C:\Program Files\ESET
2009-02-06 16:30:42 ----D---- C:\Documents and Settings\Yvon\Application Data\_f0fec310bcb98f620cbdba49ce75fd88
2009-02-05 17:44:18 ----D---- C:\WINDOWS\cfig
2009-02-03 07:14:31 ----D---- C:\Documents and Settings\Yvon\Application Data\HiYo
2009-02-02 12:26:58 ----D---- C:\Documents and Settings\Yvon\Application Data\Ulead Systems
2009-02-02 12:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-02-02 12:26:35 ----D---- C:\Program Files\Ulead Systems
2009-02-01 20:42:59 ----D---- C:\Program Files\Easy Gif Animator Extension
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\pywintypes25.dll
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\pythoncom25.dll
2009-01-31 17:52:17 ----AC---- C:\WINDOWS\system32\python25.dll
2009-01-25 08:21:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-22 18:13:56 ----AC---- C:\WINDOWS\system32\wmv8dmod.dll
2009-01-22 18:13:55 ----AC---- C:\WINDOWS\system32\mpg4c32.dll
2009-01-21 16:55:39 ----D---- C:\Documents and Settings\Yvon\Application Data\Kodak
2009-01-21 16:55:31 ----D---- C:\Program Files\SANYO
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxinsi64.exe
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxcpyi64.exe
2009-01-21 16:52:44 ----C---- C:\WINDOWS\system32\pxcpya64.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\vxblock.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxwave.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxsfs.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxmas.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxinsa64.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxdrv.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\pxafs.dll
2009-01-21 16:52:43 ----C---- C:\WINDOWS\system32\px.dll
2009-01-21 07:29:56 ----RHD---- C:\Documents and Settings\Yvon\Application Data\SecuROM
2009-01-20 19:57:15 ----D---- C:\Program Files\Total Video Converter
2009-01-20 17:57:19 ----D---- C:\Program Files\Fichiers communs\xing shared
2009-01-20 17:57:13 ----AC---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-20 17:57:06 ----AC---- C:\WINDOWS\system32\pndx5032.dll
2009-01-20 17:57:06 ----AC---- C:\WINDOWS\system32\pndx5016.dll
2009-01-20 17:57:05 ----D---- C:\Program Files\Real
2009-01-20 17:57:05 ----AC---- C:\WINDOWS\system32\pncrt.dll
2009-01-14 20:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 16:11:31 ----D---- C:\Program Files\NDSROM Player
2009-01-11 13:33:40 ----HC---- C:\Documents and Settings\Yvon\Application Data\swk.ini
======List of files/folders modified in the last 1 months======
2009-02-10 19:51:26 ----D---- C:\WINDOWS\Temp
2009-02-10 19:46:08 ----D---- C:\TEMP
2009-02-10 19:37:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-02-10 18:48:48 ----D---- C:\WINDOWS\Prefetch
2009-02-10 17:10:39 ----SD---- C:\WINDOWS\Tasks
2009-02-10 06:58:32 ----AD---- C:\WINDOWS
2009-02-10 06:20:03 ----D---- C:\Program Files\LogMeIn
2009-02-09 11:49:00 ----SHD---- C:\WINDOWS\Installer
2009-02-09 11:48:59 ----D---- C:\Config.Msi
2009-02-09 10:07:44 ----D---- C:\Program Files
2009-02-09 07:58:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-09 07:58:29 ----HD---- C:\WINDOWS\inf
2009-02-09 07:58:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-08 14:25:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-08 12:22:01 ----D---- C:\WINDOWS\system32
2009-02-08 10:52:35 ----A---- C:\WINDOWS\system.ini
2009-02-08 10:52:10 ----D---- C:\WINDOWS\system32\drivers
2009-02-08 10:52:10 ----D---- C:\WINDOWS\AppPatch
2009-02-08 10:52:10 ----D---- C:\Program Files\Fichiers communs
2009-02-08 10:18:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 10:18:20 ----D---- C:\WINDOWS\Minidump
2009-02-08 10:18:20 ----D---- C:\WINDOWS\Debug
2009-02-08 08:06:13 ----RASH---- C:\boot.ini
2009-02-07 10:08:13 ----D---- C:\Documents and Settings\Yvon\Application Data\LimeWire
2009-02-06 21:23:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-06 20:03:39 ----D---- C:\Program Files\NCH Swift Sound
2009-02-06 20:00:39 ----RSD---- C:\WINDOWS\assembly
2009-02-06 19:58:54 ----D---- C:\Program Files\Free FLV to AVI MP4 3GP WMV MP3 Converter
2009-02-05 21:00:18 ----AC---- C:\WINDOWS\win.ini
2009-02-04 06:52:59 ----D---- C:\Program Files\Yahoo!
2009-02-04 06:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-02-04 06:51:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 12:26:39 ----RSD---- C:\WINDOWS\Fonts
2009-02-01 18:34:14 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-01 18:34:14 ----D---- C:\Program Files\Adobe
2009-02-01 18:34:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-30 15:39:19 ----SD---- C:\Documents and Settings\Yvon\Application Data\Microsoft
2009-01-30 07:38:37 ----D---- C:\DVDVideoSoft
2009-01-25 08:27:43 ----D---- C:\Program Files\Mozilla Firefox
2009-01-22 18:38:02 ----D---- C:\gmax
2009-01-22 18:33:11 ----AC---- C:\WINDOWS\Zmodeler.ini
2009-01-21 19:48:45 ----D---- C:\Program Files\Sanny Builder 3
2009-01-20 17:59:19 ----D---- C:\Documents and Settings\Yvon\Application Data\Real
2009-01-20 17:57:17 ----D---- C:\Program Files\Fichiers communs\Real
2009-01-18 17:14:09 ----D---- C:\Program Files\Rockstar Games
2009-01-14 20:50:25 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-12-07 18816]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-11-15 1678368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-11-15 24736]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 msqpdxserv.sys;msqpdxserv.sys; C:\WINDOWS\system32\drivers\msqpdxmxunbefy.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-07 94208]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-01-13 4096]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-07 47360]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-07-03 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2006-11-15 109344]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-07-03 167936]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
S2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe [2006-11-15 101152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 138168]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
