Inquiétude
Sarah
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je pense que mon ordinateur est sérieusement infecté, Avira antivir détecte environ 80 fichiers infectés, entre autres des trojans: tr/pck.krap.x.182 et tr/agent.x.1935, il me semble qu'ils se propagent car ils apparaissent dans des fichiers différents.
Je viens d'effectuer l'analyse RSIT je poste les résultats obtenus.
En vous remerciant par avance pour votre aide,
Sarah
info.txt logfile of random's system information tool 1.06 2010-02-08 18:19:00
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->"C:\ProgramData\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bibliothèques GTK+ 2.14.7 rev a (supprimer uniquement)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Creative Centrale-->"C:\ProgramData\{90F3B5EB-A471-42F9-A905-991C2DB2312C}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\ProgramData\{90F3B5EB-A471-42F9-A905-991C2DB2312C}\Setup.exe
Creative Software Update-->C:\ProgramData\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}\setup.exe
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DICCIONARIO CLAVE-->C:\Windows\DICCIONARIO CLAVE Uninstaller.exe
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Gestionnaire de disques amovible Creative-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Guide de l'utilisateur Creative ZEN Mozaic-->"C:\Program Files\Creative\Creative ZEN Mozaic\UGRemove.exe" /Product_Name:ZENMozaicUG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Installation Windows Live-->C:\Program Files\Windows
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sarah at 2010-02-08 18:18:32
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 49 GB (52%) free of 95 GB
Total RAM: 2038 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:51, on 08/02/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\kenotify.exe
C:\Program Files\IDM\Desktop SMS\desktopsms.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\tpwrmain.exe
C:\Program Files\TOSHIBA\SmoothView\smoothview.exe
C:\Program Files\TOSHIBA\FlashCards\tcrdmain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\program files\toshiba\toscdspd\toscdspd .exe
C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe
C:\windows\ctregrun .exe
C:\Program Files\Creative\Enregistrement du produit\French\InetReg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sarah\Downloads\RSIT.exe
C:\Program Files\trend micro\Sarah.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\j6yvm9.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O22 - SharedTaskScheduler: dfgfgfiljojigidghu7yuhdiugrh98au - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9751 bytes
======Scheduled tasks folder======
C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}]
C:\Windows\system32\j6yvm9.dll - C:\Windows\system32\j6yvm9.dll [2010-02-07 20000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2010-02-08 56832]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-08 56832]
"HWSetup"=\HWSetup.exe hwSetUP []
"Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2010-02-08 56832]
"RtHDVCpl"=C:\Windows\system32\RtHDVCpl.exe [2010-02-08 56832]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-02-08 56832]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-02-08 56832]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2010-02-08 56832]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-02-08 56832]
"NDSTray.exe"=C:\Windows\system32\NDSTray.exe [2010-02-08 56832]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2010-02-08 56832]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-08 56832]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-08 56832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-08 56832]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2010-02-08 56832]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2010-02-08 56832]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2010-02-08 56832]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-02-08 56832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-08 56832]
"NPSStartup"= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-10-07 1232896]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2010-02-07 56832]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"CTRegRun"=C:\Windows\CTRegRun.EXE [2010-02-08 56832]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"uishf9wuifwuh387fh3wufinhjfdwefe"=C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe [2010-02-08 56832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-02-07 56832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
C:\Program Files\Creative\Software Update 3\SoftAuto.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\kbdsock.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
dfgfgfiljojigidghu7yuhdiugrh98au - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll [2010-02-07 20000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70a9fa05-cfa8-11de-a52f-001eec05acb1}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4820f3-10cf-11df-907b-001f3c128bdb}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd758b70-1752-11dd-9afc-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-02-08 18:18:33 ----D---- C:\Program Files\trend micro
2010-02-08 18:18:31 ----D---- C:\rsit
2010-02-08 18:10:32 ----A---- C:\Windows\system32\rthdvcpl.exe
2010-02-08 16:54:49 ----A---- C:\Windows\system32\tzres.dll
2010-02-08 16:31:04 ----A---- C:\Windows\system32\nshhttp.dll
2010-02-08 16:30:56 ----A---- C:\Windows\system32\httpapi.dll
2010-02-07 21:34:31 ----A---- C:\Windows\ntbtlog.txt
2010-02-07 21:23:55 ----A---- C:\Windows\system32\dep0odnd.dll
2010-02-07 21:10:46 ----A---- C:\Windows\system32\tqtr9.dll
2010-02-07 21:09:35 ----A---- C:\Windows\system32\vcwfek6.dll
2010-02-07 21:08:09 ----A---- C:\Windows\system32\jca8st6.dll
2010-02-07 20:03:35 ----A---- C:\Windows\system32\ehtje.dll
2010-02-07 18:34:44 ----A---- C:\Windows\system32\t2embed.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\lpk.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\fontsub.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\dciman32.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\atmlib.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\atmfd.dll
2010-02-07 18:34:39 ----A---- C:\Windows\system32\jscript.dll
2010-02-07 18:34:35 ----A---- C:\Windows\system32\mshtml.dll
2010-02-07 18:34:33 ----A---- C:\Windows\system32\ieframe.dll
2010-02-07 18:34:30 ----A---- C:\Windows\system32\iertutil.dll
2010-02-07 18:34:29 ----A---- C:\Windows\system32\wininet.dll
2010-02-07 18:34:29 ----A---- C:\Windows\system32\urlmon.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\occache.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-02-07 18:34:27 ----A---- C:\Windows\system32\ieui.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\msfeedssync.exe
2010-02-07 18:34:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iesysprep.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iesetup.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iernonce.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iepeers.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-02-07 18:34:13 ----A---- C:\Windows\system32\msxml6.dll
2010-02-07 18:34:13 ----A---- C:\Windows\system32\msxml3.dll
2010-02-07 18:34:12 ----A---- C:\Windows\system32\msxml6r.dll
2010-02-07 18:34:12 ----A---- C:\Windows\system32\msxml3r.dll
2010-02-07 18:34:01 ----A---- C:\Windows\system32\rastls.dll
2010-02-07 18:34:01 ----A---- C:\Windows\system32\raschap.dll
2010-02-07 17:38:34 ----D---- C:\Users\Sarah\AppData\Roaming\ImgBurn
2010-02-07 17:34:01 ----D---- C:\Program Files\ImgBurn
2010-02-07 17:11:54 ----A---- C:\Windows\system32\xd90i.dll
2010-02-07 16:51:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-02-07 16:51:59 ----A---- C:\Windows\system32\icardie.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\msls31.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\mshtmler.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\corpol.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\admparse.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\imgutil.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\ieakeng.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\dxtrans.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\dxtmsft.dll
2010-02-07 16:51:56 ----A---- C:\Windows\system32\licmgr10.dll
2010-02-07 16:51:56 ----A---- C:\Windows\system32\inseng.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\webcheck.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\msrating.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\ieaksie.dll
2010-02-07 16:51:54 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-02-07 16:51:54 ----A---- C:\Windows\system32\wextract.exe
2010-02-07 16:51:54 ----A---- C:\Windows\system32\mstime.dll
2010-02-07 16:51:54 ----A---- C:\Windows\system32\ieakui.dll
2010-02-07 16:51:53 ----A---- C:\Windows\system32\pngfilt.dll
2010-02-07 16:51:53 ----A---- C:\Windows\system32\advpack.dll
2010-02-07 16:51:51 ----A---- C:\Windows\system32\ieapfltr.dll
2010-02-07 16:51:50 ----A---- C:\Windows\system32\vbscript.dll
2010-02-07 16:51:50 ----A---- C:\Windows\system32\url.dll
2010-02-07 16:51:48 ----A---- C:\Windows\system32\mshta.exe
2010-02-07 16:51:48 ----A---- C:\Windows\system32\iexpress.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\PDMSetup.exe
2010-02-07 16:41:44 ----A---- C:\Windows\system32\ndstray.exe
2010-02-07 16:41:44 ----A---- C:\Windows\system32\ndstray .exe
2010-02-07 16:39:49 ----A---- C:\Windows\system32\j6yvm9.dll
2010-02-07 15:19:53 ----D---- C:\ProgramData\Avira
2010-02-07 15:19:52 ----D---- C:\Program Files\Avira
2010-02-07 14:56:15 ----D---- C:\Users\Sarah\AppData\Roaming\gtk-2.0
2010-02-07 14:54:15 ----D---- C:\Users\Sarah\AppData\Roaming\.purple
2010-02-07 14:53:36 ----D---- C:\Program Files\Pidgin
2010-02-07 14:53:27 ----D---- C:\Program Files\Common Files\GTK
2010-01-20 20:55:38 ----RSHD---- C:\RECYCLER
======List of files/folders modified in the last 1 months======
2010-02-08 18:18:33 ----RD---- C:\Program Files
2010-02-08 18:11:16 ----D---- C:\Windows\Temp
2010-02-08 18:10:59 ----D---- C:\Windows\Tasks
2010-02-08 18:10:59 ----D---- C:\Windows\system32\Tasks
2010-02-08 18:10:50 ----D---- C:\Program Files\Internet Explorer
2010-02-08 18:10:45 ----D---- C:\Program Files\Apoint2K
2010-02-08 18:10:44 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
2010-02-08 18:10:43 ----D---- C:\Windows\System32
2010-02-08 18:10:43 ----A---- C:\Windows\system32\igfxpers.exe
2010-02-08 18:10:42 ----A---- C:\Windows\system32\hkcmd.exe
2010-02-08 18:10:41 ----A---- C:\Windows\system32\igfxtray.exe
2010-02-08 18:10:22 ----D---- C:\Windows
2010-02-08 18:10:22 ----A---- C:\Windows\ctregrun.exe
2010-02-08 17:23:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-08 17:23:55 ----D---- C:\Windows\inf
2010-02-08 17:20:35 ----D---- C:\Windows\winsxs
2010-02-08 17:20:08 ----D---- C:\Windows\system32\catroot
2010-02-08 17:17:30 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-08 17:16:23 ----D---- C:\Windows\system32\migration
2010-02-08 17:16:23 ----D---- C:\Windows\system32\fr-FR
2010-02-08 17:16:22 ----D---- C:\Windows\system32\drivers
2010-02-08 17:16:22 ----D---- C:\Program Files\Windows Mail
2010-02-08 16:56:26 ----D---- C:\Windows\system32\catroot2
2010-02-08 16:53:20 ----SHD---- C:\Windows\Installer
2010-02-08 16:34:00 ----SHD---- C:\System Volume Information
2010-02-07 21:09:45 ----D---- C:\Windows\Prefetch
2010-02-07 18:56:23 ----HD---- C:\ProgramData
2010-02-07 18:54:07 ----D---- C:\ProgramData\Microsoft Help
2010-02-07 18:45:20 ----RSD---- C:\Windows\assembly
2010-02-07 18:43:15 ----RSD---- C:\Windows\Fonts
2010-02-07 18:43:08 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-07 18:42:45 ----D---- C:\Program Files\Microsoft Works
2010-02-07 17:06:36 ----D---- C:\Windows\system32\en-US
2010-02-07 17:06:36 ----D---- C:\Windows\PolicyDefinitions
2010-02-07 16:56:50 ----D---- C:\Windows\Debug
2010-02-07 16:41:54 ----D---- C:\Program Files\QuickTime
2010-02-07 16:35:10 ----SD---- C:\Windows\Downloaded Program Files
2010-02-07 14:53:27 ----D---- C:\Program Files\Common Files
2010-02-07 14:47:14 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 17:06:44 ----SD---- C:\Users\Sarah\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-07 14208]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-30 82432]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
-----------------EOF-----------------
Je pense que mon ordinateur est sérieusement infecté, Avira antivir détecte environ 80 fichiers infectés, entre autres des trojans: tr/pck.krap.x.182 et tr/agent.x.1935, il me semble qu'ils se propagent car ils apparaissent dans des fichiers différents.
Je viens d'effectuer l'analyse RSIT je poste les résultats obtenus.
En vous remerciant par avance pour votre aide,
Sarah
info.txt logfile of random's system information tool 1.06 2010-02-08 18:19:00
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->"C:\ProgramData\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bibliothèques GTK+ 2.14.7 rev a (supprimer uniquement)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Creative Centrale-->"C:\ProgramData\{90F3B5EB-A471-42F9-A905-991C2DB2312C}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\ProgramData\{90F3B5EB-A471-42F9-A905-991C2DB2312C}\Setup.exe
Creative Software Update-->C:\ProgramData\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}\setup.exe
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DICCIONARIO CLAVE-->C:\Windows\DICCIONARIO CLAVE Uninstaller.exe
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Gestionnaire de disques amovible Creative-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Guide de l'utilisateur Creative ZEN Mozaic-->"C:\Program Files\Creative\Creative ZEN Mozaic\UGRemove.exe" /Product_Name:ZENMozaicUG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Installation Windows Live-->C:\Program Files\Windows
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sarah at 2010-02-08 18:18:32
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 49 GB (52%) free of 95 GB
Total RAM: 2038 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:51, on 08/02/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\kenotify.exe
C:\Program Files\IDM\Desktop SMS\desktopsms.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\tpwrmain.exe
C:\Program Files\TOSHIBA\SmoothView\smoothview.exe
C:\Program Files\TOSHIBA\FlashCards\tcrdmain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\program files\toshiba\toscdspd\toscdspd .exe
C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe
C:\windows\ctregrun .exe
C:\Program Files\Creative\Enregistrement du produit\French\InetReg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sarah\Downloads\RSIT.exe
C:\Program Files\trend micro\Sarah.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\j6yvm9.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O22 - SharedTaskScheduler: dfgfgfiljojigidghu7yuhdiugrh98au - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9751 bytes
======Scheduled tasks folder======
C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}]
C:\Windows\system32\j6yvm9.dll - C:\Windows\system32\j6yvm9.dll [2010-02-07 20000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2010-02-08 56832]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-08 56832]
"HWSetup"=\HWSetup.exe hwSetUP []
"Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2010-02-08 56832]
"RtHDVCpl"=C:\Windows\system32\RtHDVCpl.exe [2010-02-08 56832]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-02-08 56832]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-02-08 56832]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2010-02-08 56832]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-02-08 56832]
"NDSTray.exe"=C:\Windows\system32\NDSTray.exe [2010-02-08 56832]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2010-02-08 56832]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-08 56832]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-08 56832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-08 56832]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2010-02-08 56832]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2010-02-08 56832]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2010-02-08 56832]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-02-08 56832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-08 56832]
"NPSStartup"= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-10-07 1232896]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2010-02-07 56832]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"CTRegRun"=C:\Windows\CTRegRun.EXE [2010-02-08 56832]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"uishf9wuifwuh387fh3wufinhjfdwefe"=C:\Users\Sarah\appdata\local\temp\h83lrq5 .exe [2010-02-08 56832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-02-07 56832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
C:\Program Files\Creative\Software Update 3\SoftAuto.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\kbdsock.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
dfgfgfiljojigidghu7yuhdiugrh98au - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\Windows\system32\j6yvm9.dll [2010-02-07 20000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70a9fa05-cfa8-11de-a52f-001eec05acb1}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4820f3-10cf-11df-907b-001f3c128bdb}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd758b70-1752-11dd-9afc-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-02-08 18:18:33 ----D---- C:\Program Files\trend micro
2010-02-08 18:18:31 ----D---- C:\rsit
2010-02-08 18:10:32 ----A---- C:\Windows\system32\rthdvcpl.exe
2010-02-08 16:54:49 ----A---- C:\Windows\system32\tzres.dll
2010-02-08 16:31:04 ----A---- C:\Windows\system32\nshhttp.dll
2010-02-08 16:30:56 ----A---- C:\Windows\system32\httpapi.dll
2010-02-07 21:34:31 ----A---- C:\Windows\ntbtlog.txt
2010-02-07 21:23:55 ----A---- C:\Windows\system32\dep0odnd.dll
2010-02-07 21:10:46 ----A---- C:\Windows\system32\tqtr9.dll
2010-02-07 21:09:35 ----A---- C:\Windows\system32\vcwfek6.dll
2010-02-07 21:08:09 ----A---- C:\Windows\system32\jca8st6.dll
2010-02-07 20:03:35 ----A---- C:\Windows\system32\ehtje.dll
2010-02-07 18:34:44 ----A---- C:\Windows\system32\t2embed.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\lpk.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\fontsub.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\dciman32.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\atmlib.dll
2010-02-07 18:34:43 ----A---- C:\Windows\system32\atmfd.dll
2010-02-07 18:34:39 ----A---- C:\Windows\system32\jscript.dll
2010-02-07 18:34:35 ----A---- C:\Windows\system32\mshtml.dll
2010-02-07 18:34:33 ----A---- C:\Windows\system32\ieframe.dll
2010-02-07 18:34:30 ----A---- C:\Windows\system32\iertutil.dll
2010-02-07 18:34:29 ----A---- C:\Windows\system32\wininet.dll
2010-02-07 18:34:29 ----A---- C:\Windows\system32\urlmon.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\occache.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-02-07 18:34:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-02-07 18:34:27 ----A---- C:\Windows\system32\ieui.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\msfeedssync.exe
2010-02-07 18:34:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iesysprep.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iesetup.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iernonce.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\iepeers.dll
2010-02-07 18:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-02-07 18:34:13 ----A---- C:\Windows\system32\msxml6.dll
2010-02-07 18:34:13 ----A---- C:\Windows\system32\msxml3.dll
2010-02-07 18:34:12 ----A---- C:\Windows\system32\msxml6r.dll
2010-02-07 18:34:12 ----A---- C:\Windows\system32\msxml3r.dll
2010-02-07 18:34:01 ----A---- C:\Windows\system32\rastls.dll
2010-02-07 18:34:01 ----A---- C:\Windows\system32\raschap.dll
2010-02-07 17:38:34 ----D---- C:\Users\Sarah\AppData\Roaming\ImgBurn
2010-02-07 17:34:01 ----D---- C:\Program Files\ImgBurn
2010-02-07 17:11:54 ----A---- C:\Windows\system32\xd90i.dll
2010-02-07 16:51:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-02-07 16:51:59 ----A---- C:\Windows\system32\icardie.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\msls31.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\mshtmler.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\corpol.dll
2010-02-07 16:51:58 ----A---- C:\Windows\system32\admparse.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\imgutil.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\ieakeng.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\dxtrans.dll
2010-02-07 16:51:57 ----A---- C:\Windows\system32\dxtmsft.dll
2010-02-07 16:51:56 ----A---- C:\Windows\system32\licmgr10.dll
2010-02-07 16:51:56 ----A---- C:\Windows\system32\inseng.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\webcheck.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\msrating.dll
2010-02-07 16:51:55 ----A---- C:\Windows\system32\ieaksie.dll
2010-02-07 16:51:54 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-02-07 16:51:54 ----A---- C:\Windows\system32\wextract.exe
2010-02-07 16:51:54 ----A---- C:\Windows\system32\mstime.dll
2010-02-07 16:51:54 ----A---- C:\Windows\system32\ieakui.dll
2010-02-07 16:51:53 ----A---- C:\Windows\system32\pngfilt.dll
2010-02-07 16:51:53 ----A---- C:\Windows\system32\advpack.dll
2010-02-07 16:51:51 ----A---- C:\Windows\system32\ieapfltr.dll
2010-02-07 16:51:50 ----A---- C:\Windows\system32\vbscript.dll
2010-02-07 16:51:50 ----A---- C:\Windows\system32\url.dll
2010-02-07 16:51:48 ----A---- C:\Windows\system32\mshta.exe
2010-02-07 16:51:48 ----A---- C:\Windows\system32\iexpress.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-02-07 16:51:47 ----A---- C:\Windows\system32\PDMSetup.exe
2010-02-07 16:41:44 ----A---- C:\Windows\system32\ndstray.exe
2010-02-07 16:41:44 ----A---- C:\Windows\system32\ndstray .exe
2010-02-07 16:39:49 ----A---- C:\Windows\system32\j6yvm9.dll
2010-02-07 15:19:53 ----D---- C:\ProgramData\Avira
2010-02-07 15:19:52 ----D---- C:\Program Files\Avira
2010-02-07 14:56:15 ----D---- C:\Users\Sarah\AppData\Roaming\gtk-2.0
2010-02-07 14:54:15 ----D---- C:\Users\Sarah\AppData\Roaming\.purple
2010-02-07 14:53:36 ----D---- C:\Program Files\Pidgin
2010-02-07 14:53:27 ----D---- C:\Program Files\Common Files\GTK
2010-01-20 20:55:38 ----RSHD---- C:\RECYCLER
======List of files/folders modified in the last 1 months======
2010-02-08 18:18:33 ----RD---- C:\Program Files
2010-02-08 18:11:16 ----D---- C:\Windows\Temp
2010-02-08 18:10:59 ----D---- C:\Windows\Tasks
2010-02-08 18:10:59 ----D---- C:\Windows\system32\Tasks
2010-02-08 18:10:50 ----D---- C:\Program Files\Internet Explorer
2010-02-08 18:10:45 ----D---- C:\Program Files\Apoint2K
2010-02-08 18:10:44 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
2010-02-08 18:10:43 ----D---- C:\Windows\System32
2010-02-08 18:10:43 ----A---- C:\Windows\system32\igfxpers.exe
2010-02-08 18:10:42 ----A---- C:\Windows\system32\hkcmd.exe
2010-02-08 18:10:41 ----A---- C:\Windows\system32\igfxtray.exe
2010-02-08 18:10:22 ----D---- C:\Windows
2010-02-08 18:10:22 ----A---- C:\Windows\ctregrun.exe
2010-02-08 17:23:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-08 17:23:55 ----D---- C:\Windows\inf
2010-02-08 17:20:35 ----D---- C:\Windows\winsxs
2010-02-08 17:20:08 ----D---- C:\Windows\system32\catroot
2010-02-08 17:17:30 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-08 17:16:23 ----D---- C:\Windows\system32\migration
2010-02-08 17:16:23 ----D---- C:\Windows\system32\fr-FR
2010-02-08 17:16:22 ----D---- C:\Windows\system32\drivers
2010-02-08 17:16:22 ----D---- C:\Program Files\Windows Mail
2010-02-08 16:56:26 ----D---- C:\Windows\system32\catroot2
2010-02-08 16:53:20 ----SHD---- C:\Windows\Installer
2010-02-08 16:34:00 ----SHD---- C:\System Volume Information
2010-02-07 21:09:45 ----D---- C:\Windows\Prefetch
2010-02-07 18:56:23 ----HD---- C:\ProgramData
2010-02-07 18:54:07 ----D---- C:\ProgramData\Microsoft Help
2010-02-07 18:45:20 ----RSD---- C:\Windows\assembly
2010-02-07 18:43:15 ----RSD---- C:\Windows\Fonts
2010-02-07 18:43:08 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-07 18:42:45 ----D---- C:\Program Files\Microsoft Works
2010-02-07 17:06:36 ----D---- C:\Windows\system32\en-US
2010-02-07 17:06:36 ----D---- C:\Windows\PolicyDefinitions
2010-02-07 16:56:50 ----D---- C:\Windows\Debug
2010-02-07 16:41:54 ----D---- C:\Program Files\QuickTime
2010-02-07 16:35:10 ----SD---- C:\Windows\Downloaded Program Files
2010-02-07 14:53:27 ----D---- C:\Program Files\Common Files
2010-02-07 14:47:14 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 17:06:44 ----SD---- C:\Users\Sarah\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-07 14208]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-30 82432]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
-----------------EOF-----------------
Configuration: Windows Vista Firefox 3.6
1 réponse
Salut Sarah ,
Tu as une infection Delphi .
• Télécharge UsbFix sur ton Bureau :
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.
• Double clic sur UsbFix.exe présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
• Ton bureau disparaîtra et le pc redémarrera.
• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : https://www.androidworld.fr/
Tu as une infection Delphi .
• Télécharge UsbFix sur ton Bureau :
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.
• Double clic sur UsbFix.exe présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
• Ton bureau disparaîtra et le pc redémarrera.
• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : https://www.androidworld.fr/
