Sujet Précédent Sujet Suivant

Rootkit

zwawi -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
mon antivirus (avast 4.8 home edition) m'a signalé au démarrage de mon ordinateurs que j'étais infcté par un fichier caché rootkit.
la tentative de suppression a échoué et le scan programmé au démarrage n'a rien détécté.
je ne sais pas quoi faire!!!
merci de m'aider
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu as le nom du fichier rootkit ?

fais ça :

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Ferme Hijackthis en cliquant sur la croix-rouge.

Télécharge ce programme puis double clic dessus (ferme ton antivirus le temps du
téléchargement s'il te détecte quoi que ce soit et réactive le après)
http://www.suspectfile.com/systemscan/

Clique sur Unselect all

Coche uniquement ces cases :

- Recent Files, 30 days

- Registry run keys

- Scheduled jobs

- Services and drivers

- Suspicious files

- Include hijackthis log

Puis clic sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et
vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
Réponse 2 / 27
zwawi
 
non je n'ai pas son nom. je te dis dès que j'ai fait ce que tu m'a dis
0
Réponse 3 / 27
zwawi
 
dis moi, dois-je clicker download installer ou bien executable???
0
Réponse 4 / 27
zwawi
 
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\YAX\Bureau\sys55918.exe
Running in: User mode
Date: 09/04/2008
Time: 18:54:04

Output limited to:
-Recent files
-Registry Run Keys
-Scheduled jobs
-Services and Drivers (all)
-Suspicious Files
-Include HIJACKTHIS.log

===================== RECENT FILES =====================

Showing files newer than 30 days

----- recent files in C:\
24/03/2008 20:37:40 212 byte 16 days old -- boot.ini
24/03/2008 20:43:18 0 byte 16 days old -- CONFIG.SYS
24/03/2008 20:43:18 0 byte 16 days old -- MSDOS.SYS
24/03/2008 20:43:18 0 byte 16 days old -- IO.SYS
24/03/2008 20:43:18 0 byte 16 days old -- AUTOEXEC.BAT
24/03/2008 20:48:21 (DIR) 0 byte 16 days old -- Documents and Settings
24/03/2008 21:03:21 (DIR) 0 byte 16 days old -- MSOCache
24/03/2008 21:44:26 499 byte 16 days old -- RHDSetup.log
24/03/2008 21:47:33 195 byte 16 days old -- LAN.log
24/03/2008 23:09:06 (DIR) 0 byte 16 days old -- RECYCLER
31/03/2008 15:19:12 (DIR) 0 byte 9 days old -- System Volume Information
06/04/2008 14:05:35 (DIR) 0 byte 3 days old -- Program Files
06/04/2008 14:28:34 (DIR) 0 byte 3 days old -- Config.Msi
09/04/2008 12:59:42 268 byte 0 days old -- sqmdata00.sqm
09/04/2008 12:59:42 244 byte 0 days old -- sqmnoopt00.sqm
09/04/2008 18:15:39 1610612736 byte 0 days old -- pagefile.sys
09/04/2008 18:15:58 53 byte 0 days old -- biosinfo
09/04/2008 18:48:14 (DIR) 0 byte 0 days old -- WINDOWS

----- recent files in C:\WINDOWS\
24/03/2008 20:39:27 (DIR) 0 byte 16 days old -- Cursors
24/03/2008 20:39:53 37 byte 16 days old -- vbaddin.ini
24/03/2008 20:39:53 36 byte 16 days old -- vb.ini
24/03/2008 20:42:05 (DIR) 0 byte 16 days old -- srchasst
24/03/2008 20:42:20 749 byte 16 days old -- WindowsShell.Manifest
24/03/2008 20:42:25 (DIR) 0 byte 16 days old -- Offline Web Pages
24/03/2008 20:42:27 (DIR) 0 byte 16 days old -- Web
24/03/2008 20:43:03 (DIR) 0 byte 16 days old -- Registration
24/03/2008 20:43:06 4205 byte 16 days old -- ODBCINST.INI
24/03/2008 20:43:18 0 byte 16 days old -- control.ini
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- repair
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- ime
24/03/2008 20:46:19 8192 byte 16 days old -- REGLOCS.OLD
24/03/2008 20:48:29 833 byte 16 days old -- OEWABLog.txt
24/03/2008 21:03:55 552 byte 16 days old -- win.ini
24/03/2008 21:05:49 (DIR) 0 byte 16 days old -- pchealth
24/03/2008 21:06:06 (DIR) 0 byte 16 days old -- SHELLNEW
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- addins
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- Driver Cache
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- java
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- Config
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- Resources
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- Provisioning
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- Connection Wizard
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- msapps
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- mui
24/03/2008 21:28:32 (DIR) 0 byte 16 days old -- msagent
24/03/2008 21:28:56 (DIR) 0 byte 16 days old -- PeerNet
24/03/2008 21:29:11 (DIR) 0 byte 16 days old -- Media
24/03/2008 21:29:14 (DIR) 0 byte 16 days old -- ehome
24/03/2008 21:29:15 (DIR) 0 byte 16 days old -- AppPatch
24/03/2008 21:29:44 19395 byte 16 days old -- Ascd_tmp.ini
24/03/2008 21:30:42 670 byte 16 days old -- setup.iss
24/03/2008 21:30:43 0 byte 16 days old -- setuperr.log
24/03/2008 21:31:32 (DIR) 0 byte 16 days old -- system
24/03/2008 21:31:49 231 byte 16 days old -- system.ini
24/03/2008 21:34:03 (DIR) 0 byte 16 days old -- $MSI31Uninstall_KB893803v2$
24/03/2008 21:34:13 1374 byte 16 days old -- imsins.BAK
24/03/2008 21:34:22 0 byte 16 days old -- Sti_Trace.log
24/03/2008 21:41:38 (DIR) 0 byte 16 days old -- ASUSInstAll
24/03/2008 21:41:50 (DIR) 0 byte 16 days old -- security
24/03/2008 21:43:50 (DIR) 0 byte 16 days old -- $NtUninstallKB888111WXPSP2$
24/03/2008 21:45:53 (DIR) 0 byte 16 days old -- JM
24/03/2008 21:45:56 19709 byte 16 days old -- Ascd_log.ini
24/03/2008 21:47:00 0 byte 16 days old -- AS_Debug.txt
24/03/2008 21:47:16 (DIR) 0 byte 16 days old -- OPTIONS
24/03/2008 21:55:06 (DIR) 0 byte 16 days old -- nview
24/03/2008 21:56:31 0 byte 16 days old -- msicpl.ini
24/03/2008 22:49:49 118784 byte 16 days old -- bwUnin-7.2.0.137-8876480SL.exe
24/03/2008 22:54:51 (DIR) 0 byte 16 days old -- twain_32
25/03/2008 12:22:27 (DIR) 0 byte 15 days old -- StartHtmico
25/03/2008 12:38:10 (DIR) 0 byte 15 days old -- Debug
25/03/2008 13:13:01 (DIR) 0 byte 15 days old -- assembly
25/03/2008 13:13:01 (DIR) 0 byte 15 days old -- Microsoft.NET
25/03/2008 13:36:53 (DIR) 0 byte 15 days old -- SoftwareDistribution
25/03/2008 13:36:53 (DIR) 0 byte 15 days old -- Help
25/03/2008 22:31:22 14536 byte 15 days old -- DPINST.LOG
26/03/2008 12:47:08 (DIR) 0 byte 14 days old -- Sun
26/03/2008 19:32:14 (DIR) 0 byte 14 days old -- Downloaded Program Files
26/03/2008 21:19:21 5817 byte 14 days old -- mgxoschk.ini
27/03/2008 13:43:03 316640 byte 13 days old -- WMSysPr9.prx
28/03/2008 20:44:25 (DIR) 0 byte 12 days old -- Fonts
28/03/2008 20:44:55 (DIR) 0 byte 12 days old -- WinSxS
28/03/2008 20:45:06 61193 byte 12 days old -- setupapi.log
28/03/2008 22:31:27 33 byte 12 days old -- Multimedia manager.INI
31/03/2008 12:14:23 (DIR) 0 byte 9 days old -- Tasks
01/04/2008 19:56:18 1409 byte 8 days old -- QTFont.for
04/04/2008 23:05:21 48708 byte 5 days old -- wmsetup.log
06/04/2008 14:02:25 54156 byte 3 days old -- QTFont.qfn
06/04/2008 14:05:45 (DIR) 0 byte 3 days old -- Installer
09/04/2008 13:05:55 23418 byte 0 days old -- SchedLgU.Txt
09/04/2008 18:15:43 2048 byte 0 days old -- bootstat.dat
09/04/2008 18:15:51 50 byte 0 days old -- wiaservc.log
09/04/2008 18:15:52 157 byte 0 days old -- wiadebug.log
09/04/2008 18:15:53 0 byte 0 days old -- 0.log
09/04/2008 18:48:09 (DIR) 0 byte 0 days old -- LastGood
09/04/2008 18:48:10 (DIR) 0 byte 0 days old -- $hf_mig$
09/04/2008 18:48:10 (DIR) 0 byte 0 days old -- $NtUninstallKB898461$
09/04/2008 18:48:11 (DIR) 0 byte 0 days old -- Temp
09/04/2008 18:48:12 (DIR) 0 byte 0 days old -- system32
09/04/2008 18:48:13 0 byte 0 days old -- setupact.log
09/04/2008 18:48:14 1896 byte 0 days old -- msmqinst.log
09/04/2008 18:48:15 311 byte 0 days old -- tabletoc.log
09/04/2008 18:48:15 2821 byte 0 days old -- tsoc.log
09/04/2008 18:48:15 1355 byte 0 days old -- imsins.log
09/04/2008 18:48:15 7116 byte 0 days old -- KB898461.log
09/04/2008 18:48:15 425 byte 0 days old -- MedCtrOC.log
09/04/2008 18:48:15 2063 byte 0 days old -- comsetup.log
09/04/2008 18:48:15 6182 byte 0 days old -- FaxSetup.log
09/04/2008 18:48:15 6649 byte 0 days old -- iis6.log
09/04/2008 18:48:15 2916 byte 0 days old -- ocgen.log
09/04/2008 18:48:15 1247 byte 0 days old -- ntdtcsetup.log
09/04/2008 18:48:15 1083 byte 0 days old -- netfxocm.log
09/04/2008 18:48:15 342 byte 0 days old -- ocmsn.log
09/04/2008 18:48:15 309 byte 0 days old -- msgsocm.log
09/04/2008 18:49:38 8324 byte 0 days old -- KB873339.log
09/04/2008 18:49:38 (DIR) 0 byte 0 days old -- inf
09/04/2008 18:50:01 1258142 byte 0 days old -- WindowsUpdate.log
09/04/2008 18:53:55 14998 byte 0 days old -- ModemLog_Siemens AG WM USB Modem.txt
09/04/2008 18:54:04 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
24/03/2008 20:42:25 65 byte 16 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
24/03/2008 20:37:59 (DIR) 0 byte 16 days old -- spool
24/03/2008 20:39:48 (DIR) 0 byte 16 days old -- MsDtc
24/03/2008 20:40:03 21892 byte 16 days old -- emptyregdb.dat
24/03/2008 20:40:05 (DIR) 0 byte 16 days old -- Com
24/03/2008 20:41:38 (DIR) 0 byte 16 days old -- oobe
24/03/2008 20:41:50 (DIR) 0 byte 16 days old -- DirectX
24/03/2008 20:42:20 749 byte 16 days old -- cdplayer.exe.manifest
24/03/2008 20:42:20 749 byte 16 days old -- sapi.cpl.manifest
24/03/2008 20:42:20 749 byte 16 days old -- ncpa.cpl.manifest
24/03/2008 20:42:20 749 byte 16 days old -- wuaucpl.cpl.manifest
24/03/2008 20:42:20 749 byte 16 days old -- nwc.cpl.manifest
24/03/2008 20:42:25 488 byte 16 days old -- logonui.exe.manifest
24/03/2008 20:42:25 488 byte 16 days old -- WindowsLogon.manifest
24/03/2008 20:42:55 (DIR) 0 byte 16 days old -- ias
24/03/2008 20:43:15 23392 byte 16 days old -- nscompat.tlb
24/03/2008 20:43:15 16832 byte 16 days old -- amcompat.tlb
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- wbem
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- xircom
24/03/2008 20:45:34 261 byte 16 days old -- $winnt$.inf
24/03/2008 20:46:43 (DIR) 0 byte 16 days old -- Microsoft
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- dhcp
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- inetsrv
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- mui
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- export
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- IME
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1042
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1041
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 3com_dmi
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 2052
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1054
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 3076
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- wins
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1028
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- ShellExt
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1025
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1037
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- 1031
24/03/2008 21:25:27 (DIR) 0 byte 16 days old -- 1033
24/03/2008 21:26:08 (DIR) 0 byte 16 days old -- icsxml
24/03/2008 21:26:16 (DIR) 0 byte 16 days old -- ras
24/03/2008 21:26:30 (DIR) 0 byte 16 days old -- 1036
24/03/2008 21:28:39 (DIR) 0 byte 16 days old -- npp
24/03/2008 21:29:24 (DIR) 0 byte 16 days old -- usmt
24/03/2008 21:29:37 (DIR) 0 byte 16 days old -- Setup
24/03/2008 21:31:10 (DIR) 0 byte 16 days old -- CatRoot
24/03/2008 21:37:28 0 byte 16 days old -- h323log.txt
24/03/2008 21:41:02 (DIR) 0 byte 16 days old -- ReinstallBackups
24/03/2008 21:44:23 (DIR) 0 byte 16 days old -- RTCOM
24/03/2008 21:45:30 (DIR) 0 byte 16 days old -- Lang
24/03/2008 21:45:32 940794 byte 16 days old -- LoopyMusic.wav
24/03/2008 21:45:32 146650 byte 16 days old -- BuzzingBee.wav
24/03/2008 22:21:17 (DIR) 0 byte 16 days old -- Color
24/03/2008 22:55:08 3101 byte 16 days old -- lvcoinst.log
25/03/2008 12:31:41 75 byte 15 days old -- LuResult.txt
25/03/2008 13:28:56 (DIR) 0 byte 15 days old -- config
25/03/2008 13:36:34 (DIR) 0 byte 15 days old -- SoftwareDistribution
25/03/2008 14:09:24 479298 byte 15 days old -- wbocx.ocx
25/03/2008 14:09:24 172032 byte 15 days old -- AniGIF.ocx
25/03/2008 14:09:24 50688 byte 15 days old -- wbhelp2.dll
25/03/2008 21:54:06 (DIR) 0 byte 15 days old -- dllcache
26/03/2008 12:46:44 6408 byte 14 days old -- jupdate-1.6.0_05-b13.log
26/03/2008 20:10:23 (DIR) 0 byte 14 days old -- Macromed
26/03/2008 21:18:40 (DIR) 0 byte 14 days old -- MAGIX
26/03/2008 21:36:37 306432 byte 14 days old -- TuneUpDefragService.exe
26/03/2008 21:39:05 34308 byte 14 days old -- BASSMOD.dll
27/03/2008 13:42:31 (DIR) 0 byte 13 days old -- Samsung_USB_Drivers
29/03/2008 09:20:17 378448 byte 11 days old -- FNTCACHE.DAT
29/03/2008 19:23:22 95608 byte 11 days old -- AvastSS.scr
29/03/2008 19:45:49 1146232 byte 11 days old -- aswBoot.exe
30/03/2008 13:03:28 392432 byte 10 days old -- perfh009.dat
30/03/2008 13:03:28 71488 byte 10 days old -- perfc00C.dat
30/03/2008 13:03:28 58732 byte 10 days old -- perfc009.dat
30/03/2008 13:03:28 458648 byte 10 days old -- perfh00C.dat
30/03/2008 13:03:28 991946 byte 10 days old -- PerfStringBackup.INI
31/03/2008 09:39:16 3121 byte 9 days old -- CONFIG.NT
31/03/2008 12:14:16 (DIR) 0 byte 9 days old -- DRVSTORE
31/03/2008 15:19:12 (DIR) 0 byte 9 days old -- Restore
01/04/2008 09:47:38 (DIR) 0 byte 8 days old -- drivers
03/04/2008 18:45:39 2206 byte 6 days old -- wpa.dbl
09/04/2008 18:15:47 81191 byte 0 days old -- nvapps.xml
09/04/2008 18:48:09 (DIR) 0 byte 0 days old -- CatRoot2
09/04/2008 18:48:12 (DIR) 0 byte 0 days old -- PreInstall

----- recent files in C:\WINDOWS\system32\drivers\
24/03/2008 21:24:27 (DIR) 0 byte 16 days old -- disdn
24/03/2008 21:26:13 (DIR) 0 byte 16 days old -- etc
29/03/2008 19:26:52 26944 byte 11 days old -- aavmker4.sys
29/03/2008 19:27:33 42912 byte 11 days old -- aswTdi.sys
29/03/2008 19:29:08 23152 byte 11 days old -- aswRdr.sys
29/03/2008 19:31:34 75856 byte 11 days old -- aswSP.sys
29/03/2008 19:35:21 94544 byte 11 days old -- aswmon2.sys
29/03/2008 19:35:49 20560 byte 11 days old -- aswFsBlk.sys

----- recent files in C:\WINDOWS\temp\
24/03/2008 22:51:50 7294 byte 16 days old -- InstExec.log
24/03/2008 22:55:54 41109 byte 16 days old -- CamWizrd.log
24/03/2008 22:56:02 1458 byte 16 days old -- CamServr.log
25/03/2008 18:10:28 16384 byte 15 days old -- Perflib_Perfdata_a18.dat
27/03/2008 14:57:54 16384 byte 13 days old -- Perflib_Perfdata_564.dat
28/03/2008 00:20:54 16384 byte 12 days old -- Perflib_Perfdata_aa8.dat
08/04/2008 18:17:44 55679 byte 1 days old -- fa56d7ec.$$$
09/04/2008 18:15:45 45091 byte 0 days old -- bca4e2da.$$$
09/04/2008 18:15:49 16384 byte 0 days old -- Perflib_Perfdata_5a8.dat
09/04/2008 18:52:39 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
24/03/2008 20:38:42 (DIR) 0 byte 16 days old -- MSN
24/03/2008 20:39:17 (DIR) 0 byte 16 days old -- Windows NT
24/03/2008 20:39:33 (DIR) 0 byte 16 days old -- MSN Gaming Zone
24/03/2008 20:39:39 (DIR) 0 byte 16 days old -- Messenger
24/03/2008 20:39:42 (DIR) 0 byte 16 days old -- Online Services
24/03/2008 20:39:55 (DIR) 0 byte 16 days old -- ComPlus Applications
24/03/2008 20:40:56 (DIR) 0 byte 16 days old -- Movie Maker
24/03/2008 20:41:09 (DIR) 0 byte 16 days old -- Outlook Express
24/03/2008 20:41:14 (DIR) 0 byte 16 days old -- NetMeeting
24/03/2008 20:42:13 (DIR) 0 byte 16 days old -- Services en ligne
24/03/2008 20:42:17 (DIR) 0 byte 16 days old -- WindowsUpdate
24/03/2008 20:43:18 (DIR) 0 byte 16 days old -- Windows Media Player
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- xerox
24/03/2008 20:43:34 (DIR) 0 byte 16 days old -- microsoft frontpage
24/03/2008 20:48:26 (DIR) 0 byte 16 days old -- Uninstall Information
24/03/2008 21:06:09 (DIR) 0 byte 16 days old -- Microsoft Visual Studio
24/03/2008 21:06:10 (DIR) 0 byte 16 days old -- Microsoft Office
24/03/2008 21:06:15 (DIR) 0 byte 16 days old -- MSBuild
24/03/2008 21:06:21 (DIR) 0 byte 16 days old -- Microsoft Works
24/03/2008 21:30:59 (DIR) 0 byte 16 days old -- ASUS
24/03/2008 21:31:20 (DIR) 0 byte 16 days old -- Adobe
24/03/2008 21:40:50 (DIR) 0 byte 16 days old -- VIA
24/03/2008 21:47:16 (DIR) 0 byte 16 days old -- Realtek
24/03/2008 22:02:15 (DIR) 0 byte 16 days old -- E-Color
24/03/2008 22:04:09 (DIR) 0 byte 16 days old -- Internet Explorer
24/03/2008 22:13:43 (DIR) 0 byte 16 days old -- MSI
24/03/2008 22:37:30 (DIR) 0 byte 16 days old -- WinRAR
24/03/2008 22:50:05 (DIR) 0 byte 16 days old -- Logitech
25/03/2008 12:23:59 (DIR) 0 byte 15 days old -- Canon
25/03/2008 12:42:56 (DIR) 0 byte 15 days old -- Alwil Software
25/03/2008 13:27:40 (DIR) 0 byte 15 days old -- mobile PhoneTools
25/03/2008 19:28:16 (DIR) 0 byte 15 days old -- Skype
25/03/2008 19:28:22 (DIR) 0 byte 15 days old -- Google
25/03/2008 22:31:12 (DIR) 0 byte 15 days old -- Windows Live
25/03/2008 23:01:27 (DIR) 0 byte 15 days old -- Outsim
25/03/2008 23:01:56 (DIR) 0 byte 15 days old -- Image-Line
26/03/2008 12:46:44 (DIR) 0 byte 14 days old -- Java
27/03/2008 13:42:06 (DIR) 0 byte 13 days old -- Samsung
28/03/2008 20:44:30 (DIR) 0 byte 12 days old -- Windows Media Components
28/03/2008 20:44:47 (DIR) 0 byte 12 days old -- InstallShield Installation Information
30/03/2008 14:14:13 (DIR) 0 byte 10 days old -- TuneUp Utilities 2008
31/03/2008 12:14:07 (DIR) 0 byte 9 days old -- Fichiers communs
31/03/2008 12:14:22 (DIR) 0 byte 9 days old -- Apple Software Update
31/03/2008 15:25:14 (DIR) 0 byte 9 days old -- Bonjour

----- recent files in C:\Program Files\Fichiers communs\
24/03/2008 20:41:08 (DIR) 0 byte 16 days old -- MSSoap
24/03/2008 20:41:13 (DIR) 0 byte 16 days old -- Services
24/03/2008 21:03:54 (DIR) 0 byte 16 days old -- System
24/03/2008 21:06:09 (DIR) 0 byte 16 days old -- DESIGNER
24/03/2008 21:31:26 (DIR) 0 byte 16 days old -- Adobe
24/03/2008 21:31:51 (DIR) 0 byte 16 days old -- SpeechEngines
24/03/2008 21:31:54 (DIR) 0 byte 16 days old -- ODBC
24/03/2008 21:43:04 (DIR) 0 byte 16 days old -- InstallShield
24/03/2008 22:51:49 (DIR) 0 byte 16 days old -- Logitech
25/03/2008 12:34:43 (DIR) 0 byte 15 days old -- Symantec Shared
25/03/2008 19:28:13 (DIR) 0 byte 15 days old -- Skype
25/03/2008 22:30:59 (DIR) 0 byte 15 days old -- WindowsLiveInstaller
26/03/2008 12:14:55 (DIR) 0 byte 14 days old -- Java
26/03/2008 21:18:58 (DIR) 0 byte 14 days old -- MAGIX Shared
26/03/2008 21:45:38 (DIR) 0 byte 14 days old -- Wise Installation Wizard
28/03/2008 20:42:45 (DIR) 0 byte 12 days old -- Microsoft Shared
28/03/2008 20:44:29 (DIR) 0 byte 12 days old -- Ulead Systems
28/03/2008 20:44:55 (DIR) 0 byte 12 days old -- InterVideo
31/03/2008 12:14:07 (DIR) 0 byte 9 days old -- Apple

----- recent files in C:\Documents and Settings\YAX\Application Data\
24/03/2008 20:48:27 (DIR) 0 byte 16 days old -- Identities
24/03/2008 20:59:01 (DIR) 0 byte 16 days old -- TuneUp Software
24/03/2008 21:31:22 62 byte 16 days old -- desktop.ini
25/03/2008 13:27:06 (DIR) 0 byte 15 days old -- InstallShield
25/03/2008 19:36:28 (DIR) 0 byte 15 days old -- Adobe
25/03/2008 20:09:23 (DIR) 0 byte 15 days old -- Google
26/03/2008 12:47:08 (DIR) 0 byte 14 days old -- Sun
26/03/2008 19:39:26 (DIR) 0 byte 14 days old -- Macromedia
27/03/2008 20:26:44 (DIR) 0 byte 13 days old -- Samsung
27/03/2008 20:26:45 (DIR) 0 byte 13 days old -- ConvertTemp
27/03/2008 20:26:45 (DIR) 0 byte 13 days old -- Temporary
28/03/2008 20:21:05 (DIR) 0 byte 12 days old -- Microsoft
28/03/2008 21:04:07 (DIR) 0 byte 12 days old -- Ulead Systems
31/03/2008 17:49:45 (DIR) 0 byte 9 days old -- Apple Computer
06/04/2008 14:30:51 (DIR) 0 byte 3 days old -- LimeWire
08/04/2008 19:54:24 (DIR) 0 byte 1 days old -- Malwarebytes
08/04/2008 20:23:41 (DIR) 0 byte 1 days old -- skypePM
08/04/2008 20:51:43 (DIR) 0 byte 1 days old -- Skype
08/04/2008 21:33:37 (DIR) 0 byte 1 days old -- TransRender

----- recent files in C:\DOCUME~1\YAX\LOCALS~1\Temp\
24/03/2008 21:45:30 27237 byte 16 days old -- French.bin
24/03/2008 21:54:11 (DIR) 0 byte 16 days old -- issC.tmp
24/03/2008 21:54:11 (DIR) 0 byte 16 days old -- {066073D6-2714-4C26-B11C-180D954B60C0}
24/03/2008 22:49:50 24613 byte 16 days old -- IadHide5.dll
24/03/2008 22:49:58 (DIR) 0 byte 16 days old -- ins1.tmp
24/03/2008 22:49:59 (DIR) 0 byte 16 days old -- issF2.tmp
24/03/2008 22:52:42 (DIR) 0 byte 16 days old -- issEF.tmp
24/03/2008 22:53:54 (DIR) 0 byte 16 days old -- iss1.tmp
25/03/2008 19:40:36 (DIR) 0 byte 15 days old -- Google Toolbar
25/03/2008 23:01:47 (DIR) 0 byte 15 days old -- FL Studio
26/03/2008 12:45:19 (DIR) 0 byte 14 days old -- bye2D.tmp
26/03/2008 12:47:23 (DIR) 0 byte 14 days old -- iss43.tmp
26/03/2008 12:47:48 (DIR) 0 byte 14 days old -- iss44.tmp
26/03/2008 12:48:30 (DIR) 0 byte 14 days old -- iss49.tmp
26/03/2008 19:05:34 (DIR) 0 byte 14 days old -- ~nsu.tmp
26/03/2008 20:38:38 (DIR) 0 byte 14 days old -- mgxlicense
26/03/2008 20:47:54 (DIR) 0 byte 14 days old -- mgxgroups
27/03/2008 13:43:18 (DIR) 0 byte 13 days old -- bye21.tmp
28/03/2008 20:20:32 (DIR) 0 byte 12 days old -- VBE
29/03/2008 09:33:14 (DIR) 0 byte 11 days old -- isp5.tmp
29/03/2008 09:33:14 (DIR) 0 byte 11 days old -- TxtFiles
29/03/2008 09:33:14 (DIR) 0 byte 11 days old -- isp6.tmp
29/03/2008 09:33:14 (DIR) 0 byte 11 days old -- isp7.tmp
29/03/2008 13:57:13 (DIR) 0 byte 11 days old -- {56C05F3B-674E-4F73-A413-184C5F707DB3}
30/03/2008 13:12:16 (DIR) 0 byte 10 days old -- {5E2B6DF8-7D84-41D0-B931-B622D5B6AB8D}
30/03/2008 13:12:16 (DIR) 0 byte 10 days old -- isp2F.tmp
30/03/2008 13:12:16 (DIR) 0 byte 10 days old -- iss2E.tmp
30/03/2008 23:33:08 (DIR) 0 byte 10 days old -- msxmlwr
31/03/2008 14:24:05 (DIR) 0 byte 9 days old -- msohtmlclip
31/03/2008 14:24:05 (DIR) 0 byte 9 days old -- msohtmlclip1
31/03/2008 15:19:19 0 byte 9 days old -- SBC1.tmp
31/03/2008 15:25:08 3397 byte 9 days old -- qtplugin.log
31/03/2008 15:26:08 305 byte 9 days old -- GEARInstall.log
31/03/2008 18:46:33 0 byte 9 days old -- SBC2.tmp
01/04/2008 09:27:35 0 byte 8 days old -- SBC3.tmp
01/04/2008 09:37:35 0 byte 8 days old -- SBC4.tmp
01/04/2008 12:27:02 0 byte 8 days old -- SBC6.tmp
04/04/2008 13:30:58 16384 byte 5 days old -- ~DFEA4.tmp
04/04/2008 13:34:38 0 byte 5 days old -- SBC5.tmp
04/04/2008 23:05:16 12818 byte 5 days old -- control.xml
04/04/2008 23:14:37 3506 byte 5 days old -- aa87_appcompat.txt
05/04/2008 14:18:32 0 byte 4 days old -- SBC7.tmp
05/04/2008 17:23:14 0 byte 4 days old -- SBC8.tmp
06/04/2008 13:09:46 (DIR) 0 byte 3 days old -- hsperfdata_YAX
06/04/2008 14:05:08 14014 byte 3 days old -- QTInstallCode.log
06/04/2008 14:28:53 0 byte 3 days old -- SBC9.tmp
06/04/2008 19:23:42 49152 byte 3 days old -- ~DF4C8D.tmp
07/04/2008 12:32:10 0 byte 2 days old -- SBCA.tmp
08/04/2008 12:03:47 0 byte 1 days old -- SBCB.tmp
08/04/2008 18:15:11 0 byte 1 days old -- SBCC.tmp
08/04/2008 19:01:39 0 byte 1 days old -- SBCD.tmp
08/04/2008 19:34:25 (DIR) 0 byte 1 days old -- _avast4_
08/04/2008 19:53:46 (DIR) 0 byte 1 days old -- is-IJ2U2.tmp
08/04/2008 19:53:48 (DIR) 0 byte 1 days old -- is-B0NC7.tmp
08/04/2008 20:03:03 311296 byte 1 days old -- ~DFF99A.tmp
08/04/2008 20:52:27 311296 byte 1 days old -- ~DFE8A7.tmp
09/04/2008 08:31:35 0 byte 0 days old -- SBCE.tmp
09/04/2008 12:34:27 0 byte 0 days old -- SBCF.tmp
09/04/2008 18:15:48 40248 byte 0 days old -- LVCOMSX.LOG
09/04/2008 18:17:32 (DIR) 0 byte 0 days old -- __SkypeIEToolbar_Cache
09/04/2008 18:18:46 512 byte 0 days old -- ~DF6ABB.tmp
09/04/2008 18:18:46 163840 byte 0 days old -- ~DF6A9D.tmp
09/04/2008 18:19:06 163840 byte 0 days old -- ~DFDCC2.tmp
09/04/2008 18:19:06 512 byte 0 days old -- ~DFDCD4.tmp
09/04/2008 18:20:48 7031 byte 0 days old -- jusched.log
09/04/2008 18:50:05 (DIR) 0 byte 0 days old -- MessengerCache
09/04/2008 18:52:13 49 byte 0 days old -- systemscan.ini
09/04/2008 18:52:13 (DIR) 0 byte 0 days old -- nsn5C.tmp
09/04/2008 18:52:13 16384 byte 0 days old -- ~DFDBDF.tmp

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SW20"="C:\WINDOWS\system32\sw20.exe"
"SW24"="C:\WINDOWS\system32\sw24.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe /automation"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"DownloadAccelerator"="\"D:\Program Files\DAP\DAP.EXE\" /STARTUP"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"TrayServer"="D:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe"
"UVS11 Preload"="D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
"TuneUp MemOptimizer"="\"C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe\" autostart"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mappage de zones Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
#### HKCR\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\InprocServer32 @="C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll"
@="Skype add-on (mastermind)"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000308

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Program Files\DAP\DAP.exe"="D:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7ABA1A84-7525-483C-9B20-C1FB67AA6CCF}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.6.0_05\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Logiciel de navigation hors connexion"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Aide sur Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Outils d'installation Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Améliorations pour la navigation"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accès au site MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Liaison de données Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Polices de base Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Macromedia Shockwave Flash"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Aide HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {C60B15DB-30E1-49DA-AB92-AAA8C8554164} REG_BINARY 0F00000000000000000000000000000017ECFC47F900000000000000000000
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Clique sur Unselect all

Coche uniquement ces cases :

- Scheduled jobs

- Services and drivers

- Suspicious files

- Include hijackthis log

Puis clic sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et
vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
Réponse 6 / 27
zwawi
 
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\YAX\Bureau\sys55918.exe
Running in: User mode
Date: 09/04/2008
Time: 19:38:13

Output limited to:
-Scheduled jobs
-Services and Drivers (all)
-Suspicious Files
-Include HIJACKTHIS.log

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

02/10/2001 20:18:30 65 byte 2381 days old -- C:\WINDOWS\tasks\desktop.ini
26/03/2008 21:36:44 390 byte 14 days old -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
31/03/2008 12:14:24 284 byte 9 days old -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
09/04/2008 18:15:48 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 21:45:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 21:45:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 21:50:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 21:50:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 21:55:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 21:55:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 22:00:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 22:00:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 22:05:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 22:05:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 22:10:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 22:10:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 24/03/2008 22:15:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 24/03/2008 22:15:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 25/03/2008 11:20:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 25/03/2008 11:20:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 25/03/2008 11:25:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 25/03/2008 11:25:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Symantec NetDetect.job" (NDETECT.EXE)
Démarré à 25/03/2008 11:30:00
"Symantec NetDetect.job" (NDETECT.EXE)
Quitté à 25/03/2008 11:30:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Aavmker4" - avast! Asynchronous Virus Monitor
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

001) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

002) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

003) "ACPI" - Pilote ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

004) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

005) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

006) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER

007) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

008) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

009) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

010) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

013) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

014) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

015) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

016) "AsIO" - AsIO
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\AsIO.sys
---> TYPE = KERNEL_DRIVER

017) "aswFsBlk" - aswFsBlk
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\aswFsBlk.sys
---> TYPE = FILE_SYSTEM_DRIVER

018) "aswMon2" - avast! Standard Shield Support
---> STAT = (RUNNING) Started automatically
---> TYPE = FILE_SYSTEM_DRIVER

019) "aswRdr" - aswRdr
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

020) "aswSP" - avast! Self Protection
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

021) "aswTdi" - avast! Network Shield Support
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

022) "AsyncMac" - Pilote de média asynchrone RAS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

023) "atapi" - Contrôleur de disque dur IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

024) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

025) "Atmarpc" - Protocole client ATM ARP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER

026) "audstub" - Pilote audio Stub
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER

027) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

028) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

029) "CCDECODE" - Décodeur sous-titre fermé
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\CCDECODE.sys
---> TYPE = KERNEL_DRIVER

030) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

031) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

032) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

033) "Cdrom" - Pilote de CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

034) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

035) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

036) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

037) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

038) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

039) "DigiCellDriver" - DigiCellDriver
---> STAT = (RUNNING) Started manually
---> FILE = C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys
---> TYPE = KERNEL_DRIVER

040) "Disk" - Pilote de disque
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

041) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER

042) "dmio" - Pilote de Gestionnaire de disque logique
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER

043) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER

044) "DMusic" - Synthétiseur DLS du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER

045) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

046) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

047) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

048) "Fdc" - Pilote de contrôleur de lecteur de disquettes
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

049) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

050) "Flpydisk" - Pilote de lecteur de disquettes
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER

051) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\fltMgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

052) "Ftdisk" - Pilote du Gestionnaire de volume
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER

053) "GMSIPCI" - GMSIPCI
---> STAT = (NOT RUNNING) Started manually
---> FILE = E:\INSTALL\GMSIPCI.SYS
---> TYPE = KERNEL_DRIVER

054) "Gpc" - Classificateur de paquets générique
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER

055) "HDAudBus" - Microsoft UAA Bus Driver for High Definition Audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HDAudBus.sys
---> TYPE = KERNEL_DRIVER

056) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

057) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

058) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

059) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

060) "i8042prt" - Pilote pour clavier i8042 et souris sur port PS/2
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER

061) "Imapi" - Pilote de filtre de gravure CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER

062) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

063) "IntcAzAudAddService" - Service for Realtek HD Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\RtkHDAud.sys
---> TYPE = KERNEL_DRIVER

064) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

065) "intelppm" - Pilote de processeur Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER

066) "Ip6Fw" - Pilote du pare-feu Windows IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\Ip6Fw.sys
---> TYPE = KERNEL_DRIVER

067) "IpFilterDriver" - Pilote de filtre de trafic IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

068) "IpInIp" - Pilote de tunnelage IP dans IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER

069) "IpNat" - Traducteur d'adresses réseau IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER

070) "IPSec" - Pilote IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER

071) "IRENUM" - Service énumérateur IR
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER

072) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

073) "JGOGO" - JMicron Hot-Plug Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\JGOGO.sys
---> TYPE = KERNEL_DRIVER

074) "JRAID"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\jraid.sys
---> TYPE = KERNEL_DRIVER

075) "Kbdclass" - Pilote de la classe Clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER

077) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

079) "Lvckap" - Logitech Kernel Audio Processing Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\Lvckap.sys
---> TYPE = KERNEL_DRIVER

080) "lvmvdrv" - Logitech Machine Vision Engine Loader
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\lvmvdrv.sys
---> TYPE = KERNEL_DRIVER

081) "LVPrcMon" - Logitech LVPrcMon Driver
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\LVPrcMon.sys
---> TYPE = KERNEL_DRIVER

082) "LVUSBSta" - Logitech USB Monitor Filter
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\lvusbsta.sys
---> TYPE = KERNEL_DRIVER

083) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

084) "Modem"
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

085) "Mouclass" - Pilote de la classe Souris
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

086) "MountMgr"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

087) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

088) "MRxDAV" - Redirecteur client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

089) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

090) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

091) "MSICPL" - MSICPL
---> STAT = (NOT RUNNING) Started manually
---> FILE = E:\install4\MSICPL.sys
---> TYPE = KERNEL_DRIVER

092) "MSKSSRV" - Proxy de service de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

093) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

094) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

095) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

096) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER

097) "MTsensor" - ATK0110 ACPI UTILITY
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ASACPI.sys
---> TYPE = KERNEL_DRIVER

098) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER

099) "NABTSFEC" - Codec NABTS/FEC VBI
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\NABTSFEC.sys
---> TYPE = KERNEL_DRIVER

100) "NDIS" - Pilote système NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

101) "NdisIP" - Connection TV/vidéo Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\NdisIP.sys
---> TYPE = KERNEL_DRIVER

102) "NdisTapi" - Pilote TAPI NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

103) "Ndisuio" - NDIS mode utilisateur E/S Protocole
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

104) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

105) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

106) "NetBIOS" - Interface NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

107) "NetBT" - NetBIOS sur TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

108) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

109) "NTACCESS" - NTACCESS
---> STAT = (NOT RUNNING) Started manually
---> FILE = E:\NTACCESS.sys
---> TYPE = KERNEL_DRIVER

110) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

111) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

112) "nv"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\nv4_mini.sys
---> TYPE = KERNEL_DRIVER

113) "NwlnkFlt" - Pilote de filtre de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER

114) "NwlnkFwd" - Pilote de transfert de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER

115) "Parport" - Pilote de port parallèle
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

116) "PartMgr"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

117) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

118) "PCI" - Pilote de bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

119) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

120) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

121) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

122) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

123) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

124) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

125) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

126) "pepifilter" - Volume Adapter
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\lv302af.sys
---> TYPE = KERNEL_DRIVER

127) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

128) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

129) "PID_08A0" - QuickCam IM(PID_08A0)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\LV302AV.SYS
---> TYPE = KERNEL_DRIVER

130) "PptpMiniport" - Miniport réseau étendu (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER

131) "PSched" - Planificateur de paquets QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys
---> TYPE = KERNEL_DRIVER

132) "Ptilink" - Pilote de liaison parallèle directe
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys
---> TYPE = KERNEL_DRIVER

133) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

134) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

135) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

136) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

137) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

138) "RasAcd" - Pilote de connexion automatique d'accès distant
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER

139) "Rasl2tp" - Miniport réseau étendu (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER

140) "RasPppoe" - Pilote PPPOE d'accès à distance
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER

141) "Raspti" - Parallèle direct
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys
---> TYPE = KERNEL_DRIVER

142) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER

143) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER

144) "rdpdr" - Pilote de redirecteur de périphérique Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rdpdr.sys
---> TYPE = KERNEL_DRIVER

145) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

146) "redbook" - Pilote de filtre de lecture digitale de CD audio
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys
---> TYPE = KERNEL_DRIVER

147) "RTL8023xp" - Realtek 10/100/1000 PCI NIC Family NDIS XP Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\Rtnicxp.sys
---> TYPE = KERNEL_DRIVER

148) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\secdrv.sys
---> TYPE = KERNEL_DRIVER

149) "serenum" - Pilote de filtre Serenum
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER

150) "Serial" - Pilote de port série
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER

151) "Sfloppy"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

152) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

153) "SLIP" - Détrameur décalage BDA
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\SLIP.sys
---> TYPE = KERNEL_DRIVER

154) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

155) "splitter" - Splitter audio du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = KERNEL_DRIVER

156) "sr" - Pilote de filtre de restauration système
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sr.sys
---> TYPE = FILE_SYSTEM_DRIVER

157) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER

158) "ssm_bus" - SAMSUNG Mobile USB Device II 1.0 driver (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ssm_bus.sys
---> TYPE = KERNEL_DRIVER

159) "ssm_mdfl" - SAMSUNG Mobile USB Modem II 1.0 Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ssm_mdfl.sys
---> TYPE = KERNEL_DRIVER

160) "ssm_mdm" - SAMSUNG Mobile USB Modem II 1.0 Drivers
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ssm_mdm.sys
---> TYPE = KERNEL_DRIVER

161) "StarOpen"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

162) "streamip" - BDA IPSink
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\StreamIP.sys
---> TYPE = KERNEL_DRIVER

163) "swenum" - Pilote de bus logiciel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER

164) "swmidi" - Synthétiseur de table de sons GC noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = KERNEL_DRIVER

165) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

166) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

167) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

168) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

169) "sysaudio" - Périphérique audio système du noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = KERNEL_DRIVER

170) "Tcpip" - Pilote du protocole TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER

171) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

172) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

173) "TermDD" - Pilote de périphérique terminal
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER

174) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

175) "uagp35" - Filtre AGP version 3.5 Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\uagp35.sys
---> TYPE = KERNEL_DRIVER

176) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

177) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

178) "Update" - Pilote de mise à jour microcode
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\update.sys
---> TYPE = KERNEL_DRIVER

179) "usbaudio" - Pilote USB audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\usbaudio.sys
---> TYPE = KERNEL_DRIVER

180) "usbccgp" - Pilote parent générique USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER

181) "usbehci" - Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER

182) "usbhub" - Concentrateur USB2
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER

183) "usbprint" - Classe d'imprimantes USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER

184) "usbscan" - Pilote de scanneur USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER

185) "usbser" - USB Modem Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbser.sys
---> TYPE = KERNEL_DRIVER

186) "USBSTOR" - Pilote de stockage de masse USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER

187) "usbuhci" - Pilote miniport de contrôleur hôte universel USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER

188) "VgaSave"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER

189) "ViaIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\viaide.sys
---> TYPE = KERNEL_DRIVER

190) "videX32"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\videX32.sys
---> TYPE = KERNEL_DRIVER

191) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

192) "Wanarp" - Pilote ARP IP d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER

193) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

194) "wdmaud" - Pilote WINMM de compatibilité audio WDM Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = KERNEL_DRIVER

195) "WSTCODEC" - Codec Teletext standard
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\WSTCODEC.SYS
---> TYPE = KERNEL_DRIVER

196) "xfilt" - VIA SATA IDE Hot-plug Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\xfilt.sys
---> TYPE = KERNEL_DRIVER

197) "{DEF85C80-216A-43ab-AF70-1665EDBE2780}"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\TEMP\8.tmp
---> TYPE = KERNEL_DRIVER

-----HKLM\system\currentcontrolset\services-----

000) "Alerter" - Avertissement
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

001) "ALG" - Service de la passerelle de la couche Application
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = OWN_SERVICE

002) "Apple Mobile Device" - Apple Mobile Device
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\
---> TYPE = OWN_SERVICE

003) "AppMgmt" - Gestion d'applications
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

004) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE

005) "aswUpdSv" - avast! iAVS4 Control Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe\
---> TYPE = OWN_SERVICE

006) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

007) "avast! Antivirus" - avast! Antivirus
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Alwil Software\Avast4\ashServ.exe\
---> TYPE = OWN_SERVICE

008) "avast! Mail Scanner" - avast! Mail Scanner
---> STAT = (RUNNING) Started manually
---> FILE = \C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe\ /service
---> TYPE = OWN_SERVICE

009) "avast! Web Scanner" - avast! Web Scanner
---> STAT = (RUNNING) Started manually
---> FILE = \C:\Program Files\Alwil Software\Avast4\ashWebSv.exe\ /service
---> TYPE = OWN_SERVICE

010) "BITS" - Service de transfert intelligent en arrière-plan
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

011) "Bonjour Service" - Service Bonjour
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Bonjour\mDNSResponder.exe\
---> TYPE = OWN_SERVICE

012) "Browser" - Explorateur d'ordinateur
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

013) "Capture Device Service" - Capture Device Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe\
---> TYPE = OWN_SERVICE

014) "CiSvc" - Service d'indexation
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = SHARE_SERVICE

015) "ClipSrv" - Gestionnaire de l'Album
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = OWN_SERVICE

016) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE

017) "COMSysApp" - Application système COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE

018) "CryptSvc" - Services de cryptographie
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

019) "DcomLaunch" - Lanceur de processus serveur DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = SHARE_SERVICE

020) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

021) "dmadmin" - Service d'administration du Gestionnaire de disque logique
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = SHARE_SERVICE

022) "dmserver" - Gestionnaire de disque logique
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

023) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

024) "ERSvc" - Service de rapport d'erreurs
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

025) "Eventlog" - Journal des événements
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE

026) "EventSystem" - Système d'événements de COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

027) "FastUserSwitchingCompatibility" - Compatibilité avec le Changement rapide d'utilisateur
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

028) "FirebirdServerMAGIXInstance" - Firebird Server - MAGIX Instance
---> STAT = (NOT RUNNING) Started manually
---> FILE = D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
---> TYPE = OWN_SERVICE

029) "gusvc" - Google Updater Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\
---> TYPE = OWN_SERVICE

030) "helpsvc" - Aide et support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

031) "HidServ" - Accès du périphérique d'interface utilisateur
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

032) "HTTPFilter" - HTTP SSL
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = SHARE_SERVICE

033) "ImapiService" - Service COM de gravage de CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe
---> TYPE = OWN_SERVICE

034) "lanmanserver" - Serveur
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

035) "lanmanworkstation" - Station de travail
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

036) "LmHosts" - Assistance TCP/IP NetBIOS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

037) "LVPrcSrv" - Logitech Process Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
---> TYPE = OWN_SERVICE

038) "Messenger" - Affichage des messages
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

039) "mnmsrvc" - Partage de Bureau à distance NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe
---> TYPE = OWN_SERVICE

040) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe
---> TYPE = OWN_SERVICE

041) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
---> TYPE = SHARE_SERVICE

042) "NetDDE" - DDE réseau
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE

043) "NetDDEdsdm" - DSDM DDE réseau
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE

044) "Netlogon" - Ouverture de session réseau
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

045) "Netman" - Connexions réseau
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

046) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

047) "NtLmSsp" - Fournisseur de la prise en charge de sécurité LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

048) "NtmsSvc" - Stockage amovible
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

049) "NVSvc" - NVIDIA Display Driver Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\nvsvc32.exe
---> TYPE = OWN_SERVICE

050) "odserv" - Microsoft Office Diagnostics Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE\
---> TYPE = OWN_SERVICE

051) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\
---> TYPE = OWN_SERVICE

052) "PlugPlay" - Plug-and-Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE

053) "PolicyAgent" - Services IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

054) "ProtectedStorage" - Emplacement protégé
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

055) "RasAuto" - Gestionnaire de connexion automatique d'accès distant
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

056) "RasMan" - Gestionnaire de connexions d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

057) "RDSessMgr" - Gestionnaire de session d'aide sur le Bureau à distance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = OWN_SERVICE

058) "RemoteAccess" - Routage et accès distant
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

059) "RemoteRegistry" - Accès à distance au Registre
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

060) "RpcLocator" - Localisateur d'appels de procédure distante (RPC)
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe
---> TYPE = OWN_SERVICE

061) "RpcSs" - Appel de procédure distante (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = SHARE_SERVICE

062) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe
---> TYPE = OWN_SERVICE

063) "SamSs" - Gestionnaire de comptes de sécurité
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE

064) "SCardSvr" - Carte à puce
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = SHARE_SERVICE

065) "Schedule" - Planificateur de tâches
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

066) "seclogon" - Connexion secondaire
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

067) "SENS" - Notification d'événement système
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

068) "SharedAccess" - Pare-feu Windows / Partage de connexion Internet
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

069) "ShellHWDetection" - Détection matériel noyau
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

070) "Spooler" - Spouleur d'impression
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = OWN_SERVICE

071) "srservice" - Service de restauration système
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

072) "SSDPSRV" - Service de découvertes SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

073) "stisvc" - Acquisition d'image Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> TYPE = SHARE_SERVICE

074) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{34C5112E-6BEC-4819-9B55-0C40955B7067}
---> TYPE = OWN_SERVICE

075) "SysmonLog" - Journaux et alertes de performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = OWN_SERVICE

076) "TapiSrv" - Téléphonie
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

077) "TermService" - Services Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = SHARE_SERVICE

078) "Themes" - Thèmes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

079) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe
---> TYPE = OWN_SERVICE

080) "TrkWks" - Client de suivi de lien distribué
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

081) "TuneUp.Defrag" - TuneUp Drive Defrag Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\TuneUpDefragService.exe
---> TYPE = OWN_SERVICE

082) "UleadBurningHelper" - Ulead Burning Helper
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
---> TYPE = OWN_SERVICE

083) "upnphost" - Hôte de périphérique universel Plug-and-Play
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

084) "UPS" - Onduleur
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = OWN_SERVICE

085) "usnjsvc" - Service Messenger Sharing Folders USN Journal Reader
---> STAT = (RUNNING) Started manually
---> FILE = \C:\Program Files\Windows Live\Messenger\usnsvc.exe\
---> TYPE = OWN_SERVICE

086) "UxTuneUp" - TuneUp Extension de thème
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

087) "VSS" - Cliché instantané de volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = OWN_SERVICE

088) "W32Time" - Horloge Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

089) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

090) "winmgmt" - Infrastructure de gestion Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

091) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = ADAPTER

092) "WLSetupSvc" - Windows Live Setup Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Windows Live\installer\WLSetupSvc.exe\
---> TYPE = OWN_SERVICE

093) "WmdmPmSN" - Service de numéro de série du lecteur multimédia portable
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

094) "Wmi" - Extensions du pilote WMI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

095) "WmiApSrv" - Carte de performance WMI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe
---> TYPE = OWN_SERVICE

096) "wscsvc" - Centre de sécurité
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

097) "wuauserv" - Mises à jour automatiques
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

098) "WZCSVC" - Configuration automatique sans fil
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

099) "xmlprov" - Service d'approvisionnement réseau
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

===================== HIJACKTHIS LOG =====================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:09, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\YAX\Bureau\sys55918.exe
C:\DOCUME~1\YAX\LOCALS~1\Temp\nsi63.tmp\runme.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
0
Réponse 7 / 27
zwawi
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C60B15DB-30E1-49DA-AB92-AAA8C8554164}: NameServer = 172.25.1.53 172.25.1.54
O18 - Protocol: bw+0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {546BFB49-8303-4A60-9C18-C5395DFFE0E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 8 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Télécharger OTMoveIt2 par OldTimer
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

* Enregistrer ce fichier sur le Bureau.
* Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
* Copier les lignes en gras ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\DOCUME~1\YAX\LOCALS~1\Temp\nsi63.tmp\runme.exe

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.
* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
* Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Documents and Settings\YAX\Bureau\sys55918.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
0
Réponse 9 / 27
zwawi
 
File/Folder C:\DOCUME~1\YAX\LOCALS~1\Temp\nsi63.tmp\runme.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_215238
0
Réponse 10 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

rapport de Virustotal ?

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

=======================================

et recommence la maneuvre avec OTMoveIt
0
Réponse 11 / 27
zwawi
 
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.9.0 2008.04.09 -
AntiVir 7.6.0.81 2008.04.09 -
Authentium 4.93.8 2008.04.09 -
Avast 4.8.1169.0 2008.04.09 -
AVG 7.5.0.516 2008.04.09 -
BitDefender 7.2 2008.04.09 DeepScan:Generic.Zlob.38B68927
CAT-QuickHeal 9.50 2008.04.08 -
ClamAV 0.92.1 2008.04.09 PUA.Packed.TeLock
DrWeb 4.44.0.09170 2008.04.09 Trojan.Proxy.2804
eSafe 7.0.15.0 2008.04.09 suspicious Trojan/Worm
eTrust-Vet 31.3.5684 2008.04.09 -
Ewido 4.0 2008.04.09 -
F-Prot 4.4.2.54 2008.04.08 -
F-Secure 6.70.13260.0 2008.04.09 -
FileAdvisor 1 2008.04.09 -
Fortinet 3.14.0.0 2008.04.09 -
Ikarus T3.1.1.26 2008.04.09 Trojan-Downloader.Win32.Agent.aww
Kaspersky 7.0.0.125 2008.04.09 -
McAfee 5270 2008.04.09 -
Microsoft 1.3408 2008.04.09 -
NOD32v2 3014 2008.04.09 -
Norman 5.80.02 2008.04.09 -
Panda 9.0.0.4 2008.04.09 -
Prevx1 V2 2008.04.09 Heuristic: Suspicious File With Bad Child Associations
Rising 20.39.12.00 2008.04.08 -
Sophos 4.28.0 2008.04.09 Mal/VB-A
Sunbelt 3.0.1032.0 2008.04.08 -
TheHacker 6.2.92.270 2008.04.09 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.09 -
Webwasher-Gateway 6.6.2 2008.04.09 -
Information additionnelle
File size: 708333 bytes
MD5...: 489de26b8b2b0b9cbea20f6e8327ff1f
SHA1..: bb8b01d2e1c9ec47ca6c6e46487e1e6146036283
SHA256: 355b91fa48a38ca2cd76f15420715eedde1a54334b773e1321f3ab831479e62f
SHA512: ce6d8ddf3fff20fc70db0fe710ef9e04361f39dead2c75baa2bbb9e21b963ed2
805920307062297019f82d05a993897c5d984e0f4b7e4cd22b85ab02608118f2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4030e3
timedatestamp.....: 0x47eebf34 (Sat Mar 29 22:14:12 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b26 0x5c00 6.48 f0de10bb55b85eded92a9cfc8ba8c846
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25c58 0x400 4.77 07ff028e3597dab438e7a69328411961
.ndata 0x2f000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x37000 0x1288 0x1400 4.78 533b0b34e4b40f5f9ea9c706c705a195

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=292735B6ED82DF4FCEDA0A1FBFB0CE00E12AD7DF

ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
0
Réponse 12 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 13 / 27
zwawi
 
j'ai modifié le panneau ciomme tu m'a di et voila ce que j'ai eu:
File/Folder C:\DOCUME~1\YAX\LOCALS~1\Temp\nsi63.tmp\runme.exe not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_225026
0
Réponse 14 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu as vu le post 12 (SDFix) ?
0
Réponse 15 / 27
zwawi
 
comment ça un nouveau log hijackthis???
0
Réponse 16 / 27
zwawi
 
la touche F8 m'emmène au boot menu
ya pa de mode sans echec la dessus!!
0
Réponse 17 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

essaye avec F5.

L'important, c'est SDFix pas le log Hijackthis.
0
Réponse 18 / 27
zwawi
 
F5 ça ne sert a rien désolé.
0
Réponse 19 / 27
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

cherche dans la documentation de l'ordi.

au pire, dans la procédure de démarrage, tu dois avoir la possibilité d'accéder à un panneau où on te donne cette information.

En tout cas, tu utilises une clé, pas la modification de MSConfig.
0
Réponse 20 / 27
zwawi
 
OK je vaise voir,
le virus s'appel RVB://physicaldriver0
0

Discussions similaires

Rootkit sur pc windows 10
mic42 -
bazfile -

1 réponse
Rootkit : chacun son tour !!! HELP ! Help !
Reciff -
verni29 -

23 réponses
WIN32 KAMSO PUIS DETECTION D'UN ROOTKIT
BACARA -
BACARA -

61 réponses