Sujet Précédent Sujet Suivant

Virus (HJT inclus)

Fermé
Québec07 - 31 oct. 2008 à 16:50
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 4 nov. 2008 à 12:35
Bonjour,

J'ai actuellement un problème avec un virus. J'ai utilisé plusieurs programmes pour le nettoyer mais les problèmes persistent. Je suis sans cesse redirigé lorsque j'utilise mes navigateurs internet.

Merci !
Voici mon rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:53, on 2008-10-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = https://www.hec.ca/proxy/etudiant.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
BlackLexa Messages postés 1339 Date d'inscription vendredi 19 septembre 2008 Statut Membre Dernière intervention 30 septembre 2011 106
31 oct. 2008 à 16:56
T'as essayé Spyboat search and Destroy ?
+ Malware Byte's et Ccleaner pour finir
0
Réponse 2 / 27
Québec07
31 oct. 2008 à 16:57
Oui j'ai tout fait ça avant hier, mais les problèmes perdurent.
0
Réponse 3 / 27
BlackLexa Messages postés 1339 Date d'inscription vendredi 19 septembre 2008 Statut Membre Dernière intervention 30 septembre 2011 106
31 oct. 2008 à 17:02
Tu n'as que des problème de redirection quand tu navigues ? , ou t'as d'autres problèmes comme des popups de pub qui s'ouvrent à n'importe quel moment ?
0
Réponse 4 / 27
Québec07
31 oct. 2008 à 17:04
J'ai des popups aussi.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
31 oct. 2008 à 17:12
Bonjour,

rien d'apparent dans le rapport Hijackthis, sauf l'absence d'antivirus !!!!

As tu un outil qui te l'a décelé dans un fichier ? Si oui, dans quel fichier et sous quel nom de malware ?

Fais redémarrer l'ordi et fais ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
0
Réponse 6 / 27
Québec07
31 oct. 2008 à 17:46
J'ai un antivirus, je l'ai par contre changer aujourd'hui pour AVG free.

je réussi pas à posté ma réponse mon log...
0
Réponse 7 / 27
Québec07
31 oct. 2008 à 17:46
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jean-Francois at 2008-10-31 12:17:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (20%) free of 32 GB
Total RAM: 1279 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:37, on 2008-10-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jean-Francois\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jean-Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = https://www.hec.ca/proxy/etudiant.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 8 / 27
Québec07
31 oct. 2008 à 17:47
Logfile of random's system information tool 1.04 (written by random/random)
Run by Jean-Francois at 2008-10-31 12:17:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (20%) free of 32 GB
Total RAM: 1279 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:37, on 2008-10-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\Mes Documents suite\CFA\Schweser 2008\2008 Schweser PRO Software\app\mysql\bin\mysqld.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jean-Francois\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jean-Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = https://www.hec.ca/proxy/etudiant.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 9 / 27
Québec07
31 oct. 2008 à 17:48
======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-11-16 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-31 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-07-30 286720]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-23 5537792]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-01-30 88363]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-03-14 360448]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-28 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-31 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Gestionnaire Antidote.exe"=C:\Program Files\Antidote\Gestionnaire Antidote.exe [2007-04-16 534200]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-09-14 140568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-09-14 905056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
C:\Program Files\Antidote\Gestionnaire Antidote.exe [2007-04-16 534200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-09-14 2595480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2008-10-16 25214]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe

C:\Documents and Settings\Jean-Francois\Menu Démarrer\Programmes\Démarrage
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe:*:Enabled:Mathematica 6"
"C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe:*:Enabled:Mathematica 6 Kernel"
"C:\Program Files\Wolfram Research\Mathematica\6.0\math.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\math.exe:*:Enabled:math.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-10-31 12:17:32 ----D---- C:\rsit
2008-10-31 11:37:13 ----SHD---- C:\Config.Msi
2008-10-31 11:27:29 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-31 11:27:18 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\AVGTOOLBAR
2008-10-29 14:39:49 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-29 14:39:29 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-29 14:39:24 ----A---- C:\WINDOWS\zllsputility.exe
2008-10-29 14:38:59 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-10-29 14:38:59 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-10-29 14:38:58 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-10-29 14:38:58 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-10-29 14:38:54 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-10-29 14:38:53 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-29 14:38:53 ----D---- C:\Program Files\Zone Labs
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-10-29 14:37:50 ----D---- C:\WINDOWS\Internet Logs
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-10-29 14:16:13 ----D---- C:\Program Files\Avira
2008-10-29 14:08:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-28 23:41:19 ----A---- C:\TCleaner.txt
2008-10-28 21:50:04 ----A---- C:\rapport.txt
2008-10-28 18:43:22 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\WinRAR
2008-10-28 18:32:47 ----D---- C:\WINDOWS\ERUNT
2008-10-28 18:32:47 ----D---- C:\Backups
2008-10-28 17:32:49 ----D---- C:\Program Files\Trend Micro
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\java.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-28 16:42:51 ----D---- C:\Program Files\Antidote.MiseAJour_Temporaire
2008-10-27 19:52:22 ----A---- C:\WINDOWS\wininit.ini
2008-10-27 19:33:18 ----D---- C:\Program Files\Lavasoft
2008-10-27 19:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-27 19:32:40 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-27 19:27:10 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Malwarebytes
2008-10-27 19:26:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-27 19:26:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 19:26:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 19:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 19:03:07 ----D---- C:\Program Files\CCleaner
2008-10-27 15:41:39 ----D---- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2008-10-26 14:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 22:58:03 ----D---- C:\Mes Documents suite
2008-10-16 08:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 08:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 08:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 08:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 08:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 16:17:01 ----D---- C:\Program Files\iPod
2008-10-09 16:17:00 ----D---- C:\Program Files\iTunes
2008-10-09 16:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

======List of files/folders modified in the last 1 months======

2008-10-31 12:17:37 ----D---- C:\WINDOWS\Temp
2008-10-31 12:04:20 ----D---- C:\Program Files\Mozilla Firefox
2008-10-31 11:44:48 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\EndNote
2008-10-31 11:37:15 ----SHD---- C:\WINDOWS\Installer
2008-10-31 11:37:15 ----RD---- C:\Program Files
2008-10-31 11:37:15 ----D---- C:\WINDOWS\system32
2008-10-31 11:27:24 ----D---- C:\WINDOWS\system32\drivers
2008-10-31 11:26:58 ----D---- C:\WINDOWS\Prefetch
2008-10-31 11:23:49 ----D---- C:\WINDOWS
2008-10-30 17:36:07 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-30 17:35:34 ----SHD---- C:\System Volume Information
2008-10-30 17:35:18 ----D---- C:\WINDOWS\Registration
2008-10-29 22:45:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 14:39:22 ----HD---- C:\WINDOWS\inf
2008-10-29 14:39:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 23:40:45 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 21:55:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-28 18:35:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 17:18:32 ----D---- C:\Program Files\Java
2008-10-28 17:10:55 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\COWON
2008-10-28 17:10:48 ----D---- C:\Program Files\Fichiers communs
2008-10-28 16:34:38 ----A---- C:\WINDOWS\Antidote.ini
2008-10-27 19:04:16 ----D---- C:\WINDOWS\Debug
2008-10-26 15:54:51 ----D---- C:\Program Files\PokerStars
2008-10-26 14:55:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 08:43:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 08:58:14 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Skype
2008-10-22 08:56:28 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\skypePM
2008-10-21 08:30:39 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-16 08:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 08:36:05 ----D---- C:\Program Files\Internet Explorer
2008-10-15 19:14:41 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Adobe
2008-10-15 12:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-09 16:15:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-07 14:21:53 ----SHD---- C:\RECYCLER
2008-10-03 13:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-31 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-31 26824]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-14 41984]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-02 44384]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-01 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-01-30 1205292]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Pilote pour carte réseau BCM 802.11b; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-23 3444128]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ap11r7ok;ap11r7ok; C:\WINDOWS\system32\drivers\ap11r7ok.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-09-14 427288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-23 127042]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-14 492600]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
0
Réponse 10 / 27
Québec07
31 oct. 2008 à 17:49
======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-11-16 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-31 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-31 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-07-30 286720]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-23 5537792]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-01-30 88363]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-03-14 360448]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-28 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-31 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Gestionnaire Antidote.exe"=C:\Program Files\Antidote\Gestionnaire Antidote.exe [2007-04-16 534200]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-09-14 140568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-09-14 905056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
C:\Program Files\Antidote\Gestionnaire Antidote.exe [2007-04-16 534200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-09-14 2595480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2008-10-16 25214]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe

C:\Documents and Settings\Jean-Francois\Menu Démarrer\Programmes\Démarrage
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe:*:Enabled:Mathematica 6"
"C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe:*:Enabled:Mathematica 6 Kernel"
"C:\Program Files\Wolfram Research\Mathematica\6.0\math.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\math.exe:*:Enabled:math.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
0
Réponse 11 / 27
Québec07
31 oct. 2008 à 17:50
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-10-31 12:17:32 ----D---- C:\rsit
2008-10-31 11:37:13 ----SHD---- C:\Config.Msi
2008-10-31 11:27:29 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-31 11:27:18 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\AVGTOOLBAR
2008-10-29 14:39:49 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-29 14:39:29 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-29 14:39:29 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-29 14:39:24 ----A---- C:\WINDOWS\zllsputility.exe
2008-10-29 14:38:59 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-10-29 14:38:59 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-10-29 14:38:58 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-10-29 14:38:58 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-10-29 14:38:54 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-10-29 14:38:53 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-29 14:38:53 ----D---- C:\Program Files\Zone Labs
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-10-29 14:38:53 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-10-29 14:37:50 ----D---- C:\WINDOWS\Internet Logs
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-10-29 14:37:50 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-10-29 14:16:13 ----D---- C:\Program Files\Avira
2008-10-29 14:08:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-28 23:41:19 ----A---- C:\TCleaner.txt
2008-10-28 21:50:04 ----A---- C:\rapport.txt
2008-10-28 18:43:22 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\WinRAR
2008-10-28 18:32:47 ----D---- C:\WINDOWS\ERUNT
2008-10-28 18:32:47 ----D---- C:\Backups
2008-10-28 17:32:49 ----D---- C:\Program Files\Trend Micro
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\java.exe
2008-10-28 17:18:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-28 16:42:51 ----D---- C:\Program Files\Antidote.MiseAJour_Temporaire
2008-10-27 19:52:22 ----A---- C:\WINDOWS\wininit.ini
2008-10-27 19:33:18 ----D---- C:\Program Files\Lavasoft
2008-10-27 19:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-27 19:32:40 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-27 19:27:10 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Malwarebytes
2008-10-27 19:26:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-27 19:26:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 19:26:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 19:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 19:03:07 ----D---- C:\Program Files\CCleaner
2008-10-27 15:41:39 ----D---- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2008-10-26 14:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 22:58:03 ----D---- C:\Mes Documents suite
2008-10-16 08:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 08:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 08:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 08:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 08:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 16:17:01 ----D---- C:\Program Files\iPod
2008-10-09 16:17:00 ----D---- C:\Program Files\iTunes
2008-10-09 16:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

======List of files/folders modified in the last 1 months======

2008-10-31 12:17:37 ----D---- C:\WINDOWS\Temp
2008-10-31 12:04:20 ----D---- C:\Program Files\Mozilla Firefox
2008-10-31 11:44:48 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\EndNote
2008-10-31 11:37:15 ----SHD---- C:\WINDOWS\Installer
2008-10-31 11:37:15 ----RD---- C:\Program Files
2008-10-31 11:37:15 ----D---- C:\WINDOWS\system32
2008-10-31 11:27:24 ----D---- C:\WINDOWS\system32\drivers
2008-10-31 11:26:58 ----D---- C:\WINDOWS\Prefetch
2008-10-31 11:23:49 ----D---- C:\WINDOWS
2008-10-30 17:36:07 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-30 17:35:34 ----SHD---- C:\System Volume Information
2008-10-30 17:35:18 ----D---- C:\WINDOWS\Registration
2008-10-29 22:45:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 14:39:22 ----HD---- C:\WINDOWS\inf
2008-10-29 14:39:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 23:40:45 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 21:55:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-28 18:35:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 17:18:32 ----D---- C:\Program Files\Java
2008-10-28 17:10:55 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\COWON
2008-10-28 17:10:48 ----D---- C:\Program Files\Fichiers communs
2008-10-28 16:34:38 ----A---- C:\WINDOWS\Antidote.ini
2008-10-27 19:04:16 ----D---- C:\WINDOWS\Debug
2008-10-26 15:54:51 ----D---- C:\Program Files\PokerStars
2008-10-26 14:55:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 08:43:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 08:58:14 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Skype
2008-10-22 08:56:28 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\skypePM
2008-10-21 08:30:39 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-16 08:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 08:36:05 ----D---- C:\Program Files\Internet Explorer
2008-10-15 19:14:41 ----D---- C:\Documents and Settings\Jean-Francois\Application Data\Adobe
2008-10-15 12:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-09 16:15:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-07 14:21:53 ----SHD---- C:\RECYCLER
2008-10-03 13:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-31 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-31 26824]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-14 41984]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-02 44384]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-01 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-01-30 1205292]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Pilote pour carte réseau BCM 802.11b; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-23 3444128]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-18 42092]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ap11r7ok;ap11r7ok; C:\WINDOWS\system32\drivers\ap11r7ok.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-09-14 427288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-23 127042]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-14 492600]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
0
Réponse 12 / 27
Québec07
31 oct. 2008 à 17:54
Désolé, je réussissais pas à tout mettre d'un coup. J'espère que tu vas t'y retrouvé...
0
Réponse 13 / 27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
31 oct. 2008 à 18:03
Re,


Tu peux me préciser de quand date tes ennuis ?

=========

télécharge DirLook de jpshortstuff à partir d'ici :

http://jpshortstuff.247fixes.com/DirLook.exe

Double-clique sur DirLook.exe pour le lancer.
Assure-toi que Show Hidden Files et BBCode Ouput soient tous les deux cochés.
Copie le contenu de la boîte ci-dessous dans le champ texte principal :


C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP


Clique sur le bouton DirLook pour lancer l'examen.
Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan. Merci de poster ce rapport dans ta prochaine réponse. (Note : Le rapport peut aussi être trouvé dans C:\dl_log.txt)
Note : Il se peut que l'examen prenne plus de temps pour les gros répertoires.
0
Réponse 14 / 27
Québec07
31 oct. 2008 à 18:18
Depuis environ une semaine, mais j'ai eu un autre problème d'un virus il y a 2 semaines qui se propageait par les clefs usb, mais tout ça semble réglé maintenant grâce à Goldorak. Bizarrement ça n'a pris que moins d'une seconde. Voici le texte:

DirLook.exe v2.0 by jpshortstuff
Log created at 13:16 on 31/10/2008
==================================[b]
Contents of "C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

(none found)

[b][color=blue]---FILES---[/b][/color]

[b]WiseCustomCalla.dll[/b] (61457 bytes - created on 27/10/2008 at 19:41, modified on 27/10/2008 at 19:41) --a---

==================================
[b][color=blue]=EOF=[/b][/color]
0
Réponse 15 / 27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 nov. 2008 à 02:21
Re,

as tu une exlication pour la présence d'un composant de l'anti virus de McAffee sur ton ordi ?

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP\WiseCustomCalla.dll

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
Réponse 16 / 27
Québec07
1 nov. 2008 à 14:44
Oui je me suis toujours gardé la possibilité de réactiver l'antivirus qu'on m'a fourni à l'université, c'est une license à vie. Alors je le garde au cas où.

voici le rapport:

Fichier WiseCustomCalla.dll reçu le 2008.08.25 20:20:02 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0.00%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.25 -
AntiVir 7.8.1.23 2008.08.25 -
Authentium 5.1.0.4 2008.08.25 -
Avast 4.8.1195.0 2008.08.25 -
AVG 8.0.0.161 2008.08.25 -
BitDefender 7.2 2008.08.25 -
CAT-QuickHeal 9.50 2008.08.25 -
ClamAV 0.93.1 2008.08.25 -
DrWeb 4.44.0.09170 2008.08.25 -
eSafe 7.0.17.0 2008.08.24 -
eTrust-Vet 31.6.6047 2008.08.25 -
Ewido 4.0 2008.08.25 -
F-Prot 4.4.4.56 2008.08.25 -
F-Secure 7.60.13501.0 2008.08.25 -
Fortinet 3.14.0.0 2008.08.25 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.25 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.25 -
McAfee 5369 2008.08.25 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3385 2008.08.25 -
Norman 5.80.02 2008.08.25 -
Panda 9.0.0.4 2008.08.25 -
PCTools 4.4.2.0 2008.08.25 -
Prevx1 V2 2008.08.25 -
Rising 20.59.00.00 2008.08.25 -
Sophos 4.32.0 2008.08.25 -
Sunbelt 3.1.1575.1 2008.08.23 -
Symantec 10 2008.08.25 -
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.25 -
VBA32 3.12.8.4 2008.08.25 -
ViRobot 2008.8.25.1348 2008.08.25 -
VirusBuster 4.5.11.0 2008.08.25 -
Webwasher-Gateway 6.6.2 2008.08.25 -
Information additionnelle
File size: 61457 bytes
MD5...: 9f5ae587ce972308d617711095742668
SHA1..: f62ed3d8a4812606560c92c265998849f3bcbe7c
SHA256: bfd7a3d97019ef5f14a660146b06d280e24bc468d1003f0996f30675a6747a72
SHA512: 2128e1fffc662f30cfc3453c73e0163305c7a31ad6bf3301162fed98627fcf3c
0ffa35d4b5f058a83ed3a279010fb1d712bf81e854a7851fe2e85055a17fdf00
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11603c87
timedatestamp.....: 0x3adcb54c (Tue Apr 17 21:27:40 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7222 0x8000 6.30 e6a2ab70aa5211cea512449d3d44832a
.rdata 0x9000 0xf02 0x1000 5.21 e77f3cea8b15c488f983ab1dc5568123
.data 0xa000 0x59ec 0x2000 3.39 e2cc0c399b5912bfb49214475a53a251
.rsrc 0x10000 0x7c8 0x1000 2.05 6b4e184b255a023179fceb2d326f0563
.reloc 0x11000 0x11fc 0x2000 3.10 03441ceb9998fa51b8338a962ebfa2e0

( 4 imports )
> Msi.dll: -
> KERNEL32.dll: LoadLibraryA, GetSystemDefaultLCID, GetUserDefaultLCID, GetProcAddress, FreeLibrary, GetVersionExA, FindNextFileA, FindFirstFileA, GetModuleFileNameA, LoadLibraryExA, FormatMessageA, GetLastError, Sleep, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetThreadLocale, FindClose, ExitProcess, SetHandleCount, HeapFree, HeapAlloc, GetCommandLineA, GetVersion, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FreeEnvironmentStringsW, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, SetFilePointer, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, WriteFile, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, InterlockedDecrement, InterlockedIncrement, RtlUnwind, SetStdHandle, FlushFileBuffers, CloseHandle
> USER32.dll: wsprintfA
> ADVAPI32.dll: OpenSCManagerA, RegCloseKey, OpenServiceA, QueryServiceStatus, StartServiceA, ControlService, CloseServiceHandle, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA

( 9 exports )
VSC_ExportINI, VSC_MSI_ImportCustom, VSC_MSI_ImportTask, VSC_MSI_RemoveMirrorTasks, VSC_MSI_RemoveUpdateTasks, VSC_MSI_RemoveVShieldTasks, VSC_MSI_Shutdown, VSC_MSI_Startup, VSC_MSI_UnloadMcShieldDriver
0
Réponse 17 / 27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 nov. 2008 à 17:04
Bonjour,

on regarde ça :

ouvre le Bloc-Notes, cherche :

C:\Windiows\system32\drivers\etc\Hosts

Poste les 20 premières et les 20 dernières lignes.

-------------

Tu es redirigé où ?
0
Réponse 18 / 27
Québec07
1 nov. 2008 à 17:11
Salut, je t'avoue ne pas subir de redirection depuis hier. Mais bon, dès qu'il me redirige, je le posterai. C'est vraiment des trucs bidons, genre sur une page de Yellowpages, je me souviens pas des autres.

voici le rapport, j'ai cherché C:\Windows\system32\drivers\etc\Hosts puisque j'ai pris le «i» dans windows comme une erreur de frappe.

voici:

Fichier HOSTS reçu le 2008.09.05 17:54:48 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.5.1 2008.09.05 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.05 -
Avast 4.8.1195.0 2008.09.05 -
AVG 8.0.0.161 2008.09.05 -
BitDefender 7.2 2008.09.05 -
CAT-QuickHeal 9.50 2008.09.02 -
ClamAV 0.93.1 2008.09.05 -
DrWeb 4.44.0.09170 2008.09.05 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6071 2008.09.05 -
Ewido 4.0 2008.09.05 -
F-Prot 4.4.4.56 2008.09.04 -
F-Secure 8.0.14332.0 2008.09.05 -
Fortinet 3.14.0.0 2008.09.03 -
GData 19 2008.09.05 -
Ikarus T3.1.1.34.0 2008.09.05 -
K7AntiVirus 7.10.443 2008.09.05 -
Kaspersky 7.0.0.125 2008.09.05 -
McAfee 5377 2008.09.04 -
Microsoft 1.3903 2008.09.05 -
NOD32v2 3419 2008.09.05 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.04 -
PCTools 4.4.2.0 2008.09.05 -
Prevx1 V2 2008.09.05 -
Rising 20.60.42.00 2008.09.05 -
Sophos 4.33.0 2008.09.05 -
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.05 -
TheHacker 6.3.0.8.072 2008.09.04 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.05 -
ViRobot 2008.9.5.1365 2008.09.05 -
VirusBuster 4.5.11.0 2008.09.05 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Information additionnelle
File size: 686 bytes
MD5...: 918ff058c9abbfe4e28081742d370268
SHA1..: d62552a1513d20f10ae0fc02cf7b547421385581
SHA256: f4b731bba205dfdefcca962ad8f67594048b80a8dd3a3d15d92041d1fc4ce7bd
SHA512: a4ac34d449f44f9becaa5331a340d44350ff54b95cff8bc4a7e0e0fe50d5878c
46cffd1dca6c177c2582b9ccff0d866f55000a2d8b13524cd8fe9f0bb1feca39
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
0
Réponse 19 / 27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 nov. 2008 à 18:18
Re,

ce n'est pas vraiment ce que je voulais.

Ouvre le fichier Hosts dans le Bloc-notes et copie le ici.

Le i est une faute de rappe.

Le fichier peut être très long. D'où ma demande de limiter aux lignes du début et de la fin.
0
Réponse 20 / 27
Québec07
2 nov. 2008 à 16:33
Désolé j'avais mal compris. J'ai ouvert le fichier dans le bloc notes mais ce qu'il contient est très court et ne me semble pas très utile, mais bon , voici:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses