[rapport hijackthis]

Bonjour,

merci de tes infos. Je te poste les deux rapports demandés.

Merci

 

Bonjour,

 

Tu es victime d'une infection Smitfraud.

Peux-tu poster le rapport Antivir ?

======================

CI-DESSOUS LE RAPPORT ANTIVIR DEMANDE

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 28 novembre 2006 19:16

 

Scanning for 495093 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows 2000

Windows version: (Service Pack 4) [5.0.2195]

Username: Michel

Computer name: PCMICHEL

 

Version information:

AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:56

AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:33

LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:33

LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:33

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:27

ANTIVIR1.VDF : 6.36.0.9 1424384 06/09/2006 08:12:24

ANTIVIR2.VDF : 6.36.0.10 2048 06/09/2006 08:12:26

ANTIVIR3.VDF : 6.36.0.11 2048 06/09/2006 08:12:28

AVEWIN32.DLL : 7.2.0.14 1827328 04/09/2006 15:23:26

AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:04

AVREP.DLL : 6.36.0.3 794664 06/09/2006 09:04:08

AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:31

AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 07:00:28

AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:49

NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:55

RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:57

RCTEXT.DLL : 7.0.0.107 77864 07/09/2006 11:56:32

 

Configuration settings for the scan:

Jobname.......................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D,E,F,G,H

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 2

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Macro heuristic...............: 1

File heuristic................: 0

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: mardi 28 novembre 2006 19:16

 

 

The scan of running processes will be started

6 Processes were scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 18 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Michel\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Michel\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\awf\system.exe

[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/ServU-459264.A Backdoor server programs

[iNFO] The file was deleted!

C:\WINNT\system32\config\default

[WARNING] The file could not be opened!

C:\WINNT\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINNT\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINNT\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINNT\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINNT\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINNT\system32\config\software

[WARNING] The file could not be opened!

C:\WINNT\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINNT\system32\config\system

[WARNING] The file could not be opened!

C:\WINNT\system32\config\SYSTEM.ALT

[WARNING] The file could not be opened!

C:\WINNT\system32\drivers\atapi.sys

[WARNING] The file could not be opened!

E:\archives\applis\Dictionnaires\Slownik Techniczny Ang-pol Pol-ang.ace

[0] Archive type: ACE

--> Slownik techniczny ang-pol pol-ang\Skr¢t do Tlw.exe.lnk

[WARNING] Error creating the file

--> Slownik techniczny ang-pol pol-ang\WNT_STAP.TL

[WARNING] No further files can be extracted from this archive. The archive will be closed

E:\archives\jeux\Need For Speed 5 - Porsche Unleashed( 196,941,305) .exe

[0] Archive type: ZIP SFX (self extracting)

--> Need For Speed 5 - Porsche Unleashed/Need For Speed 5 - Porsche Unleashed/SETUPREG.EXE

[DETECTION] Contains signature of the dropper DR/Delphi.Gen

[iNFO] The file was deleted!

E:\archives\jeux\harry potter la chambre des secrets jeux pc francais +serial+cover+nocd\mackao-script-pour venir sur le chat edonkey(super).rar

[0] Archive type: RAR

--> mackao-script\moo.dll

[DETECTION] Contains signature of the dropper DR/IRC.Flood.BB.2

[iNFO] The file was deleted!

E:\archives\jeux\Tristan & Le Mystère Du Dragon\Jeux - Enfants - Tristan & Le Mystère Du Dragon - CloneCD - Français - LaLeLiLoLu for Spartateur.ace

[0] Archive type: ACE

--> Tristan & Le MystŠre Du Dragon\Clone\IMAGE.CCD

[WARNING] Error creating the file

--> Tristan & Le MystŠre Du Dragon\Clone\IMAGE.cue

[WARNING] No further files can be extracted from this archive. The archive will be closed

F:\NFS Porsche\Need For Speed 5 - Porsche Unleashed\Need For Speed 5 - Porsche Unleashed\SETUPREG.EXE

[DETECTION] Contains signature of the dropper DR/Delphi.Gen

[iNFO] The file was deleted!

 

 

End of the scan: mardi 28 novembre 2006 23:19

Used time: 4:03:48 min

 

The scan has been done completely.

 

5525 Scanning directories

380073 Files were scanned

4 viruses and/or unwanted programs were found

4 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

7597 Archives were scanned

20 Warnings

19 Notes

==============================================

 

Télécharge Smitfraudfix

Dézippe sur le Bureau.

Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)

Choisis l'Option 1 (Recherche)

Poste le premier rapport ici.

==============================================

CI-DESSOUS LE RAPPORT SMITFRAUD

SmitFraudFix v2.125

 

Rapport fait à 22:27:35,23, mer. 29/11/2006

Executé à partir de C:\Documents and Settings\Michel\Bureau\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michel\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\Virus-Bursters\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="http://f012.mail.caramail.lycos.fr/app/msg/mail/download/attach.jsp?im=271&id=0&cid=P1010465.JPG"'>http://f012.mail.caramail.lycos.fr/app/msg/mail/download/attach.jsp?im=271&id=0&cid=P1010465.JPG"

"SubscribedURL"="http://f012.mail.caramail.lycos.fr/app/msg/mail/download/attach.jsp?im=271&id=0&cid=P1010465.JPG"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

 

[HKEY_CLASSES_ROOT\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]

@="C:\WINNT\system32\xxfgmy.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]

@="C:\WINNT\system32\xxfgmy.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

======================================================

NOTE :

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

[rapport hijackthis]

Bonjour,

ai suivi à la lettre le mode opératoire de nettoyage pc en 4 phases (démarrage en mode sans echec, lancement antivir, redémarrage en mode normal puis lancement hijackthis.

je colle ci-dessous le rapport . Merci de votre aide!

======================================

Logfile of HijackThis v1.99.1

Scan saved at 09:19:26, on 29/11/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 (5.00.2920.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\AVGFRE~1\avgemc.exe

C:\WINNT\system32\drivers\CDAC11BA.EXE

C:\WINNT\System32\cisvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\cidaemon.exe

C:\Program Files\Brain Codec\isamonitor.exe

C:\Program Files\Brain Codec\pmsngr.exe

C:\Program Files\Brain Codec\isamini.exe

C:\Program Files\Brain Codec\pmmon.exe

C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe

C:\PROGRA~1\AVGFRE~1\avgcc.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINNT\system32\internat.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\AVGFRE~1\avgwb.dat

C:\Program Files\Hijackthis\HijackThis.exe

C:\WINNT\system32\ZoneLabs\UpdClient.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netissimo.tm.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par

 

Netissimo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

 

5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

 

files\google\googletoolbar2.dll

O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Brain Codec\isaddon.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Brain

 

Codec\iesplugin.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

 

Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI

 

HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe

 

C:\WINDOWS\SYSTEM32\DRIVERS\awf\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\awf\LSASS.exe

 

C:\WINDOWS\SYSTEM32\DRIVERS\awf\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\awf\serv-u.ini

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [internat.exe] internat.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program

 

files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program

 

files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

 

Files\ICQLite\ICQLite.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

 

C:\WINNT\web\related.htm

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program

 

Files\IrfanView\Ebay\Ebay.htm

O14 - IERESET.INF: START_PAGE_URL=http://www.netissimo.tm.fr

O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version5/Applet/vchatsign.cab

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

 

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

 

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

 

http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

 

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} -

 

http://installs.hotbar.com/installs/hbtool...SG2/hbtools.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

 

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

 

http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -

 

http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

 

http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) -

 

http://f012.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

 

http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINNT\system32\xxfgmy.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program

 

Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir

 

PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. -

 

C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers

 

communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program

 

Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network

 

Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program

 

Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner -

 

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra

 

Pro Home 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro

 

Home 2007\RpcSandraSrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe