Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

besoin d'aides. rapport inside

bob2N

Par bob2N
dans Analyses et éradication malwares

 Partager

Messages recommandés

rabbit38 Junior Member

rabbit38

Posté(e)
Posté(e)

salut je suis nouveau ! quelqu un pourrais m aider en regardant mon rapport :

 

 

SmitFraudFix v2.424

 

Rapport fait à 13:06:50,41, 29/04/2010

Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Documents and Settings\Administrateur\Local Settings\Temp\YouUpService\YouupService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\WINDOWS\vVX1000.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: TRENDnet Wireless N PC Card/PCI Adapter - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{31F1ED7C-ECFE-4F7C-BF93-7A71A9C721E5}: NameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8483955A-6B87-4C48-BC2B-E21A9EA4C677}: NameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{31F1ED7C-ECFE-4F7C-BF93-7A71A9C721E5}: NameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{8483955A-6B87-4C48-BC2B-E21A9EA4C677}: NameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{31F1ED7C-ECFE-4F7C-BF93-7A71A9C721E5}: NameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{8483955A-6B87-4C48-BC2B-E21A9EA4C677}: NameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

merci beaucoup

pear Devil Member !

pear

Posté(e)
Posté(e)

Rabbit, ouvrez votre propre sujet si vous voulez de l'aide!

 

 

Bonjour Bob,

 

Pas de c:\qoobox non plus ?

 

Recherche de rootkit

Télécharger The Avenger par Swandog46 sur le Bureau.

 

Cliquez Enregistrer

Cliquer sur Bureau

Fermer la fenêtre:

Dézipper:par clic droit->Extraire ici:

Fermez toutes les fenêtres et toutes les applications en cours,

puis double-cliquez sur l'icône placée sur votre bureau(L'Epée):

 

The Avenger sait rechercher des rootkits cachés(par définition) .

Pour pour activer cette fonction:

Vérifiez que la case "Scan for rootkits[/b" est bien cochée.( Elle l'est par défaut).

img-1551516p1eb.jpg

 

Ne pas autoriser The Avenger à désactiver automatiquement tous les rootkits qu'il trouve.

 

Cliquez sur exécute.

la recherche de rootkits se fera au redémarrage , avant l'installation de Windows.

Un fichier log s'ouvrira que vous pourrez retrouver ici : C:\avenger.txt

Copiez /collez le résultat dans votre réponse.

bob2N Member

bob2N

Posté(e)
  • Auteur
Posté(e)

bonsoir, je n'ai eu qu'un log rsit cette fois, normal??

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Griez at 2010-05-02 23:33:27

Microsoft Windows XP Professionnel Service Pack 1

System drive C: has 49 GB (63%) free of 79 GB

Total RAM: 190 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:52, on 02/05/2010

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\Griez\Bureau\RSIT.exe

C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

--

End of file - 7007 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-07 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-07 538008]

"F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801]

"F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624]

"F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=1

"DisableRegistryTools"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité"

"C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec"

"C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec"

"C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec"

"C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec"

"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec"

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"

"C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec"

"C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec"

"C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec"

"C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec"

"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec"

"C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité"

 

======List of files/folders created in the last 1 months======

 

2010-04-29 19:07:29 ----A---- C:\WINDOWS\PEV.exe

2010-04-29 19:07:29 ----A---- C:\WINDOWS\MBR.exe

2010-04-29 19:06:47 ----D---- C:\11635-CF

2010-04-29 19:06:16 ----D---- C:\Qoobox

2010-04-29 01:10:15 ----A---- C:\Ad-Report-CLEAN[2].txt

2010-04-29 00:40:29 ----A---- C:\Ad-Report-SCAN[2].txt

2010-04-28 00:02:53 ----D---- C:\rsit

2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-25 18:29:36 ----D---- C:\tdsskiller

2010-04-24 19:27:46 ----A---- C:\lopR.txt

2010-04-24 19:27:08 ----D---- C:\Lop SD

2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt

2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt

2010-04-24 18:08:26 ----D---- C:\Ad-Remover

 

======List of files/folders modified in the last 1 months======

 

2010-05-02 23:33:26 ----D---- C:\WINDOWS\Prefetch

2010-05-02 23:25:39 ----D---- C:\Program Files\Mozilla Firefox

2010-05-02 22:52:46 ----D---- C:\WINDOWS\Temp

2010-05-02 22:50:33 ----D---- C:\WINDOWS\System32\drivers

2010-05-02 22:49:36 ----D---- C:\WINDOWS

2010-05-02 01:47:05 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-29 19:47:41 ----D---- C:\WINDOWS\System32\CatRoot2

2010-04-29 19:46:03 ----D---- C:\WINDOWS\ERDNT

2010-04-29 19:39:16 ----A---- C:\WINDOWS\system.ini

2010-04-29 19:31:35 ----D---- C:\WINDOWS\System32\config

2010-04-29 19:27:51 ----D---- C:\WINDOWS\system32

2010-04-29 19:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-04-29 19:23:04 ----D---- C:\WINDOWS\AppPatch

2010-04-29 19:22:55 ----D---- C:\Program Files\Fichiers communs

2010-04-29 00:25:06 ----RSHDC---- C:\WINDOWS\System32\dllcache

2010-04-27 17:33:17 ----RD---- C:\WINDOWS\Offline Web Pages

2010-04-26 01:32:30 ----RD---- C:\Program Files

2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft

2010-04-24 01:32:50 ----D---- C:\WINDOWS\Minidump

2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320]

R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys []

R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys []

R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys []

R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys []

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]

S3 catchme;catchme; \??\C:\DOCUME~1\Griez\LOCALS~1\Temp\catchme.sys []

S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]

S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]

S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]

S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]

S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]

S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]

S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]

S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]

S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]

S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]

S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-07 152984]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768]

 

-----------------EOF-----------------

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

 

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous avez chargée sera obsolète dans quelques jours.

Pour supprimer Combofix:

Démarrer > Exécuter ->ComboFix /uninstall

 

Supprimez C:\qoobox si vous le trouvez

 

Télécharger sur le bureauOTM by OldTimer .

Double-clic sur OTM.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

* Copiez /Collez les lignes ci dessous) en vert:

:Processes

:Files

c:\program files\search settings\searchsettings.exe

:Reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"DisableTaskMgr"=-

"DisableRegistryTools"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"DisableTaskMgr"=-

"DisableRegistryTools"=-

 

:Commands

[purity]

[emptytemp]

[Reboot]

Revenez dans OTM,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTM

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTM\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

Java n'est pas à jour,donc vulnérable.

Téléchargez Javara

vers le bureau.

Dézippez.

lancez Javara.exe

img-165600guz3m.jpg

clic sur mise à jour via jucheck

img-165921ff2rg.jpg

Si problème il y avait, cliquez la seconde option:

"Mettre à jour par le site de Sun"

 

clic sur installer

 

Revenez dans JavaRa

 

Cliquez Effacer les anciennes versions

Puis..... Autres Options ->Cocher Effacer les fichiers JRE Inutiles ->Exécuter

bob2N Member

bob2N

Posté(e)
  • Auteur
Posté(e)

rapport OTM:

 

23:14 03/05/2010All processes killed

========== PROCESSES ==========

========== FILES ==========

File/Folder c:\program files\search settings\searchsettings.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableTaskMgr not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableRegistryTools not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableTaskMgr not found.

Registry value 23:14 03/05/2010HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableRegistryTools not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Griez

->Temp folder emptied: 4993567 bytes

->Temporary Internet Files folder emptied: 98706 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 35000189 bytes

->Flash cache emptied: 2454 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->FireFox cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 254976 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 39,00 mb

 

 

OTM by OldTimer - Version 3.1.12.0 log created on 05032010_230620

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bien,

 

Dites moi s'il y a encore quelque chose qui n'irait pas.

Postez un nouveau Rsit, svp.

 

Il faudra penser à installer le sp3 car le support Microsoft pour Sp1 , sp2 s'arrêtera mi-juillet prochain, sp3 en 2014.

Modifié par pear
bob2N Member

bob2N

Posté(e)
  • Auteur
Posté(e) (modifié)

l'antivrus ne fonctionne toujour pas, bloqué par l'administrateur comme le gestionnaires des taches, sinon ça va :P

 

j'ai peut etre oublier de dire que le windows etait un crack :s

 

edit: le scan

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Griez at 2010-05-04 18:58:47

Microsoft Windows XP Professionnel Service Pack 1

System drive C: has 53 GB (67%) free of 79 GB

Total RAM: 190 MB (15% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:15, on 04/05/2010

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Griez\Bureau\RSIT.exe

C:\Documents and Settings\Griez\Mes documents\alain.griez\Griez.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Pack Sécurité.lnk = C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Griez\Application Data\Dealio\kb127\res\DealioSearch.html

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Securitoo\av_fw\FSPC\fspcmsie.dll

O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

--

End of file - 6720 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-07 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 325864]

"F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2006-04-02 458801]

"F-Secure Startup Wizard"=C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE [2006-09-01 794624]

"F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2006-09-01 671744]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 163840]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2009-09-16 6677872]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Pack Sécurité.lnk - C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=1

"DisableTaskMgr"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité"

"C:\Program Files\Microsoft Works\WksSb.exe"="C:\Program Files\Microsoft Works\WksSb.exe:*:Enabled:ipsec"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe:*:Enabled:ipsec"

"C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe:*:Enabled:ipsec"

"C:\Program Files\Microsoft Works\wkfud.exe"="C:\Program Files\Microsoft Works\wkfud.exe:*:Enabled:ipsec"

"C:\WINDOWS\System32\dwwin.exe"="C:\WINDOWS\System32\dwwin.exe:*:Enabled:ipsec"

"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec"

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec"

"C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\avc.exe:*:Enabled:ipsec"

"C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe"="C:\Program Files\ImTOO\PSP Video Converter 3\videoenc.exe:*:Enabled:ipsec"

"C:\Program Files\Search Settings\SearchSettings.exe"="C:\Program Files\Search Settings\SearchSettings.exe:*:Enabled:ipsec"

"C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ipsec"

"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec"

"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\CF31222.exe"="C:\WINDOWS\system32\CF31222.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpconq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\etpbsc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winylwg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwaldae.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwtopq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lailbp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winvhkqf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\dqodq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winjaftx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tcpiuu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windpaqb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winbomxgl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaxuxcf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windsxxyi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winaavawr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\elmfl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tyld.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winkvsa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winoskbf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\hlete.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\yubad.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vqirmj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lwfub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhnxqf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lawtd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhokq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyyvdik.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vbvy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winuuje.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxaih.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winpxub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwotkm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tmwc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winnpoy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winymrjn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\geiwnw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winquomfu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winytlo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsub.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlkudo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uthv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winldjdn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winttiquh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nbrasv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winyvvhtg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\aryug.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrknknw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winrorix.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\lixlrw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winukmvav.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\xieq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winfytn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxbou.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlsttr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxdit.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fkapbs.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\ebdso.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winmrmsb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwrppg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winwdfxx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winolcqa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winlvqoao.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\fyes.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wintyyv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\vkml.exe:*:Enabled:ipsec"

"C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqbks.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windmbi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\tohi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rcyw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windkxwm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winhsvwc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincxwwjh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winauruu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winxjtvwd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\uqbi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\rfocn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windvaycr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\windrnhvx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\wincrsgdk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\mmbl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\winqhpa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe"="C:\DOCUME~1\Griez\LOCALS~1\Temp\nvsud.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files\Securitoo\av_fw\backweb\361343\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité"

 

======List of files/folders created in the last 1 months======

 

2010-05-03 23:24:28 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-05-03 23:06:35 ----SHD---- C:\RECYCLER

2010-05-03 23:06:20 ----D---- C:\_OTM

2010-04-29 01:10:15 ----A---- C:\Ad-Report-CLEAN[2].txt

2010-04-29 00:40:29 ----A---- C:\Ad-Report-SCAN[2].txt

2010-04-28 00:02:53 ----D---- C:\rsit

2010-04-26 01:32:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-25 18:29:36 ----D---- C:\tdsskiller

2010-04-24 19:27:46 ----A---- C:\lopR.txt

2010-04-24 19:27:08 ----D---- C:\Lop SD

2010-04-24 18:46:36 ----A---- C:\Ad-Report-CLEAN[1].txt

2010-04-24 18:09:26 ----A---- C:\Ad-Report-SCAN[1].txt

2010-04-24 18:08:26 ----D---- C:\Ad-Remover

 

======List of files/folders modified in the last 1 months======

 

2010-05-04 13:56:50 ----D---- C:\Program Files\Mozilla Firefox

2010-05-04 13:43:09 ----D---- C:\WINDOWS\Temp

2010-05-04 13:41:30 ----D---- C:\WINDOWS\System32\drivers

2010-05-03 23:54:17 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-03 23:40:47 ----D---- C:\WINDOWS\system32

2010-05-03 23:35:55 ----D---- C:\Program Files\Java

2010-05-03 23:24:29 ----D---- C:\WINDOWS\Prefetch

2010-05-03 23:24:28 ----SHD---- C:\WINDOWS\Installer

2010-05-03 23:24:27 ----D---- C:\Config.Msi

2010-05-03 23:24:25 ----D---- C:\Program Files\Fichiers communs\Java

2010-05-03 23:02:50 ----D---- C:\WINDOWS\System32\Restore

2010-05-03 23:01:33 ----D---- C:\WINDOWS

2010-05-03 23:01:07 ----D---- C:\WINDOWS\ERDNT

2010-05-02 22:49:36 ----D---- C:\WINDOWS\Minidump

2010-04-29 19:47:41 ----D---- C:\WINDOWS\System32\CatRoot2

2010-04-29 19:39:16 ----A---- C:\WINDOWS\system.ini

2010-04-29 19:31:35 ----D---- C:\WINDOWS\System32\config

2010-04-29 19:27:42 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-04-29 19:23:04 ----D---- C:\WINDOWS\AppPatch

2010-04-29 19:22:55 ----D---- C:\Program Files\Fichiers communs

2010-04-29 00:25:06 ----RSHDC---- C:\WINDOWS\System32\dllcache

2010-04-27 17:33:17 ----RD---- C:\WINDOWS\Offline Web Pages

2010-04-26 01:32:30 ----RD---- C:\Program Files

2010-04-24 02:01:45 ----SD---- C:\Documents and Settings\Griez\Application Data\Microsoft

2010-04-20 10:14:38 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320]

R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys []

R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys []

R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys []

R3 abp470n5;abp470n5; \??\C:\WINDOWS\System32\drivers\sinkhg.sys []

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 USB_RNDIS;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-28 11136]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]

S3 catchme;catchme; \??\C:\DOCUME~1\Griez\LOCALS~1\Temp\catchme.sys []

S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]

S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]

S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]

S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]

S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]

S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]

S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]

S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]

S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]

S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]

S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\System32\ZDCndis5.SYS []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69376]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BackWeb Plug-in - 361343;Pack Sécurité; C:\PROGRA~1\SECURI~1\av_fw\backweb\361343\Program\SERVIC~1.EXE [2008-03-07 32807]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 166768]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]

S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2002-08-29 24064]

 

-----------------EOF-----------------

Modifié par bob2N

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...