Ajout élément base de registre

Bonjour lyonnais 92,

Ton tuto est clair. J'ai fait ce que tu m' as demandé. Si dessous le rapport Hiackthis

Encoremerci pour ton aide

@+ Navykool

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:53, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\trend micro\xxxx_xxxxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\LOGICI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [iiywqoc] "c:\documents and settings\xxxx_xxxxx\local settings\application data\iiywqoc.exe" iiywqoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: avast! Antivirus
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1bc211824ec644d09a8e05dcc97e6661
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1bc211824ec644d09a8e05dcc97e6661
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\LOGICI~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\LOGICI~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {51550AE6-B837-46B7-82EA-7C235510E1ED} (PGICttrl Class) - https://bl.ews.com.fr/Kits/PGIStartX.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Bonjour Lyonnais92,

J'ai suivi tes instructions et copié le résultat de la recherche (voir ci-dessous).

Sinon concernant le jeu "Ghost Recon Advanced Warfighter", je ne le connais que de nom et "AGEIA PhysX" est un logiciel d'accélérateur de matériel pour rendre les effets plus réalistes. Il est utilisé par les développeurs de jeux vidéos si je ne me trompe pas. Je suis plutôt de la génération "Doom" ou "Hérétic". Je n'ai plus beaucoup de temps pour jouer.

Ton aide est précieuse

Bonne journée

@+ navykool




Search Navipromo version 3.6.7 commencé le 31/10/2008 à 7:20:57.82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "xxxx_xxxxx"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
Live-Player

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\xxxx_xxxxx\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\xxxx_xxxxx\locals~1\applic~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\xxxx_xxxxx\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\xxxx_xxxxx\locals~1\applic~1" *



*** Recherche fichiers ***


c:\docume~1\alluse~1\bureau\Live-Player.lnk trouvé !
C:\WINDOWS\prefetch\LIVE-PLAYER.EXE-21A6817A.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\xxxx_xxxxx\locals~1\applic~1" :

qoeks.dat trouvé !
qoeks.exe trouvé !
qoeks_nav.dat trouvé !
qoeks_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 31/10/2008 à 7:28:25.70 ***

Bonsoir,

Cet activeX me sert pour l'utiilisation d'un logiciel de comptabilité hébergé.

L'autre jour, tu m'as posé des questions concernant des logiciels de jeux. Tu aimes les jeux d'infiltration.

@+

Navykool

Bonsoir Lyonnais92,

J'ai acheté ce logiciel dans le commerce. Je ne pense pas qu'il soit contaminé par un virus. J'ai vérifié sous virustotal et le rapport indique aucun virus

Fichier AtoutClic_CE1.exe reçu le 2008.11.24 20:21:18 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.24 -
AntiVir 7.9.0.35 2008.11.24 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.24 -
eTrust-Vet 31.6.6225 2008.11.24 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 -
Fortinet 3.117.0.0 2008.11.24 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3636 2008.11.24 -
Norman 5.80.02 2008.11.24 -
Panda 9.0.0.4 2008.11.24 -
PCTools 4.4.2.0 2008.11.24 -
Rising 21.05.02.00 2008.11.24 -
SecureWeb-Gateway 6.7.6 2008.11.24 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.161 2008.11.24 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.24.1483 2008.11.24 -
VirusBuster 4.5.11.0 2008.11.24 -

Information additionnelle
File size: 4701134 bytes
MD5...: f018bc5e6f2716578d32f70c8f95f816
SHA1..: 8a4d11224efe0815257217061a5e9be3fd3090f7
SHA256: 2cd1d2707025beeb6cd09b650990d4d563726b9c597adaf457d1fd31c0ab7805
SHA512: e9a8c3a8c2ac9e8bc4aac1337d29e17dc511e116a395915ecaaf552540aefdcd<BR>758abf5fd4310c8637861f385d691c8792675651909b577d5376d8cab12b8bce<BR>
ssdeep: 98304:3BydzBg18kuwx3vFmBu7M/jv7g9uspEeFEn51yRb:3BydiuwxnMAhpEP5u<BR>b<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Windows OCX File (52.3%)<BR>Win32 EXE PECompact compressed (generic) (17.6%)<BR>Win32 Executable MS Visual C++ (generic) (15.9%)<BR>Windows Screen Saver (5.5%)<BR>Win32 Executable Generic (3.6%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x20003d94<BR>timedatestamp.....: 0x41400137 (Thu Sep 09 07:07:35 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x70ea 0x8000 6.15 c20558ef4284d8c1c33a85698989e43f<BR>.rdata 0x9000 0x120a 0x2000 3.61 292acd05794dc565b4662ad1678a1072<BR>.data 0xb000 0x453c 0x3000 0.95 f2c8ae1f5dc0bc1f2cc42e58c2c57359<BR>.rsrc 0x10000 0xaaa8 0xb000 5.69 187aeea1cfdae2b8d889934d74a1078e<BR><BR>( 4 imports ) <BR>> KERNEL32.dll: GlobalAlloc, CreateFileA, _lwrite, _lclose, _llseek, _lopen, _lread, _lcreat, SetErrorMode, GlobalUnlock, GlobalLock, FindNextFileA, FindFirstFileA, RemoveDirectoryA, FindClose, DeleteFileA, GetTempPathA, InterlockedIncrement, InterlockedDecrement, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetOEMCP, GetACP, GetCPInfo, SetFilePointer, FlushFileBuffers, SetStdHandle, HeapReAlloc, CreateDirectoryA, GlobalFree, GetVersionExA, GetCurrentProcess, GetLastError, GetSystemDefaultLangID, WinExec, LoadLibraryA, GetCurrentDirectoryA, GetSystemDirectoryA, GetModuleHandleA, SetCurrentDirectoryA, GetProcAddress, FreeLibrary, GetModuleFileNameA, CreateThread, CloseHandle, GetFileAttributesA, ExitProcess, TerminateProcess, GetStartupInfoA, GetCommandLineA, GetVersion, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, HeapAlloc, VirtualAlloc<BR>> USER32.dll: ExitWindowsEx, LoadStringA, MessageBoxA, PostThreadMessageA, LoadImageA, AdjustWindowRectEx, GetDesktopWindow, GetWindowRect, CreateWindowExA, ShowWindow, UpdateWindow, LoadCursorA, RegisterClassA, GetMessageA, TranslateMessage, DispatchMessageA, DestroyWindow, BeginPaint, EndPaint, GetDC, InvalidateRect, ReleaseDC, GetWindowLongA, SetWindowLongA, PostQuitMessage, DefWindowProcA<BR>> GDI32.dll: GetObjectA, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, CreatePalette, SelectPalette, UnrealizeObject, RealizePalette, DeleteObject<BR>> ADVAPI32.dll: OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegQueryValueA, RegCloseKey<BR><BR>( 0 exports ) <BR>

J'ai fait la même chose pour le fichier install.exe. Il y a uniquement sous panda qu'il suppecte le fichier. Tu peux voir le rapport ci-dessous.

Fichier install.exe reçu le 2008.11.24 20:31:27 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.24 -
AntiVir 7.9.0.35 2008.11.24 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.24 -
eTrust-Vet 31.6.6225 2008.11.24 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.24 -
Fortinet 3.117.0.0 2008.11.24 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3636 2008.11.24 -
Norman 5.80.02 2008.11.24 -
Panda 9.0.0.4 2008.11.24 Suspicious file
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.24 -
Rising 21.05.02.00 2008.11.24 -
SecureWeb-Gateway 6.7.6 2008.11.24 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.161 2008.11.24 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.24.1483 2008.11.24 -
VirusBuster 4.5.11.0 2008.11.24 -

Information additionnelle
File size: 120320 bytes
MD5...: 7d2701bbb4520c1b55968c8c0203fc5e
SHA1..: 6d3fcd3d6065ac2feece2f0153aff375a6df325b
SHA256: 6c102c262d3ca5682ea7eba852d644329dcac766c428d4812d09c9c66b14d7f6
SHA512: 2e01f283f01f73996170d0311368db871d5cfd76960f8e2504f08ad824e30aa4<BR>5cb1f3f2f4510d503b0a3eb14af2ecb80a2ddecd2a3ce3651f9e75adb0bc78ce<BR>
ssdeep: 3072:9c1sDuN4kae7bs2w0mSa964Jr+dqNnG3ED:9Ib7biSa978k<BR>
PEiD..: -
TrID..: File type identification<BR>Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4090cd<BR>timedatestamp.....: 0x41135586 (Fri Aug 06 09:55:18 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10ecc 0x11000 6.62 3986ee562a1d8223317ba2717b534b81<BR>.data 0x12000 0x2d38 0xe00 2.37 c1ef906ad871aac2e4e23b61d3d7984d<BR>.rsrc 0x15000 0xc000 0xb400 5.39 abcf5ca334b343676f87fa5ac37d87e2<BR><BR>( 5 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, CloseServiceHandle, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken<BR>> KERNEL32.dll: GetExitCodeProcess, WaitForSingleObject, GetLastError, CreateProcessA, IsBadWritePtr, lstrlenA, lstrcpyA, CloseHandle, CreateFileA, GetWindowsDirectoryA, GetFileAttributesA, GetTempPathA, GetPrivateProfileStringA, GetVersionExA, lstrcatA, LocalFree, WideCharToMultiByte, CreateSemaphoreA, SetFilePointer, WriteFile, OpenEventA, lstrcpynA, DeleteFileA, GetTempFileNameA, GetSystemDirectoryA, GetCurrentProcess, CreateMutexA, FreeLibrary, LoadLibraryExA, GetProcAddress, GetDiskFreeSpaceA, GetDriveTypeA, SetErrorMode, GetNumberFormatA, GetLocaleInfoA, FormatMessageA, CreateEventA, GetModuleFileNameA, CopyFileA, RemoveDirectoryA, CreateDirectoryA, TerminateProcess, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetStringTypeW, FindResourceA, SizeofResource, LoadResource, LockResource, FlushFileBuffers, SetStdHandle, GetStringTypeA, SetUnhandledExceptionFilter, HeapReAlloc, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, LCMapStringW, MultiByteToWideChar, LCMapStringA, GetCPInfo, GetOEMCP, GetACP, VirtualFree, VirtualQuery, GetSystemInfo, VirtualProtect, IsBadCodePtr, IsBadReadPtr, InitializeCriticalSection, Sleep, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, GetStartupInfoA, RtlUnwind, RaiseException, ExitProcess, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, TlsFree, SetLastError, TlsSetValue, TlsGetValue, TlsAlloc, HeapDestroy, HeapCreate, LoadLibraryA<BR>> USER32.dll: SetWindowPos, ClientToScreen, SystemParametersInfoA, GetWindowRect, MessageBoxA, ShowWindow, EndDialog, PostMessageA, GetDlgItem, SetWindowTextA, InvalidateRgn, UpdateWindow, PeekMessageA, TranslateMessage, DispatchMessageA, ExitWindowsEx, DialogBoxParamA, FindWindowA, LoadStringA, CharNextA, wsprintfA, GetDesktopWindow<BR>> SHLWAPI.dll: PathRemoveBlanksA, wnsprintfA, PathCombineA, PathQuoteSpacesA, PathAddBackslashA, StrDupA, PathUnquoteSpacesA, PathAppendA, PathFileExistsA, StrStrA, PathRemoveFileSpecA<BR>> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
CWSandbox info: http://research.sunbelt-software.com/...

Merci pour ton aide

Navykool

Bonjour lyonnais92,

J'ai suivi tes recommandations. J'ai installé le logiciel. J'ai bien le fichier log.text . J'ai ouvert ce fichier. Si j'ai bien compris c'est une image de ma base de registre. Comment je dois poster le contenu, une simple copie du fichier en réponse ou ajouter ce fichier à ma réponse. Merci pour ton aide.

@+

Navy kool

Bonsoir Lyonnais92,

J'ai un petit souci. Je ne peux pas copier log.text dans ma réponse. Je fais un essai en faisant un décopage du fichier en 2. Merci pour la prise encompte de mon problème.


Logfile of random's system information tool 1.04 (written by random/random)
Run by xxxx_xxxxx at 2008-10-26 08:15:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (10%) free of 10 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:35, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\xxxx_xxxxx\local settings\application data\qoeks.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxxx_xxxxx\Bureau\RSIT.exe
C:\Program Files\trend micro\xxxx_xxxxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunServices: [Windows File Migration Wizard] HIMENSYST.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [iiywqoc] "c:\documents and settings\yvan_legoc\local settings\application data\iiywqoc.exe" iiywqoc
O4 - HKCU\..\Run: [qoeks] "c:\documents and settings\xxxx_xxxxx\local settings\application data\qoeks.exe" qoeks
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: avast! Antivirus
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1bc211824ec644d09a8e05dcc97e6661
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1bc211824ec644d09a8e05dcc97e6661
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {51550AE6-B837-46B7-82EA-7C235510E1ED} (PGICttrl Class) - https://bl.ews.com.fr/Kits/PGIStartX.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFF1DFD-42D2-4C2E-97BF-50C630E17D75}: NameServer = 84.103.237.147 86.64.145.147
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

La suite


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-04-18 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-07 493856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-07 493856]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-04-18 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-12-19 65024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-22 335872]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2001-03-07 24576]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2002-12-28 77824]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-01-03 1385472]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=D:\qttask.exe [2006-10-25 282624]
"Windows File Migration Wizard"=HIMENSYST.EXE []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2006-10-13 190024]
"PCLEUSBTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe []
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2005-12-21 73728]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"adiras"=adiras.exe []
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-06 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"iiywqoc"=c:\documents and settings\xxxx_xxxxx\local settings\application data\iiywqoc.exe iiywqoc []
"qoeks"=c:\documents and settings\xxxx_xxxxx\local settings\application data\qoeks.exe [2008-10-25 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RadClock"=2
"InCDsrvR"=2
"InCDsrv"=2
"ATI Smart"=2
"Ati HotKey Poller"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
avast! Antivirus
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="MsgPlusLoader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"=C:\WINDOWS\System32\RadExe.dll [2004-03-25 147456]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Cegetel\ADSL\Wizard\NetAgent_ADSL.exe"="C:\Program Files\Cegetel\ADSL\Wizard\NetAgent_ADSL.exe:*:Enabled:Configuration de l'ADSL de Cegetel"
"C:\coktel\ADI5\TTS\SpeechCube.exe"="C:\coktel\ADI5\TTS\SpeechCube.exe:*:Disabled:SPeechCube"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"J:\PROGRAMME\VIDEO\i tune\iTunes.exe"="J:\PROGRAMME\VIDEO\i tune\iTunes.exe:*:Enabled:iTunes"
"D:\Logiciels\TV SUR PC\VLC\vlc.exe"="D:\Logiciels\TV SUR PC\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\coktel\ADI5\TTS\SpeechCube.exe"="D:\coktel\ADI5\TTS\SpeechCube.exe:*:Enabled:SPeechCube"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-26 08:15:50 ----D---- C:\Program Files\trend micro
2008-10-26 08:15:49 ----D---- C:\rsit
2008-10-24 06:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 05:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-10-15 21:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 21:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 21:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 21:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 21:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-15 20:50:51 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-15 05:01:56 ----D---- C:\Documents and Settings\xxxx_xxxxx\Application Data\Mozilla
2008-10-11 09:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-11 06:55:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-11 06:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-10 06:04:39 ----D---- C:\WINDOWS\ie7updates
2008-10-10 06:03:24 ----D---- C:\WINDOWS\WBEM
2008-10-10 06:03:23 ----D---- C:\WINDOWS\system32\fr-fr
2008-10-10 06:01:58 ----HDC---- C:\WINDOWS\ie7
2008-10-10 06:01:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-10 06:00:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-10 06:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-10 05:59:48 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-10 05:57:25 ----D---- C:\WINDOWS\network diagnostic
2008-10-10 05:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-10-10 05:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

======List of files/folders modified in the last 1 months======

2008-10-26 08:15:50 ----RD---- C:\Program Files
2008-10-26 07:32:54 ----D---- C:\WINDOWS\Temp
2008-10-26 07:31:28 ----D---- C:\WINDOWS\system32
2008-10-26 07:31:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-26 07:28:34 ----D---- C:\WINDOWS
2008-10-25 12:03:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 06:02:20 ----HD---- C:\WINDOWS\inf
2008-10-24 06:02:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 06:01:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 06:01:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-20 06:44:38 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-16 06:27:04 ----D---- C:\WINDOWS\Prefetch
2008-10-16 05:37:34 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 21:27:13 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 21:26:41 ----D---- C:\Program Files\Internet Explorer
2008-10-15 20:51:22 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 17:59:28 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 05:24:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-13 05:23:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-11 09:22:00 ----SD---- C:\Documents and Settings\xxxx_xxxxx\Application Data\Microsoft
2008-10-11 09:08:52 ----D---- C:\Program Files\Movie Maker
2008-10-11 09:07:47 ----D---- C:\Program Files\iTunes
2008-10-11 08:54:42 ----D---- C:\Program Files\Messenger
2008-10-11 08:53:30 ----D---- C:\Program Files\MessengerPlus! 3
2008-10-10 06:14:47 ----D---- C:\WINDOWS\Help
2008-10-10 06:03:27 ----D---- C:\WINDOWS\system32\config
2008-10-10 06:03:12 ----D---- C:\WINDOWS\Media
2008-10-08 04:19:31 ----D---- C:\WINDOWS\Minidump
2008-10-07 20:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 19:08:08 ----AC---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-03 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-01-03 27776]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-09-04 41984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RadProbe;Radeon Probe Driver; C:\WINDOWS\System32\DRIVERS\RadProbe.sys [2004-03-24 14300]
R3 st3bus28;st3bus28; C:\WINDOWS\System32\DRIVERS\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28; C:\WINDOWS\System32\DRIVERS\st3mp28.sys [2002-12-28 95328]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-01-03 99456]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 ATITool;ATITool; \??\C:\Program Files\ATITool\atitool.sys []
S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2005-12-21 19712]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 iatmunin;iatmunin; \??\C:\DOCUME~1\xxxx_L~1\LOCALS~1\Temp\iatmunin.sys []
S3 mgau;mgau; C:\WINDOWS\System32\DRIVERS\mgaum.sys [2001-08-23 320384]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PIXMCV;JVC Communication PIX-MCV Driver; C:\WINDOWS\System32\Drivers\pixmcvc.sys [2002-09-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture; C:\WINDOWS\System32\Drivers\pixmcva.sys [2002-10-03 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture; C:\WINDOWS\System32\Drivers\pixmcvv.sys [2002-11-28 21081]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-18 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-03 854528]
S4 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-03 854528]
S4 RadClock;RadClock; C:\WINDOWS\system32\RadClock.exe [2004-03-25 90112]

-----------------EOF-----------------