Aller au contenu

mic

Membres
  • Compteur de contenus

    66
  • Inscription

  • Dernière visite

mic's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Merci beaucoup Thanos, pour cette aide précieuse, continuez le super travail que vous faites ! j'édite le titre du en résolu ! au revoir !
  2. voici donc le dernier rapport de mam : Malwarebytes' Anti-Malware 1.39 Version de la base de données: 2479 Windows 5.1.2600 Service Pack 2 24/07/2009 12:31:56 mbam-log-2009-07-24 (12-31-55).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 163138 Temps écoulé: 1 hour(s), 50 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 50 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161353.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161354.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161355.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161356.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161357.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161358.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161359.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161360.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161361.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161362.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161363.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161364.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161365.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161366.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161367.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161368.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161369.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161370.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161371.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161372.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161373.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161374.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161375.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161376.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161377.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161378.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161379.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161380.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161381.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161382.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161383.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161384.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161385.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161386.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161387.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161388.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161389.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161390.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161391.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161392.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161393.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161394.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161395.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161396.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161397.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161398.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161399.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161400.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161401.exe (Trojan.LowZones) -> Quarantined and deleted successfully. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161402.dll (Trojan.Vundo) -> Quarantined and deleted successfully. sinon ce n'est pas moi qui ai choisi la page de démarrage de firefox, je viens d'en mettre un e autre et le demarrage se fait tres bien plus du tout de messages d'erreur au demarrage de chaque appli ! le pieds !! lol
  3. voila le log de Logfile of random's system information tool 1.06 (written by random/random) Run by Ju Vaness at 2009-07-23 19:18:03 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 33 GB (36%) free of 92 GB Total RAM: 2047 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:08, on 23/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ASScrPro.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\PowerForPhone\PowerForPhone.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ASUSTPE.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Orange\Launcher\Launcher.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Orange\browser\browser.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ju Vaness\Bureau\RSIT(2).exe C:\Program Files\Trend Micro\HijackThis\Ju Vaness.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [] (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 User Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208022129250 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe -- End of file - 12162 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-04-04 2436160] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280] "ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784] "ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520] "Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2007-10-08 37232] "ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2007-10-08 33136] "ABLKSR"=C:\WINDOWS\ABLKSR\ABLKSR.exe [2006-01-02 61440] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648] "Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112] "PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-01-15 778240] "ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968] "ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-02-20 741376] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360] "ASUSTPE"=C:\WINDOWS\system32\ASUSTPE.exe [2006-10-14 69632] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97347755] C:\WINDOWS\system32\idfqfnqs.dll,s [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Ju Vaness\Menu Démarrer\Programmes\Démarrage CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-03-06 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "NoActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Orange\Browser\Browser.exe"="C:\Program Files\Orange\Browser\Browser.exe:*:Enabled:browser" "C:\Program Files\ASUS\ATK Media\DMedia.exe"="C:\Program Files\ASUS\ATK Media\DMedia.exe:*:Enabled:DMEDIA" "C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:AlertModule" "C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe"="C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe:*:Enabled:jucheck" "C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE"="C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE:*:Enabled:sm56hlpr" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched" "C:\Program Files\ATKOSD2\ATKOSD2.EXE"="C:\Program Files\ATKOSD2\ATKOSD2.EXE:*:Enabled:ATKOSD2" "C:\Program Files\PowerForPhone\PowerForPhone.exe"="C:\Program Files\PowerForPhone\PowerForPhone.exe:*:Enabled:PowerForPhone" "C:\Program Files\ASUS\ASUS Live Update\ALU.EXE"="C:\Program Files\ASUS\ASUS Live Update\ALU.EXE:*:Enabled:ALU" "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe:*:Enabled:PDVDServ" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper" "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE:*:Enabled:GUARDGUI" "C:\WINDOWS\ASScrPro.exe"="C:\WINDOWS\ASScrPro.exe:*:Enabled:ASScrPro" "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-07-23 19:18:03 ----D---- C:\rsit 2009-07-22 18:37:21 ----D---- C:\Documents and Settings\Ju Vaness\Application Data\Malwarebytes 2009-07-22 18:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-22 18:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-22 18:36:14 ----SHD---- C:\Recycled 2009-07-21 18:45:21 ----D---- C:\WINDOWS\temp 2009-07-21 18:45:20 ----A---- C:\ComboFix.txt 2009-07-20 19:51:34 ----A---- C:\WINDOWS\zip.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWSC.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWREG.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\sed.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\PEV.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\NIRCMD.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\grep.exe 2009-07-20 19:06:40 ----D---- C:\WINDOWS\ERDNT 2009-06-26 22:54:17 ----AD---- C:\Program Files\Furnish Pro ======List of files/folders modified in the last 1 months====== 2009-07-23 17:55:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt 2009-07-23 16:28:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-23 16:17:50 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-21 18:42:24 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-09-07 62016] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976] R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS [] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-06 1972736] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-14 4225920] R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968] R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-05 1260672] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024] S3 catchme;catchme; \??\C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208] S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112] S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680] S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360] S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176] S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568] S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-02 607576] R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-06 446464] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-04-24 73728] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040] R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-04 138168] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- et le fichier info : info.txt logfile of random's system information tool 1.06 2009-07-23 19:18:10 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1} -->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG Apple Software Update-->MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641} Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757} ASUS Live Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x040c -removeonly ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9 Asus_Camera_ScreenSaver-->"C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe" ASUSDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x040c -removeonly ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c00 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x040c -removeonly ATK Media-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9 ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly Avira AntiVir PersonalEdition Classic-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe" Didapages 1.1-->C:\Program Files\Didapages\uninst.exe eMule-->"C:\Program Files\eMule\Uninstall.exe" EoDesk3d 2.0-->"C:\Program Files\EoRezo\EoDesk3d\unins000.exe" eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe" Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log Galerie de photos Windows Live-->MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF} Glary Utilities 2.11.0.638-->"C:\Program Files\Glary Utilities\unins000.exe" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6} Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} L'Album de Bébé-->MsiExec.exe /I{FF1A5077-C7E9-442A-B57A-37C23606AEE4} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe" Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl NB Probe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Pixie 1.4.1-->D:\Pixie\unins000.exe Poker Academy Pro 2-->"C:\Program Files\PokerAcademyPro2\désinstaller.exe" Power4 Gear-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9 PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE} REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x40c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly Room Arranger (remove only)-->"C:\Program Files\Room Arranger\uninstall.exe" SoftwareUpdate 1.0-->"C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\unins000.exe" Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4} Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C} Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall USB2.0 1.3M WebCam-->C:\WINDOWS\StkUnist.exe VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinFlash-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x040c -removeonly Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe ======Security center information====== AV: Avira AntiVir PersonalEdition (outdated) ======System event log====== Computer Name: JUVANESS Event Code: 26 Message: Application popup : CLIStart.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162586 Source Name: Application Popup Time Written: 20090719181642.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ASUSTPE.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162585 Source Name: Application Popup Time Written: 20090719181642.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ctfmon.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162584 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ASScrProlog.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\gagujani.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162583 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : Rundll32.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162582 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23189 Source Name: H+BEDV AntiVir Time Written: 20090131142657.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23188 Source Name: H+BEDV AntiVir Time Written: 20090131142647.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 23187 Source Name: LightScribeService Time Written: 20090131142631.000000+060 Event Type: Informations User: Computer Name: JUVANESS Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 23186 Source Name: H+BEDV AntiVir Time Written: 20090131142628.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23185 Source Name: H+BEDV AntiVir Time Written: 20090131095629.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;%PIXIEHOME%\bin "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "PIXIEHOME"=D:\Pixie "SHADERS"=%PIXIEHOME%\shaders -----------------EOF-----------------
  4. ok je vais relancer un scan dès ce soir j'ai du quand même effacer les fichiers infectés mais apres avoir enregistré le rapport ! enfin je crois mais par précaution je vais recommencer ... merci thanos je te tiend au courant de la suite des evènements ! voila le log de Logfile of random's system information tool 1.06 (written by random/random) Run by Ju Vaness at 2009-07-23 19:18:03 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 33 GB (36%) free of 92 GB Total RAM: 2047 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:08, on 23/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ASScrPro.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\PowerForPhone\PowerForPhone.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ASUSTPE.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Orange\Launcher\Launcher.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Orange\browser\browser.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ju Vaness\Bureau\RSIT(2).exe C:\Program Files\Trend Micro\HijackThis\Ju Vaness.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [] (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 User Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208022129250 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe -- End of file - 12162 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-04-04 2436160] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280] "ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784] "ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520] "Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2007-10-08 37232] "ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2007-10-08 33136] "ABLKSR"=C:\WINDOWS\ABLKSR\ABLKSR.exe [2006-01-02 61440] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648] "Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112] "PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-01-15 778240] "ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968] "ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-02-20 741376] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360] "ASUSTPE"=C:\WINDOWS\system32\ASUSTPE.exe [2006-10-14 69632] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97347755] C:\WINDOWS\system32\idfqfnqs.dll,s [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Ju Vaness\Menu Démarrer\Programmes\Démarrage CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-03-06 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "NoActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Orange\Browser\Browser.exe"="C:\Program Files\Orange\Browser\Browser.exe:*:Enabled:browser" "C:\Program Files\ASUS\ATK Media\DMedia.exe"="C:\Program Files\ASUS\ATK Media\DMedia.exe:*:Enabled:DMEDIA" "C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:AlertModule" "C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe"="C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe:*:Enabled:jucheck" "C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE"="C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE:*:Enabled:sm56hlpr" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched" "C:\Program Files\ATKOSD2\ATKOSD2.EXE"="C:\Program Files\ATKOSD2\ATKOSD2.EXE:*:Enabled:ATKOSD2" "C:\Program Files\PowerForPhone\PowerForPhone.exe"="C:\Program Files\PowerForPhone\PowerForPhone.exe:*:Enabled:PowerForPhone" "C:\Program Files\ASUS\ASUS Live Update\ALU.EXE"="C:\Program Files\ASUS\ASUS Live Update\ALU.EXE:*:Enabled:ALU" "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe:*:Enabled:PDVDServ" "C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper" "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE:*:Enabled:GUARDGUI" "C:\WINDOWS\ASScrPro.exe"="C:\WINDOWS\ASScrPro.exe:*:Enabled:ASScrPro" "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-07-23 19:18:03 ----D---- C:\rsit 2009-07-22 18:37:21 ----D---- C:\Documents and Settings\Ju Vaness\Application Data\Malwarebytes 2009-07-22 18:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-22 18:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-22 18:36:14 ----SHD---- C:\Recycled 2009-07-21 18:45:21 ----D---- C:\WINDOWS\temp 2009-07-21 18:45:20 ----A---- C:\ComboFix.txt 2009-07-20 19:51:34 ----A---- C:\WINDOWS\zip.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWSC.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWREG.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\sed.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\PEV.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\NIRCMD.exe 2009-07-20 19:51:34 ----A---- C:\WINDOWS\grep.exe 2009-07-20 19:06:40 ----D---- C:\WINDOWS\ERDNT 2009-06-26 22:54:17 ----AD---- C:\Program Files\Furnish Pro ======List of files/folders modified in the last 1 months====== 2009-07-23 17:55:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt 2009-07-23 16:28:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-23 16:17:50 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-21 18:42:24 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-09-07 62016] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976] R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS [] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-06 1972736] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-14 4225920] R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968] R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-05 1260672] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024] S3 catchme;catchme; \??\C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208] S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112] S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680] S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360] S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176] S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568] S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-02 607576] R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-06 446464] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-04-24 73728] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040] R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-04 138168] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- et le fichier info : info.txt logfile of random's system information tool 1.06 2009-07-23 19:18:10 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1} -->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG Apple Software Update-->MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641} Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757} ASUS Live Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x040c -removeonly ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9 Asus_Camera_ScreenSaver-->"C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe" ASUSDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x040c -removeonly ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c00 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x040c -removeonly ATK Media-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9 ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly Avira AntiVir PersonalEdition Classic-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe" Didapages 1.1-->C:\Program Files\Didapages\uninst.exe eMule-->"C:\Program Files\eMule\Uninstall.exe" EoDesk3d 2.0-->"C:\Program Files\EoRezo\EoDesk3d\unins000.exe" eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe" Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log Galerie de photos Windows Live-->MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF} Glary Utilities 2.11.0.638-->"C:\Program Files\Glary Utilities\unins000.exe" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} L'Album de Bébé-->MsiExec.exe /I{FF1A5077-C7E9-442A-B57A-37C23606AEE4} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe" Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl NB Probe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Pixie 1.4.1-->D:\Pixie\unins000.exe Poker Academy Pro 2-->"C:\Program Files\PokerAcademyPro2\désinstaller.exe" Power4 Gear-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9 PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE} REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x40c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly Room Arranger (remove only)-->"C:\Program Files\Room Arranger\uninstall.exe" SoftwareUpdate 1.0-->"C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\unins000.exe" Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4} Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C} Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall USB2.0 1.3M WebCam-->C:\WINDOWS\StkUnist.exe VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinFlash-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x040c -removeonly Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe ======Security center information====== AV: Avira AntiVir PersonalEdition (outdated) ======System event log====== Computer Name: JUVANESS Event Code: 26 Message: Application popup : CLIStart.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162586 Source Name: Application Popup Time Written: 20090719181642.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ASUSTPE.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162585 Source Name: Application Popup Time Written: 20090719181642.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ctfmon.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162584 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : ASScrProlog.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\gagujani.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162583 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: Computer Name: JUVANESS Event Code: 26 Message: Application popup : Rundll32.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation. Record Number: 162582 Source Name: Application Popup Time Written: 20090719181641.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23189 Source Name: H+BEDV AntiVir Time Written: 20090131142657.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23188 Source Name: H+BEDV AntiVir Time Written: 20090131142647.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 23187 Source Name: LightScribeService Time Written: 20090131142631.000000+060 Event Type: Informations User: Computer Name: JUVANESS Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 23186 Source Name: H+BEDV AntiVir Time Written: 20090131142628.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: JUVANESS Event Code: 4113 Message: AntiVir has detected 'HEUR/Crypted' in the file C:\WINDOWS\system32\byXOefeB.dll Record Number: 23185 Source Name: H+BEDV AntiVir Time Written: 20090131095629.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;%PIXIEHOME%\bin "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "PIXIEHOME"=D:\Pixie "SHADERS"=%PIXIEHOME%\shaders -----------------EOF-----------------
  5. En effet thanos, les messages d'erreur n'apparaissent plus tout ! cool ! ^^ voicy le log de MBAM Malwarebytes' Anti-Malware 1.39 Version de la base de données: 2479 Windows 5.1.2600 Service Pack 2 22/07/2009 20:34:27 mbam-log-2009-07-22 (20-33-54).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 162335 Temps écoulé: 1 hour(s), 55 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 253 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Adware.EoRezo) -> No action taken. HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Adware.EoRezo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): C:\WINDOWS\system32\pnVes01 (Trojan.Agent) -> No action taken. Fichier(s) infecté(s): c:\WINDOWS\system32\nnsngvvn.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\ptmsrwsp.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\tkhwffwn.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\wpdceruf.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\gylwarxa.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\welqweom.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\ogcywyvf.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\lsmdslkv.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\iccjjhno.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\jctfdang.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\gnxcvnka.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\xupccbkl.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\eklkwfyd.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\kpyumkne.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\cpriqhqt.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\kyqsheui.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\keiilbpe.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\eupubywj.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\ocoqibup.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\dowfsddk.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\okhcpkcn.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\dthgetpw.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\msdgtxwl.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\asftmfaa.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\prpuxewi.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\yrynqoqe.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\flhmpqmd.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\rnrpncqr.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\wmertcqa.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\odgdjrmm.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\ydnmnpan.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\budsmlas.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\ehqxyrcy.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\gaiodrwc.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\mghtjbuy.exe (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\bdmabocq.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\qqskdmmq.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\ifdcxlwi.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\ktdwlbfr.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\cdokoehm.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\smetsblp.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\gplswnjx.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\hxlukoux.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\ncmhsjiq.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\ahuchbrh.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\jtijxbee.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\hbuiwnkh.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\ftuwmnfy.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\nuwyauvn.exe (Trojan.LowZones) -> No action taken. c:\WINDOWS\system32\qmrupsru.dll (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken. c:\documents and settings\ju vaness\Bureau\ASE_Setup_Free_fr.exe (Rogue.AntiSpywareSolutionPro) -> No action taken. c:\documents and settings\ju vaness\application data\EoRezo\softwareupdate\SoftwareUpdate.exe (Adware.EoRezo) -> No action taken. c:\documents and settings\ju vaness\application data\EoRezo\softwareupdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> No action taken. c:\program files\EoRezo\EoEngine.exe (Adware.EoRezo) -> No action taken. c:\program files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> No action taken. c:\program files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP284\A0155880.EXE (Rogue.AntiSpywareSolutionPro) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158148.exe (Worm.Koobface) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158149.exe (Worm.Koobface) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158191.exe (Worm.Koobface) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158208.exe (Worm.Koobface) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158222.exe (Worm.KoobFace) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160527.DLL (Rootkit.Agent) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160528.sys (Rootkit.Agent) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160530.exe (Worm.KoobFace) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160534.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160536.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160537.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160544.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160547.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160549.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160552.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160556.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160561.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160563.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160567.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160572.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160575.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160585.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160588.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160589.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160591.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160592.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160595.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160596.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160598.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160599.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160600.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160601.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160604.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160605.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160606.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160608.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160611.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160615.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160616.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160622.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160628.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160629.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160630.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160637.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160640.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160648.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160649.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160650.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160651.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160652.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160654.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160659.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160660.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160664.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160670.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160671.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160673.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160675.dll (Trojan.Downloader) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160677.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160678.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160679.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160681.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160682.DLL (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160686.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160687.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160688.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160695.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160696.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160698.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160701.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160704.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160707.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160708.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160711.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160715.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160719.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160720.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160724.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160727.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160733.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160735.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160747.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160750.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160751.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160752.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160753.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160755.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160757.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160759.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160760.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160762.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160763.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160767.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160773.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160775.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160776.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160779.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160781.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160782.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160783.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160784.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160787.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160788.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160789.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160791.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160797.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160801.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160808.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160810.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160812.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160813.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160815.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160816.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160818.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160819.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160824.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160825.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160826.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160827.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160831.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160832.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160836.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160838.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160840.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160844.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160845.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160849.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160853.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160854.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160855.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160856.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160863.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160865.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160866.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160869.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160870.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160871.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160875.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160876.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160877.DLL (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160881.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160882.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160883.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160887.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160888.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160889.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160890.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160898.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160902.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160905.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160907.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160910.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160911.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160912.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160917.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160919.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160920.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160921.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160925.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160926.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160927.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160928.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160929.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160930.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160932.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160937.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160938.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160939.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160941.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160944.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160947.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160948.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160952.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160954.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160959.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160961.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160967.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160971.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160974.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160975.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160977.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160980.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160981.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160982.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160983.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160985.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160986.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160988.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161148.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161149.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161150.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161151.dll (Trojan.Vundo) -> No action taken. c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161154.dll (Trojan.Vundo) -> No action taken. c:\WINDOWS\system32\nnnnKAro.dll.vir (Trojan.Vundo) -> No action taken. C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> No action taken.
  6. voila le script c'est bien passé voici le log : ComboFix 09-07-19.04 - Ju Vaness 21/07/2009 18:34.2.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1556 [GMT 2:00] Running from: c:\documents and settings\Ju Vaness\Bureau\mic.exe Command switches used :: c:\documents and settings\Ju Vaness\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\balinoto.dll" "c:\windows\system32\dedovewu.dll" "c:\windows\system32\epjqiukv.tmp" "c:\windows\system32\galifure.dll" "c:\windows\system32\guyewijo.dll" "c:\windows\system32\hsfd83jfdg.dll" "c:\windows\system32\juwozitu.dll.tmp" "c:\windows\system32\notabage.dll.tmp" "c:\windows\system32\qyrrbvfo.tmp" "c:\windows\system32\ranutoka.exe" "c:\windows\system32\ruvekifo.dll" "c:\windows\system32\sobipore.dll.tmp" "c:\windows\system32\tadezote.dll" "c:\windows\system32\tomuzipu.dll.tmp" "c:\windows\system32\veyesera.dll" "c:\windows\system32\veyoroda.dll.tmp" "c:\windows\system32\zomiduvi.dll.tmp" "c:\windows\system32\zotalobe.dll" "c:\windows\Tasks\AA4E62B2918A1A06.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\beep axis mode free c:\documents and settings\All Users\Application Data\beep axis mode free\64 beep.exe c:\documents and settings\All Users\Application Data\beep axis mode free\DRV WAY.exe c:\documents and settings\All Users\Application Data\beep axis mode free\funk way.dat c:\documents and settings\All Users\Application Data\beep axis mode free\Manager Corn.dat c:\documents and settings\All Users\Application Data\beep axis mode free\Manager Corn.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi c:\documents and settings\Ju Vaness\Application Data\Elsemapi\0 c:\documents and settings\Ju Vaness\Application Data\Elsemapi\enpxquss.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\gfczaash.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\Glue Ford Audio Skip.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\hqkpcpht.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\hrpylcyc.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\ilalgprx.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\ipzqizpw.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\jkgnoapy.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\lrhqvygl.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\NewLoud.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\nigxjjgp.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\pihqiakc.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\pkhbovyr.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\Poll lies type.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\qewyiona.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\ratftyjy.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\rpultqzc.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\silgcqel.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\trinfane.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\tuznndpy.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\wtjatebs.exe c:\documents and settings\Ju Vaness\Application Data\Elsemapi\yfenmphk.exe c:\windows\system32\balinoto.dll c:\windows\system32\dedovewu.dll c:\windows\system32\epjqiukv.tmp c:\windows\system32\galifure.dll c:\windows\system32\guyewijo.dll c:\windows\system32\juwozitu.dll.tmp c:\windows\system32\notabage.dll.tmp c:\windows\system32\qyrrbvfo.tmp c:\windows\system32\ranutoka.exe c:\windows\system32\ruvekifo.dll c:\windows\system32\sobipore.dll.tmp c:\windows\system32\tadezote.dll c:\windows\system32\tomuzipu.dll.tmp c:\windows\system32\veyoroda.dll.tmp c:\windows\system32\zomiduvi.dll.tmp c:\windows\Tasks\AA4E62B2918A1A06.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Winbh05 -------\Service_Winuy48 -------\Service_Winxd58 ((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 ))))))))))))))))))))))))))))))) . 2009-07-17 10:43 . 2009-07-17 10:43 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe 2009-07-13 18:06 . 2009-07-13 18:06 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1\itstv.exe 2009-07-13 08:37 . 2009-07-13 08:37 1 ---h--w- c:\windows\bf23567.dat 2009-07-07 07:36 . 2009-07-07 07:36 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe 2009-06-26 20:54 . 2009-06-26 20:54 -------- d---a-w- c:\program files\Furnish Pro 2009-06-25 07:00 . 2009-06-25 07:00 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9\itstv.exe 2009-06-21 18:51 . 2008-01-30 15:36 90112 ----a-w- c:\windows\unvise32.exe 2009-06-21 18:51 . 2009-06-21 18:51 -------- d-----w- c:\program files\Pixie 2009-06-21 17:47 . 2008-12-09 08:13 368224 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe 2009-06-21 17:47 . 2008-12-09 08:12 499296 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe 2009-06-21 17:47 . 2009-06-21 17:47 698903 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\unins000.exe 2009-06-21 17:47 . 2009-06-21 17:47 -------- d-----w- c:\documents and settings\Ju Vaness\Application Data\EoRezo 2009-06-21 17:47 . 2009-06-21 17:47 -------- d-----w- c:\program files\EoRezo 2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Room Arranger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-21 15:24 . 2009-06-21 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2009-06-21 15:23 . 2009-06-21 15:23 -------- d-----w- c:\program files\LogMeIn 2009-06-14 06:53 . 2008-07-22 19:06 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-10-08 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-08 33136] "ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440] "RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-01-15 778240] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968] "ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\LogMeInRemoteUser\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\Ju Vaness\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Orange\\Browser\\Browser.exe"= "c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"= "c:\\Program Files\\Fichiers communs\\France Telecom\\Shared Modules\\AlertModule\\0\\AlertModule.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\BIN\\jucheck.exe"= "c:\\Program Files\\Motorola\\SMSERIAL\\SM56HLPR.EXE"= "c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"= "c:\\Program Files\\ATKOSD2\\ATKOSD2.EXE"= "c:\\Program Files\\PowerForPhone\\PowerForPhone.exe"= "c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"= "c:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"= "c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\GUARDGUI.EXE"= "c:\\WINDOWS\\ASScrPro.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:sfx R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/06/2009 17:23 47640] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [18/04/2007 15:42 24576] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ATKHOT~1\ASNDIS5.SYS [08/10/2007 19:18 16269] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [05/06/2007 19:40 1260672] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [08/10/2007 19:59 57024] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - GETPADD *Deregistered* - GETPADD . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 15:36] 2009-07-21 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-04-25 15:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://y.lo.st uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Ju Vaness\Application Data\Mozilla\Firefox\Profiles\nbzryd5r.default\ FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-21 18:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(1900) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ATI2EVXX.EXE c:\windows\SYSTEM32\ATI2EVXX.EXE c:\program files\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\windows\SYSTEM32\ACS.EXE c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE c:\program files\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\program files\LOGMEIN\X86\RAMAINT.EXE c:\program files\LOGMEIN\X86\LOGMEIN.EXE c:\program files\LOGMEIN\X86\LMIGUARDIAN.EXE c:\program files\ASUS\NB PROBE\SPM\SPMGR.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\windows\SYSTEM32\ACENGSVR.EXE c:\program files\LOGMEIN\X86\LMIGUARDIAN.EXE c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE c:\program files\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\ALERTMODULE\0\ALERTMODULE.EXE c:\program files\Fichiers communs\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2009-07-21 18:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-21 16:45 ComboFix2.txt 2009-07-20 18:25 Pre-Run: 34 707 570 688 octets libres Post-Run: 34 657 861 632 octets libres 277
  7. donc voici le log de combofix ComboFix 09-07-19.04 - Ju Vaness 20/07/2009 20:12.1.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1367 [GMT 2:00] Running from: c:\documents and settings\Ju Vaness\Bureau\mic.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AntiSpywareExpert c:\program files\AntiSpywareExpert\BL.dat c:\program files\AntiSpywareExpert\WL.dat c:\program files\sFX c:\program files\sFX\SfX.DlL c:\program files\sFX\sfx.sys c:\windows\010112010146118114.dat c:\windows\0101120101465752.dat c:\windows\BM97347755.txt c:\windows\BM97347755.xml c:\windows\cookies.ini c:\windows\freddy49.exe c:\windows\ld12.exe c:\windows\PGMonitor.exe c:\windows\pskt.ini c:\windows\system32\aaemmr.dll c:\windows\system32\acxajoar.dll c:\windows\system32\acxjxlsj.dll c:\windows\system32\ahbudyxp.dll c:\windows\system32\ahebpcbx.dll c:\windows\system32\ajatuvob.ini c:\windows\system32\ajuniwes.ini c:\windows\system32\akdajqvt.ini c:\windows\system32\anoyuwar.ini c:\windows\system32\aojjjijf.ini c:\windows\system32\argfcc.dll c:\windows\system32\aririwiw.ini c:\windows\system32\aslbxr.dll c:\windows\system32\asxojt.dll c:\windows\system32\aucabwmj.dll c:\windows\system32\avhgce.dll c:\windows\system32\avwewfsc.dll c:\windows\system32\axhcncld.dll c:\windows\system32\banoroya.dll c:\windows\system32\baqqklnu.ini c:\windows\system32\bbxhnh.dll c:\windows\system32\bclcmjqg.ini c:\windows\system32\bclhob.dll c:\windows\system32\bebpncaq.dll c:\windows\system32\bebwhyui.ini c:\windows\system32\bgecja.dll c:\windows\system32\bguihd.dll c:\windows\system32\bhwglkne.dll c:\windows\system32\bjdasnkk.ini c:\windows\system32\bkxirmpp.dll c:\windows\system32\bmctebcc.ini c:\windows\system32\bmrrltpp.ini c:\windows\system32\bmykroeq.dll c:\windows\system32\bnrodx.dll c:\windows\system32\bohusika.dll c:\windows\system32\bokocnhs.dll c:\windows\system32\bpioshpt.ini c:\windows\system32\bqrnkuva.dll c:\windows\system32\btqetw.dll c:\windows\system32\butabefu.dll c:\windows\system32\bvidchxx.dll c:\windows\system32\bxbbhrlw.dll c:\windows\system32\byrskvrk.ini c:\windows\system32\bzgfda.dll c:\windows\system32\ccapexds.dll c:\windows\system32\ccicsdiv.dll c:\windows\system32\chevsqni.dll c:\windows\system32\chkryx.dll c:\windows\system32\chtuboyn.ini c:\windows\system32\clsbmlso.ini c:\windows\system32\coeqviwi.dll c:\windows\system32\cwcgwucm.dll c:\windows\system32\dagutmak.ini c:\windows\system32\dasulelo.dll c:\windows\system32\dbbuddbh.dll c:\windows\system32\dexflvyd.dll c:\windows\system32\dhiqtiot.dll c:\windows\system32\dhpmnb.dll c:\windows\system32\diheweru.dll c:\windows\system32\djunusrq.dll c:\windows\system32\djvvhext.ini c:\windows\system32\dkgkhhnp.dll c:\windows\system32\dkvjlcdm.dll c:\windows\system32\dmpsdcie.ini c:\windows\system32\dmtykk.dll c:\windows\system32\dosumh.dll c:\windows\system32\dsktqpds.dll c:\windows\system32\dwwayval.dll c:\windows\system32\eccagohx.ini c:\windows\system32\ecfdvvxk.dll c:\windows\system32\ecnooiux.dll c:\windows\system32\eemgqk.dll c:\windows\system32\ehyrgkod.dll c:\windows\system32\eicdspmd.dll c:\windows\system32\eicret.dll c:\windows\system32\eliwoniz.ini c:\windows\system32\elomebik.ini c:\windows\system32\elwjrw.dll c:\windows\system32\enbefcuu.ini c:\windows\system32\epjqiukv.ini c:\windows\system32\ermblwib.dll c:\windows\system32\eronhgse.dll c:\windows\system32\erufcj.dll c:\windows\system32\esuqcpsj.ini c:\windows\system32\etupepar.ini c:\windows\system32\eulqqadq.ini c:\windows\system32\evekqqar.ini c:\windows\system32\ewehubep.ini c:\windows\system32\ewyhiccd.dll c:\windows\system32\eyaminal.ini c:\windows\system32\fayebuzu.dll c:\windows\system32\fdcptmvw.ini c:\windows\system32\fdjjftsv.ini c:\windows\system32\fdlbtwbf.dll c:\windows\system32\ffydyt.dll c:\windows\system32\fhmqsohf.dll c:\windows\system32\fkusqiwj.dll c:\windows\system32\fmhssmyg.dll c:\windows\system32\fmtktwio.dll c:\windows\system32\fnjvnuoa.dll c:\windows\system32\fouxkomo.ini c:\windows\system32\frquhssg.ini c:\windows\system32\ftmpseyl.ini c:\windows\system32\fttvtcww.dll c:\windows\system32\fvfynq.dll c:\windows\system32\fwfnuygw.dll c:\windows\system32\fyirmehq.dll c:\windows\system32\gagujani.dll c:\windows\system32\gcvhip.dll c:\windows\system32\geoagu.dll c:\windows\system32\ggykrphx.dll c:\windows\system32\ghkngxfa.dll c:\windows\system32\gibijayu.dll c:\windows\system32\gifrtl.dll c:\windows\system32\gikuyaju.dll c:\windows\system32\gikysbll.dll c:\windows\system32\gjyyhrpo.dll c:\windows\system32\glabqv.dll c:\windows\system32\gofadadi.dll c:\windows\system32\gpfbrl.dll c:\windows\system32\grdxgy.dll c:\windows\system32\gsaqkknb.dll c:\windows\system32\gusogire.dll c:\windows\system32\guvuvara.dll c:\windows\system32\gvglffml.dll c:\windows\system32\gvigfoku.dll c:\windows\system32\gzqjvb.dll c:\windows\system32\hakodoso.dll c:\windows\system32\hakvsibe.dll c:\windows\system32\hbqlgeqv.ini c:\windows\system32\heunob.dll c:\windows\system32\hfevkfxu.dll c:\windows\system32\hfirlnui.dll c:\windows\system32\hfjvtmao.ini c:\windows\system32\hfodpkpm.dll c:\windows\system32\hgdljhdq.dll c:\windows\system32\hihogufe.dll c:\windows\system32\hjdmwlnu.dll c:\windows\system32\hlusdovf.ini c:\windows\system32\hmuapuwk.dll c:\windows\system32\hqtyojfx.ini c:\windows\system32\hsfd83jfdg.dll c:\windows\system32\htagoesx.ini c:\windows\system32\huuuthnv.dll c:\windows\system32\hxbhvwpc.dll c:\windows\system32\hxtqnmry.dll c:\windows\system32\iaeiylda.ini c:\windows\system32\ibbfncxo.dll c:\windows\system32\idfqfnqs.dll c:\windows\system32\idmjmkbi.dll c:\windows\system32\idofihog.ini c:\windows\system32\idosuros.ini c:\windows\system32\idwkus.dll c:\windows\system32\ieonbk.dll c:\windows\system32\ieuvjoat.dll c:\windows\system32\ifizakof.ini c:\windows\system32\ihfrddjw.ini c:\windows\system32\ihptklys.dll c:\windows\system32\ikafesar.ini c:\windows\system32\ikotuvun.ini c:\windows\system32\ilsmvwrt.ini c:\windows\system32\isaslhvd.dll c:\windows\system32\ituugk.dll c:\windows\system32\iuawxegd.ini c:\windows\system32\ixyuko.dll c:\windows\system32\jaavubqo.dll c:\windows\system32\jajkcxac.ini c:\windows\system32\japnfhwf.dll c:\windows\system32\jeteroje.dll c:\windows\system32\jevaziji.dll c:\windows\system32\jhiurdyc.dll c:\windows\system32\jirohowu.dll c:\windows\system32\jitubiyi.dll c:\windows\system32\jiwewena.dll c:\windows\system32\jiwrzj.dll c:\windows\system32\jjgoku.dll c:\windows\system32\jofaqp.dll c:\windows\system32\jopafuyi.dll c:\windows\system32\jroswh.dll c:\windows\system32\jrtwghea.ini c:\windows\system32\jseaykeu.ini c:\windows\system32\jspcquse.dll c:\windows\system32\jsxpmngo.dll c:\windows\system32\jtspssdy.dll c:\windows\system32\jubpwjrk.dll c:\windows\system32\jxgbvj.dll c:\windows\system32\kamtugad.dll c:\windows\system32\kawcigak.ini c:\windows\system32\kcdefg.dll c:\windows\system32\kevupavo.dll c:\windows\system32\kfacuyfv.dll c:\windows\system32\kfnumaro.dll c:\windows\system32\kiecroax.ini c:\windows\system32\kigebele.dll.tmp c:\windows\system32\kiseluzo.dll c:\windows\system32\kiyfrrso.ini c:\windows\system32\kqyput.dll c:\windows\system32\ktrfmbka.ini c:\windows\system32\ktskbvke.ini c:\windows\system32\kunuteva.dll c:\windows\system32\kuwyfq.dll c:\windows\system32\kvgxrlnk.ini c:\windows\system32\kxswrqyk.dll c:\windows\system32\kyqrwsxk.ini c:\windows\system32\lavyawwd.ini c:\windows\system32\lcyvrd.dll c:\windows\system32\lebevati.dll c:\windows\system32\legulr.dll c:\windows\system32\lenasoyu.dll c:\windows\system32\lhnwvgyp.ini c:\windows\system32\lhtalxxx.dll c:\windows\system32\lilukesu.dll c:\windows\system32\limpiuhg.dll c:\windows\system32\llbsykig.ini c:\windows\system32\llykym.dll c:\windows\system32\lmbbjhsk.dll c:\windows\system32\lnqikrba.ini c:\windows\system32\lofiketo.dll c:\windows\system32\lqbqfvax.dll c:\windows\system32\lqsdxi.dll c:\windows\system32\lquonnmy.dll c:\windows\system32\lriimhme.ini c:\windows\system32\lrxiqqie.dll c:\windows\system32\luydxnnl.dll c:\windows\system32\luyehije.dll c:\windows\system32\lvvmjclj.ini c:\windows\system32\lwpzkh.dll c:\windows\system32\maankh.dll c:\windows\system32\mavozebu.dll c:\windows\system32\mayabazo.dll c:\windows\system32\mcrh.tmp c:\windows\system32\mcxbml.dll c:\windows\system32\mdcljvkd.ini c:\windows\system32\mebhxebq.dll c:\windows\system32\melasora.dll c:\windows\system32\metefovu.dll c:\windows\system32\mgsdskrg.dll c:\windows\system32\mhufgdom.dll c:\windows\system32\mibawabo.dll c:\windows\system32\mlocwnqr.ini c:\windows\system32\mmfgffdq.dll c:\windows\system32\mmutblvx.dll c:\windows\system32\mnepguss.dll c:\windows\system32\mulanaha.dll c:\windows\system32\munemume.dll c:\windows\system32\mxlvctcr.ini c:\windows\system32\mxqsdbrr.ini c:\windows\system32\nemarato.dll c:\windows\system32\nemoswlw.ini c:\windows\system32\neojin.dll c:\windows\system32\nhvqqy.dll c:\windows\system32\njxwvoud.dll c:\windows\system32\nmrsovgb.dll c:\windows\system32\nnoiaxka.ini c:\windows\system32\nopayopa.dll c:\windows\system32\nusoyeta.dll c:\windows\system32\nyfosn.dll c:\windows\system32\nylhbl.dll c:\windows\system32\nyyybnyw.ini c:\windows\system32\oahvktqv.dll c:\windows\system32\obmdrmvo.dll c:\windows\system32\ocvekuto.ini c:\windows\system32\odehalav.ini c:\windows\system32\oepjfjpg.dll c:\windows\system32\ofikotut.ini c:\windows\system32\ogolphgn.dll c:\windows\system32\ohwqioib.dll c:\windows\system32\ojupefig.ini c:\windows\system32\oklejfkc.dll c:\windows\system32\oktuvy.dll c:\windows\system32\olsrihma.dll c:\windows\system32\olyiuvtr.dll c:\windows\system32\oodmfrge.dll c:\windows\system32\opkgaggy.ini c:\windows\system32\orAKnnnn.ini c:\windows\system32\orAKnnnn.ini2 c:\windows\system32\ovopckjw.dll c:\windows\system32\oxokdmeu.dll c:\windows\system32\oxqlyekp.ini c:\windows\system32\oxudwmss.dll c:\windows\system32\ozabayam.ini c:\windows\system32\ozsvak.dll c:\windows\system32\pac.txt c:\windows\system32\pdlanvqo.dll c:\windows\system32\pdorppjt.dll c:\windows\system32\pebuhewe.dll c:\windows\system32\pefupupu.dll c:\windows\system32\pgxsxqhh.ini c:\windows\system32\phxvvpfx.dll c:\windows\system32\pigutahu.dll c:\windows\system32\pmcsakam.dll c:\windows\system32\pqnqihnk.ini c:\windows\system32\prioaxvs.dll c:\windows\system32\ptqrwdnb.ini c:\windows\system32\pygvwnhl.dll c:\windows\system32\qfhjmsqy.dll c:\windows\system32\qfrucifs.dll c:\windows\system32\qfuakx.dll c:\windows\system32\qimeaz.dll c:\windows\system32\qjkbbums.ini c:\windows\system32\qlkgppfa.dll c:\windows\system32\qmapcybf.dll c:\windows\system32\qqitafkx.dll c:\windows\system32\qqpxsykr.dll c:\windows\system32\qspegrgb.ini c:\windows\system32\qsqtgdkx.ini c:\windows\system32\qttfiqrn.dll c:\windows\system32\qugzzz.dll c:\windows\system32\qwyuywij.dll c:\windows\system32\qyrrbvfo.ini c:\windows\system32\raoule.dll c:\windows\system32\rebwgfue.dll c:\windows\system32\remiesqd.ini c:\windows\system32\rfvvvvcr.dll c:\windows\system32\riyuny.dll c:\windows\system32\rksnpdte.dll c:\windows\system32\rktmvejp.ini c:\windows\system32\rlskaing.dll c:\windows\system32\rmilniep.dll c:\windows\system32\roivkred.dll c:\windows\system32\rojxrffj.ini c:\windows\system32\rqbymwdo.dll c:\windows\system32\rqtevtvt.ini c:\windows\system32\rrkyilps.dll c:\windows\system32\rrvyhwal.dll c:\windows\system32\ruhefwfw.dll c:\windows\system32\ruziveki.dll c:\windows\system32\sacilvit.dll c:\windows\system32\sbikhsfc.ini c:\windows\system32\sbthgo.dll c:\windows\system32\sctfcglk.dll c:\windows\system32\sebaruja.dll c:\windows\system32\seleziga.dll c:\windows\system32\sewinuja.dll c:\windows\system32\sguqkbyu.ini c:\windows\system32\shrlfj.dll c:\windows\system32\sikizela.dll c:\windows\system32\siwtaewb.dll c:\windows\system32\siyfgbxx.dll c:\windows\system32\skqktkcl.dll c:\windows\system32\sninma.dll c:\windows\system32\sorusodi.dll c:\windows\system32\ssmwduxo.ini c:\windows\system32\stsbbemx.dll c:\windows\system32\sukogude.dll c:\windows\system32\sxafcqfl.dll c:\windows\system32\tbywlysf.dll c:\windows\system32\tdcdxh.dll c:\windows\system32\tDfOYJlm.ini c:\windows\system32\tDfOYJlm.ini2 c:\windows\system32\teujpgom.ini c:\windows\system32\tevinuki.dll c:\windows\system32\tfqiaj.dll c:\windows\system32\tnhwvh.dll c:\windows\system32\tnsijh.dll c:\windows\system32\toitqihd.ini c:\windows\system32\tpkbdoqw.dll c:\windows\system32\ttoocm.dll c:\windows\system32\tutokifo.dll c:\windows\system32\txehvvjd.dll c:\windows\system32\txmnib.dll c:\windows\system32\txonefkb.dll c:\windows\system32\uapixpeh.ini c:\windows\system32\ubkembxp.ini c:\windows\system32\ucctak.dll c:\windows\system32\udkhshuo.ini c:\windows\system32\ufasxsct.ini c:\windows\system32\uidvsnlj.ini c:\windows\system32\ukfkikxr.dll c:\windows\system32\ulamapkw.dll c:\windows\system32\ulcbwpos.ini c:\windows\system32\umjnagcd.ini c:\windows\system32\unqemwwm.ini c:\windows\system32\uofhvvkr.dll c:\windows\system32\uomrltor.ini c:\windows\system32\uqclaixs.dll c:\windows\system32\usiojgpt.dll c:\windows\system32\utidyyba.dll c:\windows\system32\uvydmsnm.dll c:\windows\system32\uwgrrdpf.dll c:\windows\system32\uxdwdvsn.dll c:\windows\system32\uyfqfz.dll c:\windows\system32\vahuyayu.dll c:\windows\system32\vatikefo.dll.tmp c:\windows\system32\vbrjkt.dll c:\windows\system32\veyesera.dll.tmp c:\windows\system32\vgitudpu.ini c:\windows\system32\vgrilupq.dll c:\windows\system32\vitatada.dll c:\windows\system32\vixvadol.dll c:\windows\system32\vmuajwbh.dll c:\windows\system32\vnjwykqi.ini c:\windows\system32\vobuturi.dll c:\windows\system32\vozoyimi.dll c:\windows\system32\vpsdrabw.dll c:\windows\system32\vrvtblax.ini c:\windows\system32\vulmbesf.ini c:\windows\system32\vytbhp.dll c:\windows\system32\waoixhda.dll c:\windows\system32\wbhhgm.dll c:\windows\system32\wblixn.dll c:\windows\system32\wbpkdj.dll c:\windows\system32\wfnnelgj.dll c:\windows\system32\wfppdp.dll c:\windows\system32\wgkypi.dll c:\windows\system32\wiwirira.dll c:\windows\system32\wnmpgi.dll c:\windows\system32\wnvdnrlj.ini c:\windows\system32\wojifizi.dll c:\windows\system32\wpqeokxk.dll c:\windows\system32\wqgamlls.dll c:\windows\system32\wtcerlqj.dll c:\windows\system32\wtdkauqb.dll c:\windows\system32\wtpsiebj.dll c:\windows\system32\wtpsrl.dll c:\windows\system32\wunditrx.ini c:\windows\system32\wusjugvc.dll c:\windows\system32\wxyiwm.dll c:\windows\system32\xachdt.dll c:\windows\system32\xamynpit.ini c:\windows\system32\xaxezn.dll c:\windows\system32\xbdooe.dll c:\windows\system32\xlwklsyy.ini c:\windows\system32\xmlwhxeg.dll c:\windows\system32\xoxhgwet.dll c:\windows\system32\xseogath.dll c:\windows\system32\xtdklsms.ini c:\windows\system32\xtfbvhmq.dll c:\windows\system32\xwlraugq.ini c:\windows\system32\xwssbodd.ini c:\windows\system32\xwyogd.dll c:\windows\system32\xxgwfqsr.dll c:\windows\system32\yajulose.dll c:\windows\system32\ybgfrcoa.dll c:\windows\system32\ycoqgi.dll c:\windows\system32\ydccsyyw.dll c:\windows\system32\ydjawqjg.ini c:\windows\system32\ydocgtfv.ini c:\windows\system32\yekotafo.dll c:\windows\system32\yeuaemgv.ini c:\windows\system32\yggagkpo.dll c:\windows\system32\ygqakhhb.ini c:\windows\system32\yhaewwdg.ini c:\windows\system32\yirotiko.dll c:\windows\system32\yjgtbkin.dll c:\windows\system32\ykmmchvp.dll c:\windows\system32\yllsyg.dll c:\windows\system32\ymqlniwb.dll c:\windows\system32\yoefufrw.dll c:\windows\system32\ypgthmdd.ini c:\windows\system32\yqlyjbjo.dll c:\windows\system32\yubihohs.dll c:\windows\system32\yukksgwt.ini c:\windows\system32\yygjceox.dll c:\windows\system32\yzmpxg.dll c:\windows\system32\zezosivi.dll.tmp c:\windows\system32\zgfbxx.dll c:\windows\system32\zinowile.dll c:\windows\system32\zkobtp.dll c:\windows\system32\zkwast.dll c:\windows\system32\zntlwl.dll c:\windows\system32\zosiyaba.dll c:\windows\system32\zotalobe.dll.tmp c:\windows\system32\zrkhox.dll c:\windows\system32\zwfowj.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFX -------\Legacy_SFXDRV -------\Service_drv -------\Service_sfx -------\Service_sfxdrv ((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))) . 2009-07-17 10:43 . 2009-07-17 10:43 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe 2009-07-13 18:06 . 2009-07-13 18:06 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.1\itstv.exe 2009-07-13 08:37 . 2009-07-13 08:37 1 ---h--w- c:\windows\bf23567.dat 2009-07-07 07:36 . 2009-07-07 07:36 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe 2009-06-26 20:54 . 2009-06-26 20:54 -------- d---a-w- c:\program files\Furnish Pro 2009-06-25 07:00 . 2009-06-25 07:00 20480 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.9\itstv.exe 2009-06-21 18:51 . 2008-01-30 15:36 90112 ----a-w- c:\windows\unvise32.exe 2009-06-21 18:51 . 2009-06-21 18:51 -------- d-----w- c:\program files\Pixie 2009-06-21 17:47 . 2008-12-09 08:13 368224 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe 2009-06-21 17:47 . 2008-12-09 08:12 499296 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe 2009-06-21 17:47 . 2009-06-21 17:47 698903 ----a-w- c:\documents and settings\Ju Vaness\Application Data\EoRezo\SoftwareUpdate\unins000.exe 2009-06-21 17:47 . 2009-06-21 17:47 -------- d-----w- c:\documents and settings\Ju Vaness\Application Data\EoRezo 2009-06-21 17:47 . 2009-06-21 17:47 -------- d-----w- c:\program files\EoRezo 2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Room Arranger 2009-06-21 15:24 . 2009-06-21 15:24 -------- d-----w- c:\documents and settings\Ju Vaness\Local Settings\Application Data\LogMeIn 2009-06-21 15:24 . 2009-06-21 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2009-06-21 15:23 . 2008-10-16 18:35 28984 ----a-w- c:\windows\system32\LMIport.dll 2009-06-21 15:23 . 2008-10-16 18:35 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2009-06-21 15:23 . 2008-07-24 16:46 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2009-06-21 15:23 . 2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll 2009-06-21 15:23 . 2009-06-21 15:23 -------- d-----w- c:\program files\LogMeIn . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-20 18:21 . 2009-05-10 11:08 753664 ----a-w- c:\documents and settings\All Users\Application Data\beep axis mode free\Manager Corn.exe 2009-05-10 11:08 . 2008-07-22 19:03 274432 ----a-w- c:\documents and settings\Ju Vaness\Application Data\Elsemapi\Poll lies type.exe 2009-05-10 11:07 . 2008-04-25 18:37 291840 ----a-w- c:\documents and settings\Ju Vaness\Application Data\Elsemapi\Glue Ford Audio Skip.exe 2009-05-10 11:07 . 2009-05-10 11:07 749568 ----a-w- c:\documents and settings\Ju Vaness\Application Data\Elsemapi\trinfane.exe 2009-05-10 11:06 . 2008-04-25 18:36 507904 ----a-w- c:\documents and settings\Ju Vaness\Application Data\Elsemapi\NewLoud.exe 2009-06-14 06:53 . 2008-07-22 19:06 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2008-09-02 10:17 . 2008-09-02 10:17 1531337 --sh--w- c:\windows\system32\qyrrbvfo.tmp 2008-09-20 23:22 . 2008-09-20 23:22 1123149 --sh--w- c:\windows\system32\epjqiukv.tmp 2008-12-09 11:08 . 2008-09-09 11:08 63798 --sha-w- c:\windows\system32\ruvekifo.dll 2008-09-11 18:32 . 2008-09-11 18:32 61440 --sha-w- c:\windows\system32\balinoto.dll 2008-09-09 11:08 . 2008-09-09 11:08 63798 --sha-w- c:\windows\system32\notabage.dll.tmp 2008-12-12 12:30 . 2008-12-12 12:30 522 --sh--w- c:\windows\system32\ranutoka.exe 2008-09-11 18:32 . 2008-09-11 18:32 61440 --sha-w- c:\windows\system32\galifure.dll 2008-12-31 08:46 . 2008-12-31 08:46 1081344 --sha-w- c:\windows\system32\tadezote.dll 2008-09-26 14:21 . 2008-09-26 14:21 28672 --sha-w- c:\windows\system32\dedovewu.dll 2008-09-27 19:32 . 2008-09-27 19:32 61605 --sha-w- c:\windows\system32\zomiduvi.dll.tmp 2008-09-27 19:32 . 2008-09-27 19:32 61605 --sha-w- c:\windows\system32\veyoroda.dll.tmp 2008-09-27 19:32 . 2008-09-27 19:32 61605 --sha-w- c:\windows\system32\tomuzipu.dll.tmp 2009-01-02 09:11 . 2009-01-02 09:11 86187 --sha-w- c:\windows\system32\guyewijo.dll 2008-12-31 08:46 . 2008-12-31 08:46 62592 --sha-w- c:\windows\system32\sobipore.dll.tmp 2009-01-07 15:51 . 2009-01-07 15:51 68707 --sha-w- c:\windows\system32\juwozitu.dll.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-10-14 69632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Intra Bind"="c:\docume~1\JUVANE~1\APPLIC~1\Elsemapi\NewLoud.exe" [2009-05-10 507904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-10-08 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-08 33136] "ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440] "RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-01-15 778240] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968] "ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "MODE FREE BIRD SURF"="c:\documents and settings\All Users\Application Data\beep axis mode free\Manager Corn.exe" [2009-07-20 753664] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872] "SoftwareHelper"="c:\documents and settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\LogMeInRemoteUser\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\Ju Vaness\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh05.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuy48.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd58.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diagnostic Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsf8uiw3jnjgffght [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Orange\\Browser\\Browser.exe"= "c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"= "c:\\Program Files\\Fichiers communs\\France Telecom\\Shared Modules\\AlertModule\\0\\AlertModule.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\BIN\\jucheck.exe"= "c:\\Program Files\\Motorola\\SMSERIAL\\SM56HLPR.EXE"= "c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"= "c:\\Program Files\\ATKOSD2\\ATKOSD2.EXE"= "c:\\Program Files\\PowerForPhone\\PowerForPhone.exe"= "c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"= "c:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"= "c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\GUARDGUI.EXE"= "c:\\WINDOWS\\ASScrPro.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:sfx R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/06/2009 17:23 47640] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [18/04/2007 15:42 24576] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ATKHOT~1\ASNDIS5.SYS [08/10/2007 19:18 16269] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [05/06/2007 19:40 1260672] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [08/10/2007 19:59 57024] S0 Winbh05;Winbh05;c:\windows\system32\Drivers\Winbh05.sys --> c:\windows\system32\Drivers\Winbh05.sys [?] S0 Winuy48;Winuy48;c:\windows\system32\Drivers\Winuy48.sys --> c:\windows\system32\Drivers\Winuy48.sys [?] S0 Winxd58;Winxd58;c:\windows\system32\Drivers\Winxd58.sys --> c:\windows\system32\Drivers\Winxd58.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - GETPADD *Deregistered* - GETPADD . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 15:36] 2009-07-20 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-04-25 15:10] 2009-07-20 c:\windows\Tasks\AA4E62B2918A1A06.job - c:\docume~1\juvane~1\applic~1\elsemapi\Poll lies type.exe [2008-07-22 11:08] . - - - - ORPHANS REMOVED - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKLM-Run-BM97347755 - c:\windows\system32\idfqfnqs.dll HKLM-Run-EoDesk3d - (no file) Notify-hgGwXolM - hgGwXolM.dll Notify-vtUlKDuV - vtUlKDuV.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://y.lo.st uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: orange.fr\www DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Ju Vaness\Application Data\Mozilla\Firefox\Profiles\nbzryd5r.default\ FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-20 20:21 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(5692) c:\program files\Orange\Launcher\Inactivity.Dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ATI2EVXX.EXE c:\windows\SYSTEM32\ATI2EVXX.EXE c:\program files\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\windows\SYSTEM32\ACS.EXE c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE c:\program files\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\program files\LOGMEIN\X86\RAMAINT.EXE c:\program files\LOGMEIN\X86\LOGMEIN.EXE c:\program files\LOGMEIN\X86\LMIGUARDIAN.EXE c:\program files\ASUS\NB PROBE\SPM\SPMGR.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\windows\SYSTEM32\ACENGSVR.EXE c:\program files\INTERNET EXPLORER\IEXPLORE.EXE c:\program files\LOGMEIN\X86\LMIGUARDIAN.EXE c:\program files\ORANGE\LAUNCHER\LAUNCHER.EXE c:\program files\ATK Hotkey\ATKOSD.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\INTERNET EXPLORER\IEXPLORE.EXE c:\program files\ATK Hotkey\WDC.exe c:\program files\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\ALERTMODULE\0\ALERTMODULE.EXE c:\program files\Orange\Deskboard\deskboard.exe c:\program files\Orange\connectivity\connectivitymanager.exe c:\program files\Orange\connectivity\CoreCom\CoreCom.exe c:\program files\Orange\connectivity\CoreCom\OraConfigRecover.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe c:\program files\Fichiers communs\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2009-07-20 20:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-20 18:25 Pre-Run: 34 717 466 624 octets libres Post-Run: 34 537 439 232 octets libres 749
  8. merci pour l'info thanos mais j'etais parti en we dsl de ne pas avoir répondu plus vite je m'occupe de ca dès demain soir ! merci encore pour le coup de pouce !
  9. Bonjour, le pc d'amis a été infesté par un virus il y a maintenant quelques semaines et depuis que j'ai effectué la désinfection j'ai des messages d'erreurs qui apparaissent à chaque démarrage des application : "l'application ou la dll de c:\******* n'est pas une image windows valide, vérifiez a l'aide de votre disquette d'installation" j'ai bien sur lu dans ce forum que cela etait du à un virus qui change les fichiers mais ne sachant pas exactement quoi faire je vous appelle a à la rescousse ! j'ai effectué une analyse Hijackthis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:34:33, on 14/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ASScrPro.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\EoRezo\EoEngine.exe C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\windows\ld12.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ASUSTPE.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\csrssc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Orange\Launcher\Launcher.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Orange\Deskboard\deskboard.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: C:\WINDOWS\system32\hsfd83jfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MODE FREE BIRD SURF] C:\Documents and Settings\All Users\Application Data\beep axis mode free\Manager Corn.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe O4 - HKLM\..\Run: [bM97347755] Rundll32.exe "C:\WINDOWS\system32\idfqfnqs.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [intra Bind] C:\DOCUME~1\JUVANE~1\APPLIC~1\Elsemapi\NewLoud.exe O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\csrssc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 User Startup: CCC.lnk = ? (User 'LogMeInRemoteUser') O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208022129250 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: tdcdxh.dll,C:\WINDOWS\system32\zezosivi.dll,C:\WINDOWS\system32\lebevati.dll,C:\WINDOWS\system32\sobipore.dll,C:\WINDOWS\system32\juwozitu.dll,C:\WINDOWS\system32\nopayopa.dll,C:\WINDOWS\system32\veyesera.dll,C:\WINDOWS\system32\zotalobe.dll,C:\WINDOWS\system32\gagujani.dll O20 - Winlogon Notify: hgGwXolM - hgGwXolM.dll (file missing) O20 - Winlogon Notify: vtUlKDuV - vtUlKDuV.dll (file missing) O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hsfd83jfdg.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe -- End of file - 13603 bytes Voila si vous pouvez m'aider ce serai génial merci
  10. oui j'ai essayé, mais toujours rien !
  11. Personne ne voie d'où ca peux venir ?? je pense que malheureusement il va passer par la case formatage/reinstallation ! lol
  12. @fiffi29 la carte reseau ou la cle wifi sont bien activées dans le gestionnaire depérifériques, pas de problesmes de pilotes. @greywolf il n'y pas eu d'infection recemment, j'ai remis les cataloges winsock mais tjrs rien ! :s
  13. je viens juste de vérifier, mais toujours rien :s ! pour information j'ai un autre pc sur lequel la connection par ethernet soit par wifi fonctionne tres bien (la fonctiion routeur de la freebox est bien activé ^^)
×
×
  • Créer...