BilloO

Membres

Afficher le profil Afficher son activité

Compteur de contenus
9
Inscription
le 2 avril 2007
Dernière visite
le 15 avril 2007

BilloO's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

Bon alors ... erreur fatale en pleine réparation. Du coup mon pc n'a pas du tout apprècier, tu penses bien !!! Il reboot sur la fenetre qui me demande si je veux réparer, mais quand je tape "entrée" ou "r" rien ne se passe, la fenetre revient à chaque fois. Si je dois passer par un formatage du disque dur, je ne suis pas contre. Même le mode sans échec ou la dernière bonne configuration connue ne marche pas. Je pense que le formatage serait la seule solution pour régler les problémes d'instabilité du system. dis moi comment faire. à+
- le 11 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

Ca ne marche pas non plus ...
- le 8 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

J'ai tout essayé, usb, ethernet, en 2 eme ordinateur et en 1er, je pige pas ...
- le 7 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

Oui mais le probléme, c'est que depuis je peux plus me connecter avec ce PC à ma livebox ... mon systéme parait instable. Pourtant, c'est un connexion simple en wifi (en clez usb) qui marchait sans probléme.
- le 6 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

J'ai bien supprimé duo.exe Je n'arrive pas à copier le fichier ndis.sys , j'ai tout essayer !!! Voici le dernier log : Logfile of HijackThis v1.99.1 Scan saved at 23:30:27, on 06/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Fast3202] D:\LiveBox.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: www.sgnappo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 6 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

J'ai refait les manips avec LSPFIX. Plus aucun fichier dll n'apparait dans les fenêtres. Je t'ai envoyer sur upload.malekal.com les fichiers demandés sauf c:windows\system32\drivers\ndis.sys, car ce fichier est utilisé par un programme !!! J'ai supprimé les Fichiers que tu m'as demandé. Voici donc le nouveau rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 20:39:25, on 06/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B8912BCA-0BBC-40E1-8200-A44B5F3A5FDC} - C:\Program Files\Messenger\nipy.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O2 - BHO: (no name) - {CDCB3A1B-0B80-4693-9579-29D18FE4606C} - C:\Program Files\Messenger\nipy.dll (file missing) O2 - BHO: 0 - {EE8B30ED-5C09-4BFC-469D-8D5BDE3DE029} - C:\Program Files\MSN Gaming Zone\rybimo147.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Fast3202] D:\LiveBox.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm745YYFR O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: www.sgnappo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 6 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

Sur le PC en question, je n'ai pas pu me connecter sur le site http://virusscan.jotti.org/ , ma connection m'indique iexporer.exe ne fonctionne pas. J'ai continué la procédure mais je n'ai pas pu supprimer C:\WINDOWS\System32\rpcc.exe J'ai bien lancé LSPfix et DiagHelp. Voici le rapport resultat.txt demandé : C:\WINDOWS\System32/drivers\ndis.sys -->27/03/2007 01:18:22 C:\WINDOWS\System32/drivers\core.cache.dsk -->27/03/2007 01:16:57 C:\WINDOWS\System32/drivers\core.sys -->27/03/2007 01:16:56 C:\WINDOWS\System32/drivers\GEARAspiWDM.sys -->19/09/2006 16:44:04 C:\WINDOWS\System32/drivers\AvgAsCln.sys -->05/09/2006 18:03:16 C:\WINDOWS\System32/drivers\secdrv.sys -->17/05/2005 02:32:04 C:\WINDOWS\System32/drivers\ati2erec.dll -->23/02/2005 04:22:48 C:\WINDOWS\System32\vsconfig.xml -->04/04/2007 23:21:14 C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-40021102}.dat -->04/04/2007 23:20:02 C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-40021102}.dat -->04/04/2007 23:20:02 C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-40021102}.rfx -->04/04/2007 23:20:02 C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-40021102}.rfx -->04/04/2007 23:20:02 C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-40021102}.rfx -->04/04/2007 23:20:02 C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-40021102}.rfx -->04/04/2007 23:20:02 C:\WINDOWS\System32\PerfStringBackup.INI -->04/04/2007 04:29:47 C:\WINDOWS\System32\perfh00C.dat -->04/04/2007 04:29:47 C:\WINDOWS\System32\perfh009.dat -->04/04/2007 04:29:47 C:\WINDOWS\System32\perfc00C.dat -->04/04/2007 04:29:47 C:\WINDOWS\System32\perfc009.dat -->04/04/2007 04:29:47 C:\WINDOWS\System32\zllictbl.dat -->04/04/2007 03:56:17 C:\WINDOWS\System32\duo.exe -->02/04/2007 23:12:00 C:\WINDOWS\System32\wpa.dbl -->02/04/2007 23:07:09 C:\WINDOWS\System32\atmtd.dll.tmp -->28/03/2007 00:42:04 C:\WINDOWS\System32\zxdnt3d.cfg -->27/03/2007 02:36:36 C:\WINDOWS\System32\winpfz32.sys -->27/03/2007 01:18:07 C:\WINDOWS\System32\pfxzmtymsg.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\pfxzmtwbmail.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\pfxzmticq.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\pfxzmtgtal.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\pfxzmtforum.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\pfxzmtaim.dll -->27/03/2007 01:17:08 C:\WINDOWS\System32\t4t.ico -->27/03/2007 01:16:59 C:\WINDOWS.log -->04/04/2007 23:21:11 C:\WINDOWS\WindowsUpdate.log -->04/04/2007 23:21:02 C:\WINDOWS\SchedLgU.Txt -->04/04/2007 23:20:46 C:\WINDOWS\bootstat.dat -->04/04/2007 23:20:40 C:\WINDOWS\setupact.log -->04/04/2007 23:19:23 C:\WINDOWS\setupapi.log -->04/04/2007 22:25:32 C:\WINDOWS\ntbtlog.txt -->04/04/2007 03:48:11 C:\WINDOWS\setuperr.log -->04/04/2007 03:45:41 C:\WINDOWS\Sti_Trace.log -->04/04/2007 02:31:27 C:\WINDOWS\win.ini -->28/03/2007 00:25:19 C:\WINDOWS\cs_cache.ini -->27/03/2007 01:20:49 C:\WINDOWS\zllsputility_loc040c.dll -->09/03/2007 00:03:06 C:\WINDOWS\zllsputility.exe -->09/03/2007 00:02:00 C:\WINDOWS\ODBC.INI -->23/02/2007 22:47:48 C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe -->20/02/2007 14:10:33 C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe |13/10/2004 13:57:24 C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |18/04/2005 21:07:21 C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |11/06/2006 04:10:36 C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe |20/02/2007 20:40:07 C:\WINDOWS\Ctregrun.exe |12/10/2004 16:24:36 C:\WINDOWS\ic5.exe |02/02/2007 06:18:10 C:\WINDOWS\IsUn040c.exe |12/10/2004 16:26:08 C:\WINDOWS\IsUninst.exe |12/10/2004 15:33:11 C:\WINDOWS\iun6002.exe |13/10/2004 12:49:50 C:\WINDOWS\LOGI_MWX.EXE |13/10/2004 13:56:33 C:\WINDOWS\MIDIDEF.EXE |20/06/2003 12:13:46 C:\WINDOWS\OfB11_Setup.exe |10/02/2007 13:03:21 C:\WINDOWS\PSCONV.EXE |21/05/2004 05:03:28 C:\WINDOWS\READREG.EXE |21/05/2004 05:03:16 C:\WINDOWS\twunk_16.exe |28/09/2001 14:00:00 C:\WINDOWS\twunk_32.exe |28/09/2001 14:00:00 C:\WINDOWS\uninst.exe |13/10/2004 16:05:03 C:\WINDOWS\UninstWiFi.exe |30/04/2005 15:48:46 C:\WINDOWS\wlancfg.exe |05/04/2005 00:12:34 C:\WINDOWS\zllsputility.exe |04/04/2007 03:55:31 C:\WINDOWS\CTDCRES.DLL |21/05/2004 05:03:54 C:\WINDOWS\DEVREG.DLL |21/05/2004 05:03:46 C:\WINDOWS\icccodes.dll |18/07/2005 20:05:03 C:\WINDOWS\INRES.DLL |12/10/2004 16:27:09 C:\WINDOWS\kpcp32.dll |18/07/2005 20:05:03 C:\WINDOWS\kpsys32.dll |18/07/2005 20:05:03 C:\WINDOWS\pfpick.dll |18/07/2005 20:05:03 C:\WINDOWS\sprof32.dll |18/07/2005 20:05:03 C:\WINDOWS\twain.dll |28/09/2001 14:00:00 C:\WINDOWS\twain_32.dll |28/09/2001 14:00:00 C:\WINDOWS\zllsputility_loc040c.dll |04/04/2007 03:55:35 C:\WINDOWS\system32\append.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\ati2evxx.exe |05/04/2005 22:17:30 C:\WINDOWS\system32\Ati2mdxx.exe |05/04/2005 22:17:30 C:\WINDOWS\system32\ati2sgag.exe |05/04/2005 21:43:19 C:\WINDOWS\system32\CTHELPER.EXE |21/05/2004 05:01:38 C:\WINDOWS\system32\debug.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\DivXsm.exe |24/05/2005 23:32:44 C:\WINDOWS\system32\dosx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\duo.exe |02/04/2007 23:11:58 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34 C:\WINDOWS\system32\edlin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\ENSDEF.EXE |11/10/2002 06:17:08 C:\WINDOWS\system32\exe2bin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\IWUninstall.exe |13/10/2004 13:00:42 C:\WINDOWS\system32\KILLAPPS.EXE |14/03/2003 03:33:40 C:\WINDOWS\system32\mem.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\NeroCheck.exe |12/10/2004 18:32:49 C:\WINDOWS\system32\nlsfunc.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\nw16.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\PSDrvCheck.exe |10/11/2003 16:06:08 C:\WINDOWS\system32\redir.exe |12/10/2004 15:49:25 C:\WINDOWS\system32\REGPLIB.EXE |28/06/2001 05:05:52 C:\WINDOWS\system32\setver.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\share.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\vwipxspx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\a3d.dll |12/10/2004 17:35:39 C:\WINDOWS\system32\AC3API.DLL |21/05/2004 04:59:48 C:\WINDOWS\system32\AegisE5.dll |30/04/2005 15:48:54 C:\WINDOWS\system32\amstream.dll |15/05/2005 23:19:03 C:\WINDOWS\system32\asapi.dll |13/10/2004 13:00:42 C:\WINDOWS\system32\ati2cqag.dll |05/04/2005 22:17:29 C:\WINDOWS\system32\ati2dvaa.dll |12/10/2004 15:50:17 C:\WINDOWS\system32\ati2dvag.dll |05/04/2005 22:17:29 C:\WINDOWS\system32\ati2edxx.dll |05/04/2005 22:17:31 C:\WINDOWS\system32\ati2evxx.dll |05/04/2005 22:17:31 C:\WINDOWS\system32\ati3d1ag.dll |02/12/2003 15:44:14 C:\WINDOWS\system32\ati3d2ag.dll |02/12/2003 15:48:08 C:\WINDOWS\system32\ati3duag.dll |05/04/2005 22:17:30 C:\WINDOWS\system32\ATIDDC.DLL |05/04/2005 22:17:30 C:\WINDOWS\system32\ATIDEMGR.dll |05/04/2005 22:17:31 C:\WINDOWS\system32\atiiiexx.dll |05/04/2005 21:43:16 C:\WINDOWS\system32\atikvmag.dll |23/02/2005 04:23:15 C:\WINDOWS\system32\atioglxx.dll |05/04/2005 21:43:15 C:\WINDOWS\system32\atipdlxx.dll |05/04/2005 21:43:15 C:\WINDOWS\system32\atitvo32.dll |05/04/2005 21:43:15 C:\WINDOWS\system32\ativcoxx.dll |09/11/2001 05:01:04 C:\WINDOWS\system32\ativvaxx.dll |05/04/2005 22:17:30 C:\WINDOWS\system32\atmfd.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\atmlib.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\Aviprax.dll |27/02/2002 17:27:04 C:\WINDOWS\system32\Cachex.dll |02/08/2002 18:34:04 C:\WINDOWS\system32\commonfx.dll |12/10/2004 17:35:39 C:\WINDOWS\system32\COMNCTR.DLL |13/10/2004 13:56:35 C:\WINDOWS\system32\compatui.dll |12/10/2004 15:49:48 C:\WINDOWS\system32\CTAGENT.DLL |21/05/2004 05:01:56 C:\WINDOWS\system32\CTASIO.DLL |12/10/2004 17:35:40 C:\WINDOWS\system32\ctaudfx.dll |12/10/2004 17:35:40 C:\WINDOWS\system32\ctcoinst.dll |12/10/2004 17:35:48 C:\WINDOWS\system32\CTDC0000.DLL |21/05/2004 05:01:02 C:\WINDOWS\system32\CTDC0001.DLL |21/05/2004 05:00:42 C:\WINDOWS\system32\CTDCIFCE.DLL |21/05/2004 05:01:16 C:\WINDOWS\system32\CTDPROXY.DLL |21/05/2004 04:42:26 C:\WINDOWS\system32\ctdvinst.dll |12/10/2004 17:35:48 C:\WINDOWS\system32\CTEAPSFX.DLL |12/10/2004 17:35:41 C:\WINDOWS\system32\CTEDASIO.DLL |21/05/2004 04:50:06 C:\WINDOWS\system32\CTEDSPFX.DLL |12/10/2004 17:35:42 C:\WINDOWS\system32\CTEDSPIO.DLL |12/10/2004 17:35:42 C:\WINDOWS\system32\CTEDSPSY.DLL |12/10/2004 17:35:42 C:\WINDOWS\system32\CTEMUPIA.DLL |21/05/2004 04:41:06 C:\WINDOWS\system32\CTMMEP.DLL |21/05/2004 05:01:54 C:\WINDOWS\system32\CTOSUSER.DLL |21/05/2004 04:42:34 C:\WINDOWS\system32\ctsblfx.dll |12/10/2004 17:35:43 C:\WINDOWS\system32\CTSCAL.DLL |21/05/2004 05:01:24 C:\WINDOWS\system32\CTSPKHLP.DLL |21/05/2004 05:03:08 C:\WINDOWS\system32\CTTHXCAL.DLL |21/05/2004 05:01:30 C:\WINDOWS\system32\Decdnet.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\dgrpsetu.dll |12/10/2004 16:07:22 C:\WINDOWS\system32\dgsetup.dll |12/10/2004 16:07:22 C:\WINDOWS\system32\DiskIO.dll |02/08/2002 18:34:04 C:\WINDOWS\system32\DivX.dll |09/06/2005 22:32:26 C:\WINDOWS\system32\divxdec_0407.dll |27/10/2004 00:38:18 C:\WINDOWS\system32\divxdec_040c.dll |27/10/2004 00:38:18 C:\WINDOWS\system32\divxdec_0411.dll |27/10/2004 00:38:18 C:\WINDOWS\system32\divx_xx07.dll |05/05/2005 03:12:47 C:\WINDOWS\system32\divx_xx0c.dll |05/05/2005 03:12:47 C:\WINDOWS\system32\divx_xx11.dll |05/05/2005 03:12:48 C:\WINDOWS\system32\dpl100.dll |28/04/2005 06:22:35 C:\WINDOWS\system32\dpu10.dll |27/10/2004 00:39:03 C:\WINDOWS\system32\dpu11.dll |28/04/2005 06:22:35 C:\WINDOWS\system32\dpuGUI10.dll |27/10/2004 00:39:03 C:\WINDOWS\system32\dpuGUI11.dll |28/04/2005 06:22:35 C:\WINDOWS\system32\dpus10.dll |27/10/2004 00:39:03 C:\WINDOWS\system32\dpus11.dll |28/04/2005 06:22:36 C:\WINDOWS\system32\dpv10.dll |27/10/2004 00:39:04 C:\WINDOWS\system32\dpv11.dll |28/04/2005 06:22:36 C:\WINDOWS\system32\dtu100.dll |18/05/2005 23:40:20 C:\WINDOWS\system32\EAXAC3.DLL |11/07/2001 04:51:00 C:\WINDOWS\system32\Encdnet.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\EqnClass.Dll |12/10/2004 16:07:21 C:\WINDOWS\system32\FEELIT.DLL |13/10/2004 13:56:35 C:\WINDOWS\system32\GEARAspi.dll |03/10/2006 20:47:52 C:\WINDOWS\system32\hpzcoi05.dll |16/07/2006 14:47:02 C:\WINDOWS\system32\hpzcon05.dll |16/07/2006 14:47:02 C:\WINDOWS\system32\hpzsnt05.dll |21/06/2002 12:19:56 C:\WINDOWS\system32\hticons.dll |12/10/2004 15:19:55 C:\WINDOWS\system32\hypertrm.dll |12/10/2004 15:19:55 C:\WINDOWS\system32\iccvid.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ifc21.dll |13/10/2004 13:56:35 C:\WINDOWS\system32\imagr5.dll |12/10/2004 18:32:49 C:\WINDOWS\system32\imagx5.dll |12/10/2004 18:32:49 C:\WINDOWS\system32\ImagXpr5.dll |12/10/2004 18:32:49 C:\WINDOWS\system32\imsinstall_loc040c.dll |04/04/2007 03:55:35 C:\WINDOWS\system32\imslsp_install_loc040c.dll |04/04/2007 03:55:35 C:\WINDOWS\system32\ir32_32.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ir41_qc.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ir41_qcx.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ir50_32.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ir50_qc.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ir50_qcx.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\isrdbg32.dll |12/10/2004 15:21:24 C:\WINDOWS\system32\jgaw400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\jgdw400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\jgmd400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\jgpl400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\jgsd400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\jgsh400.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\langserv.dll |23/04/2002 18:02:24 C:\WINDOWS\system32\LCoInst.Dll |13/10/2004 13:56:33 C:\WINDOWS\system32\LGUICOM.DLL |13/10/2004 13:56:35 C:\WINDOWS\system32\libeay32.dll |28/04/2005 06:22:34 C:\WINDOWS\system32\libeay32_0.9.6l.dll |04/04/2007 03:55:27 C:\WINDOWS\system32\libmmd.dll |13/10/2004 12:48:45 C:\WINDOWS\system32\lmoufrc.dll |13/10/2004 13:56:33 C:\WINDOWS\system32\LMOUSE16.DLL |13/10/2004 13:56:35 C:\WINDOWS\system32\LMOUSE32.DLL |13/10/2004 13:56:35 C:\WINDOWS\system32\Ltr13n.dll |01/04/2003 16:34:44 C:\WINDOWS\system32\Ltrio13n.dll |01/04/2003 16:40:24 C:\WINDOWS\system32\MA32.DLL |27/02/2002 17:28:14 C:\WINDOWS\system32\MACD32.DLL |27/02/2002 17:28:14 C:\WINDOWS\system32\MAMC32.DLL |27/02/2002 17:28:14 C:\WINDOWS\system32\MASD32.DLL |27/02/2002 17:28:16 C:\WINDOWS\system32\MASE32.DLL |27/02/2002 17:28:16 C:\WINDOWS\system32\mcdvd_32.dll |21/05/2003 23:50:36 C:\WINDOWS\system32\mciqtz32.dll |15/05/2005 23:19:04 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 19:47:06 C:\WINDOWS\system32\miroDV2Bmp.dll |27/02/2002 17:27:24 C:\WINDOWS\system32\MLPagAx.dll |02/08/2002 18:34:04 C:\WINDOWS\system32\MMAviAx.dll |02/08/2002 18:34:04 C:\WINDOWS\system32\msdmo.dll |23/04/2005 14:55:49 C:\WINDOWS\system32\msencode.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\MSVCRT10.DLL |18/07/2005 20:04:56 C:\WINDOWS\system32\nsp.dll |07/09/2000 16:04:12 C:\WINDOWS\system32\nspa6.dll |07/09/2000 16:06:06 C:\WINDOWS\system32\nspm5.dll |07/09/2000 16:06:02 C:\WINDOWS\system32\nspm6.dll |07/09/2000 16:06:00 C:\WINDOWS\system32\nspp6.dll |07/09/2000 16:06:02 C:\WINDOWS\system32\nsppx.dll |07/09/2000 16:05:58 C:\WINDOWS\system32\nspw7.dll |07/09/2000 16:06:20 C:\WINDOWS\system32\nv4_disp.dll |29/08/2002 12:05:14 C:\WINDOWS\system32\Oemdspif.dll |05/04/2005 21:43:15 C:\WINDOWS\system32\OPENAL32.DLL |12/10/2004 17:35:45 C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16 C:\WINDOWS\system32\pcdlib32.dll |18/07/2005 20:05:03 C:\WINDOWS\system32\pfxzmtaim.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\pfxzmtforum.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\pfxzmtgtal.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\pfxzmticq.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\pfxzmtwbmail.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\pfxzmtymsg.dll |27/03/2007 01:17:08 C:\WINDOWS\system32\PIAPROXY.DLL |21/05/2004 04:43:08 C:\WINDOWS\system32\picn20.dll |12/10/2004 18:32:49 C:\WINDOWS\system32\Pnc3250.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\pncrt.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\pndx5016.dll |24/04/2006 11:54:13 C:\WINDOWS\system32\pndx5032.dll |24/04/2006 11:54:13 C:\WINDOWS\system32\Pneng50.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\pngu3263.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\PSIKey.dll |27/10/2004 00:38:24 C:\WINDOWS\system32\psisdecd.dll |15/05/2005 23:19:21 C:\WINDOWS\system32\qedwipes.dll |15/05/2005 23:19:06 C:\WINDOWS\system32\qt-dx331.dll |28/04/2005 06:22:38 C:\WINDOWS\system32\qt-mt331.dll |27/10/2004 00:39:05 C:\WINDOWS\system32\Ra3214_4.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\Ra3228_8.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\Ra32dnet.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\Ra32sipr.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\RALMain.dll |02/08/2002 18:34:06 C:\WINDOWS\system32\ReWire.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\Rmbe3260.dll |12/10/2004 18:41:18 C:\WINDOWS\system32\rmoc3260.dll |24/04/2006 11:54:18 C:\WINDOWS\system32\sbe.dll |12/10/2004 15:50:16 C:\WINDOWS\system32\scriptpw.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\sfman32.dll |28/04/2005 04:25:08 C:\WINDOWS\system32\SFMS32.DLL |21/05/2004 04:43:32 C:\WINDOWS\system32\slbcsp.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\slbiop.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\slbrccsp.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\spxcoins.dll |12/10/2004 16:07:21 C:\WINDOWS\system32\ssleay32.dll |28/04/2005 06:22:34 C:\WINDOWS\system32\stu.dll |13/10/2004 12:52:18 C:\WINDOWS\system32\synsoacc.dll |12/10/2004 18:41:23 C:\WINDOWS\system32\tsd32.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\UDFLib.dll |26/07/2004 12:54:42 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\vdrcodec.dll |27/02/2002 17:28:16 C:\WINDOWS\system32\vdrmux.dll |27/02/2002 17:28:16 C:\WINDOWS\system32\vobhw.dll |29/07/2004 14:53:52 C:\WINDOWS\system32\vsdata.dll |04/04/2007 03:54:10 C:\WINDOWS\system32\vsinit.dll |04/04/2007 03:54:10 C:\WINDOWS\system32\vsmonapi.dll |04/04/2007 03:55:23 C:\WINDOWS\system32\vspubapi.dll |04/04/2007 03:55:23 C:\WINDOWS\system32\vsregexp.dll |04/04/2007 03:55:27 C:\WINDOWS\system32\vsutil.dll |04/04/2007 03:54:10 C:\WINDOWS\system32\vsutil_loc040c.dll |04/04/2007 03:55:35 C:\WINDOWS\system32\vswmi.dll |04/04/2007 03:55:23 C:\WINDOWS\system32\vsxml.dll |04/04/2007 03:55:23 C:\WINDOWS\system32\w32n50.dll |05/04/2005 00:09:37 C:\WINDOWS\system32\win87em.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\WLANUTL.dll |30/04/2005 15:48:54 C:\WINDOWS\system32\WNASPI32.DLL |23/04/2005 14:49:55 C:\WINDOWS\system32\xmlparse.dll |15/05/2005 23:19:39 C:\WINDOWS\system32\xmltok.dll |15/05/2005 23:19:39 C:\WINDOWS\system32\xvid.dll |22/03/2003 17:20:18 C:\WINDOWS\system32\xvidcore.dll |03/07/2004 20:59:06 C:\WINDOWS\system32\xvidvfw.dll |03/07/2004 21:08:04 C:\WINDOWS\system32\zlcomm.dll |04/04/2007 03:55:26 C:\WINDOWS\system32\zlcommdb.dll |04/04/2007 03:55:26 C:\WINDOWS\system32\zpeng24.dll |04/04/2007 03:55:23 Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\WINDOWS\system32 28/09/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 18 092 777 472 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\WINDOWS\Downloaded Program Files 27/03/2007 02:11 <REP> . 27/03/2007 02:11 <REP> .. 19/01/2006 13:51 773 avsniff.inf 02/02/2006 02:00 2 390 catalog.dat 12/10/2004 15:22 65 desktop.ini 02/02/2006 02:00 6 899 ecbootil.vxd 02/02/2006 02:00 288 376 ecmsvr32.dll 14/07/2005 17:28 365 f3initialsetup1.0.0.15.inf 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 13/07/2004 11:41 227 MsnMessengerSetupDownloader.inf 05/11/2004 15:58 119 496 MsnMessengerSetupDownloader.ocx 02/02/2006 02:00 124 584 naveng32.dll 02/02/2006 02:00 788 136 navex32a.dll 02/02/2006 02:00 97 072 scrauth.dat 08/12/2003 13:58 3 759 swflash.inf 02/02/2006 02:00 14 symaveng.cat 02/02/2006 02:00 901 symaveng.inf 02/02/2006 02:00 41 752 tcdefs.dat 02/02/2006 02:00 908 114 tcscan7.dat 02/02/2006 02:00 253 538 tcscan8.dat 02/02/2006 02:00 499 782 tcscan9.dat 02/02/2006 02:00 453 tinf.dat 02/02/2006 02:00 148 tinfidx.dat 02/02/2006 02:00 1 957 tinfl.dat 02/02/2006 02:00 47 673 tscan1.dat 02/02/2006 02:00 1 237 tscan1hd.dat 02/02/2006 02:00 5 516 v.grd 02/02/2006 02:00 2 242 v.sig 02/02/2006 02:00 106 244 virscan.inf 02/02/2006 02:00 942 790 virscan1.dat 02/02/2006 02:00 560 980 virscan2.dat 02/02/2006 02:00 145 352 virscan3.dat 02/02/2006 02:00 320 086 virscan4.dat 02/02/2006 02:00 2 020 005 virscan5.dat 02/02/2006 02:00 386 844 virscan6.dat 02/02/2006 02:00 3 102 078 virscan7.dat 02/02/2006 02:00 1 479 438 virscan8.dat 02/02/2006 02:00 3 037 912 virscan9.dat 02/02/2006 02:00 32 virscant.dat 30/06/2003 22:41 1 689 WMV9VCM.inf 02/02/2006 02:00 224 zdone.dat 39 fichier(s) 15 300 305 octets Total des fichiers listés : 39 fichier(s) 15 300 305 octets 2 Rép(s) 18 092 777 472 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Photoshop 5.5 Ahead Nero Burning ROM AKAI professional VST Collection v1.0 Apple Software Update Archiveur WinRAR ASAPI Update ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver AutoUpdate AVG Anti-Spyware 7.5 AVS Video Converter 3.4.6.187 Barre d'outils MSN City of Villains/City of Heroes (désinstallation uniquement) Correctif Windows XP - KB823559 Correctif Windows XP - KB842773 Correctif Windows XP - KB905915 Correctif Windows XP (SP2) Q329170 Correctif Windows XP (SP2) Q810565 Correctif Windows XP (SP2) Q810577 Correctif Windows XP (SP2) Q810833 Correctif Windows XP (SP2) Q814033 Correctif Windows XP (SP2) Q817606 dBpowerAMP Music Converter DeluxeCommunications DivX DivX Converter DivX Converter DivX Player E-MU Audio Drivers E-MU PatchMix DSP Emagic EVP73 VSTi v1.0 Enhanced Ads by Think-Adz removal ffdshow (remove only) Google Toolbar for Internet Explorer HijackThis 1.99.1 hp deskjet 3420 series hp deskjet 3420 series (Supprimer uniquement) IK Multimedia Amplitube v1.3 ImageMixer With VCD IsoBuster 1.7 iTunes Lecteur Windows Media 10 Livebox LiveReg (Symantec Corporation) logiciel Décoration imprimante hp Logiciel iTouch de Logitech Logitech Desktop Messenger Logitech MouseWare 9.79 Macromedia Shockwave Player Microsoft Office 2000 Small Business MicroStaff WINASPI Mirar Mise à jour pour Windows XP (KB898461) Native Instruments B4 Tone Wheels Bundle v1.11 Native Instruments B4 v1.11 Native Instruments FM7 Native Instruments Guitar Rig v1.1.1 Norton AntiSpam Norton AntiSpam Norton Internet Security Professional Norton Internet Security Professional Outlook Express Q823353 Pinnacle InstantCD/DVD Suite PowerDVD PSP VintageWarmer v1.5d QuickTime QuickTime Alternative 1.44 RealPlayer Reason Reverb.it 1.2 Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g Service Pack 1 pour Windows XP Steinberg Cubase SX v2.2.0.35 Steinberg WaveLab 5.00a Timeworks Millenium Pack Warp VST V1.0 Waves Diamond Bundle v5.0 WebFldrs XP Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime XviD Video Codec 22032003-1 (Koepi's developer build) ZoneAlarm Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\Program Files 04/04/2007 23:25 <REP> . 04/04/2007 23:25 <REP> .. 18/07/2005 20:04 <REP> Adobe 12/10/2004 18:32 <REP> Ahead 27/03/2007 19:30 14 413 968 antivir_workstation_win7u_en_h.exe 18/03/2007 00:04 <REP> Apple Software Update 05/04/2005 21:43 <REP> ATI Technologies 27/03/2007 16:49 6 469 352 avgas-setup-7.5.0.50.exe 08/05/2005 15:56 <REP> AVSMedia 27/03/2007 16:56 2 685 104 ccsetup138.exe 24/05/2005 02:07 <REP> City Interactive 26/03/2007 23:52 <REP> City of Heroes 12/09/2006 01:06 <REP> CoHTest 12/10/2004 15:20 <REP> ComPlus Applications 12/10/2004 16:24 <REP> Creative 12/10/2004 16:28 <REP> Creative Professional 21/05/2005 19:43 <REP> CyberLink 12/10/2004 19:29 <REP> Digidesign 18/09/2005 18:17 <REP> DivX 19/09/2005 01:10 <REP> ffdshow 29/03/2007 01:57 <REP> Fichiers communs 18/02/2007 15:46 <REP> Google 28/03/2007 03:15 <REP> Grisoft 16/07/2006 14:45 <REP> Hewlett-Packard 04/04/2007 23:12 <REP> HijackThis 27/03/2007 16:46 505 382 HijackThis.exe 16/07/2006 14:47 <REP> hp deskjet 3420 series 12/10/2004 19:29 <REP> IK Multimedia 23/04/2005 15:08 <REP> Illustrate 04/02/2006 21:55 <REP> Internet Explorer 05/04/2005 00:12 <REP> Inventel 18/03/2007 00:18 <REP> iPod 18/03/2007 00:18 <REP> iTunes 13/11/2006 02:18 36 808 256 iTunesSetup.exe 10/05/2006 01:26 1 052 519 keybinder_0-9-7.zip 18/05/2005 04:48 <REP> Konvertor 16/04/2005 15:07 <REP> Lavasoft 27/03/2007 01:22 <REP> Livre Album Fuji Photo 13/10/2004 14:01 <REP> Logitech 07/04/2005 19:21 <REP> Media Player Classic 04/04/2007 23:03 <REP> Messenger 23/02/2007 22:45 <REP> microsoft frontpage 23/02/2007 22:46 <REP> Microsoft Office 12/10/2004 15:50 <REP> Movie Maker 12/10/2004 15:20 <REP> MSN 05/04/2005 21:17 <REP> MSN Apps 04/04/2007 23:03 <REP> MSN Gaming Zone 27/03/2007 02:36 <REP> MSN Messenger 13/10/2004 13:56 <REP> MUSICMATCH 13/10/2004 12:40 <REP> Native Instruments 12/10/2004 15:50 <REP> NetMeeting 16/05/2005 01:15 <REP> Nexus - The Jupiter Incident - Multiplayer Demo 18/05/2005 04:40 <REP> Nexus - The Jupiter Incident - Singleplayer Demo 27/03/2007 01:17 <REP> Ofb11 04/02/2006 21:55 <REP> Outlook Express 10/05/2006 01:07 225 280 Patch_Window_A_0_14.exe 21/05/2005 19:22 <REP> Pinnacle 23/04/2005 14:46 <REP> PIXELA 13/10/2004 13:12 <REP> Propellerhead 13/10/2004 12:48 <REP> PSP VintageWarmer 18/03/2007 00:11 <REP> QuickTime Alternative 24/04/2006 11:54 <REP> Real 03/02/2007 19:16 <REP> RegCleaner 30/04/2005 15:48 <REP> SAGEM 30/04/2005 15:48 <REP> SAGEM Wi-Fi USB 802.11g 12/10/2004 15:20 <REP> Services en ligne 13/10/2004 12:59 <REP> Steinberg 21/05/2005 19:53 <REP> Ubisoft 13/10/2004 13:00 <REP> VOB 13/10/2004 12:49 <REP> VstPlugins 13/10/2004 12:56 <REP> Waves 19/09/2005 05:00 <REP> winamp-0.96 05/06/2005 10:45 <REP> Windows Media Player 12/10/2004 15:20 <REP> Windows NT 12/10/2004 18:37 <REP> WinRAR 12/10/2004 15:23 <REP> xerox 19/09/2005 01:10 <REP> XviD 04/04/2007 03:44 <REP> Z stockage Programmes 02/04/2007 22:49 41 653 912 zlsSetup_70_337_000_fr.exe 04/04/2007 03:55 <REP> Zone Labs 8 fichier(s) 103 813 773 octets 72 Rép(s) 18 091 622 400 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\Program Files\fichiers communs 29/03/2007 01:57 <REP> . 29/03/2007 01:57 <REP> .. 18/07/2005 20:04 <REP> Adobe 12/10/2004 18:32 <REP> Ahead 23/02/2007 22:46 <REP> Designer 21/05/2005 19:25 <REP> Fellowes 16/09/2005 02:57 <REP> InstallShield 13/10/2004 13:56 <REP> Logitech 23/02/2007 22:46 <REP> Microsoft Shared 12/10/2004 15:21 <REP> MSSoap 12/10/2004 16:07 <REP> ODBC 24/04/2006 11:54 <REP> Real 12/10/2004 15:21 <REP> Services 12/10/2004 16:07 <REP> SpeechEngines 03/11/2006 23:10 <REP> Symantec Shared 23/02/2007 22:46 <REP> System 24/04/2006 11:54 <REP> xing shared 28/03/2007 02:17 <REP> {38971CD7-071E-1036-0902-040310310021} 04/04/2007 23:03 <REP> {78971CD7-071D-1036-0902-040310310021} 04/04/2007 23:03 <REP> {78971CD7-071E-1036-0902-040310310021} 04/04/2007 23:03 <REP> {78971CD7-071F-1036-0902-040310310021} 0 fichier(s) 0 octets 21 Rép(s) 18 091 622 400 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 12/10/2004 15:28 <REP> . 12/10/2004 15:28 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 18/03/1999 06:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 18 091 622 400 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 18 091 622 400 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 7897-1CD7 Répertoire de C:\ 04/04/2007 23:23 91 648 cp1041.nls 1 fichier(s) 91 648 octets 0 Rép(s) 18 091 622 400 octets libres c:\Documents and Settings\Administrateur\Mes documents\Divers\BIND COH\keybinder.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\Fixwareout.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\KillBox.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\clean\pskill.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\Process.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 1\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\LSPFix.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Mes documents\ZEBULON\ETAPE 2\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe c:\Documents and Settings\NetworkService\Local Settings\Temp\Ofb11.exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\575IN3ZX\cfg32[1].exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll Liste des drivers... < Service Pack 1 4 4 2007 23:45:17.500 < Pilote charg' \WINDOWS\system32\ntoskrnl.exe < Pilote charg' \WINDOWS\system32\hal.dll < Pilote charg' \WINDOWS\system32\KDCOM.DLL < Pilote charg' \WINDOWS\system32\BOOTVID.dll < Pilote charg' ACPI.sys < Pilote charg' \WINDOWS\System32\DRIVERS\WMILIB.SYS < Pilote charg' pci.sys < Pilote charg' isapnp.sys < Pilote charg' viaidexp.sys < Pilote charg' \WINDOWS\System32\DRIVERS\PCIIDEX.SYS < Pilote charg' MountMgr.sys < Pilote charg' ftdisk.sys < Pilote charg' dmload.sys < Pilote charg' dmio.sys < Pilote charg' PartMgr.sys < Pilote charg' VolSnap.sys < Pilote charg' atapi.sys < Pilote charg' vobid.sys < Pilote charg' \WINDOWS\System32\DRIVERS\SCSIPORT.SYS < Pilote charg' disk.sys < Pilote charg' \WINDOWS\System32\DRIVERS\CLASSPNP.SYS < Pilote charg' sr.sys < Pilote charg' KSecDD.sys < Pilote charg' Ntfs.sys < Pilote charg' NDIS.sys < Pilote charg' viaagp1.sys < Pilote charg' srescan.sys < Pilote charg' Mup.sys < Pilote charg' \SystemRoot\System32\DRIVERS\processr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ati2mtag.sys < Pilote charg' \SystemRoot\system32\drivers\ctoss2k.sys < Pilote charg' \SystemRoot\System32\drivers\ctprxy2k.sys < Pilote charg' \SystemRoot\system32\drivers\ctaud2k.sys < Pilote charg' \SystemRoot\System32\DRIVERS\usbuhci.sys < Pilote charg' \SystemRoot\System32\DRIVERS\usbehci.sys < Pilote charg' \SystemRoot\System32\DRIVERS\fdc.sys < Pilote charg' \SystemRoot\System32\DRIVERS\parport.sys < Pilote charg' \SystemRoot\System32\DRIVERS\serial.sys < Pilote charg' \SystemRoot\System32\DRIVERS\serenum.sys < Pilote charg' \SystemRoot\System32\DRIVERS\i8042prt.sys < Pilote charg' \SystemRoot\System32\DRIVERS\itchfltr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\kbdclass.sys < Pilote charg' \SystemRoot\System32\DRIVERS\L8042pr2.Sys < Pilote charg' \SystemRoot\System32\DRIVERS\LMouFlt2.Sys < Pilote charg' \SystemRoot\System32\DRIVERS\mouclass.sys < Pilote charg' \SystemRoot\System32\DRIVERS\gameenum.sys < Pilote charg' \SystemRoot\System32\DRIVERS\imapi.sys < Pilote charg' \SystemRoot\System32\Drivers\ASAPIW2K.sys < Pilote charg' \SystemRoot\System32\DRIVERS\cdrom.sys < Pilote charg' \SystemRoot\System32\DRIVERS\redbook.sys < Pilote charg' \SystemRoot\System32\Drivers\Fastfat.SYS < Pilote charg' \SystemRoot\System32\Drivers\Cdfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Udfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Cdrdrv.sys < Pilote charg' \SystemRoot\System32\Drivers\GEARAspiWDM.sys < Pilote charg' \SystemRoot\System32\DRIVERS\fetnd5b.sys < Pilote charg' \SystemRoot\System32\DRIVERS\audstub.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rasl2tp.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndistapi.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndiswan.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspppoe.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspptp.sys < Pilote charg' \SystemRoot\System32\DRIVERS\msgpc.sys < Pilote charg' \SystemRoot\System32\DRIVERS\psched.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ptilink.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspti.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rdpdr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\termdd.sys < Pilote charg' \SystemRoot\System32\DRIVERS\swenum.sys < Pilote charg' \SystemRoot\System32\DRIVERS\update.sys < Pilote charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Pilote charg' \SystemRoot\System32\drivers\ha10kx2k.sys < Pilote charg' \SystemRoot\System32\drivers\emupia2k.sys < Pilote charg' \SystemRoot\System32\drivers\ctsfm2k.sys < Pilote charg' \SystemRoot\System32\drivers\ctac32k.sys < Pilote charg' \SystemRoot\System32\DRIVERS\usbhub.sys < Pilote charg' \SystemRoot\System32\DRIVERS\flpydisk.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\lbrtfdc.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Sfloppy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\i2omgmt.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Changer.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Cdaudio.SYS < Pilote charg' \SystemRoot\System32\Drivers\Fs_Rec.SYS < Pilote charg' \SystemRoot\System32\Drivers\Null.SYS < Pilote charg' \SystemRoot\System32\Drivers\Beep.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\AvgAsCln.sys < Pilote charg' \SystemRoot\System32\drivers\vga.sys < Pilote charg' \SystemRoot\System32\Drivers\mnmdd.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\RDPCDD.sys < Pilote charg' \SystemRoot\System32\Drivers\Msfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Npfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\vobiw.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\rasacd.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ipsec.sys < Pilote charg' \SystemRoot\System32\DRIVERS\tcpip.sys < Pilote charg' \SystemRoot\System32\DRIVERS\netbt.sys < Pilote charg' \SystemRoot\System32\DRIVERS\wanarp.sys < Pilote charg' \SystemRoot\System32\vsdatant.sys < Pilote charg' \SystemRoot\System32\DRIVERS\netbios.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\PCIDump.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\rdbss.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mrxsmb.sys < Pilote charg' \SystemRoot\System32\Drivers\Fips.SYS < Pilote charg' \SystemRoot\system32\drivers\core.sys < Pilote charg' \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mdc8021x.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndisuio.sys < Pilote charg' \SystemRoot\System32\drivers\afd.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Fastfat.SYS Nouveau rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 23:12:06, on 04/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B8912BCA-0BBC-40E1-8200-A44B5F3A5FDC} - C:\Program Files\Messenger\nipy.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O2 - BHO: (no name) - {CDCB3A1B-0B80-4693-9579-29D18FE4606C} - C:\Program Files\Messenger\nipy.dll (file missing) O2 - BHO: 0 - {EE8B30ED-5C09-4BFC-469D-8D5BDE3DE029} - C:\Program Files\MSN Gaming Zone\rybimo147.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm745YYFR O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing O15 - Trusted Zone: www.sgnappo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 4 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a répondu à un(e) sujet de BilloO dans Analyses et éradication malwares

Bonjour Malekal, J'ai suivi scrupuleusement tes indications et je n'ai rencontré aucun probléme ) Voici donc les rapports : RAPPORT CLEAN Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Option 2, executee le 04/04/2007 a 3:45:12,70 Microsoft Windows XP [version 5.1.2600] *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ tentative de suppression de C:\WINDOWS\pp.exe *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\dlh9jkd?q?.exe tentative de suppression de C:\WINDOWS\system32\dd.exe tentative de suppression de C:\WINDOWS\system32\kr_done1 tentative de suppression de C:\WINDOWS\system32\lnwin.exe tentative de suppression de C:\WINDOWS\system32\ma.exe.exe tentative de suppression de C:\WINDOWS\system32\pp.exe.exe tentative de suppression de C:\WINDOWS\system32\qvx?game??.exe tentative de suppression de C:\WINDOWS\system32\rlvknlg.exe tentative de suppression de C:\WINDOWS\system32\rpcc.exe tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe tentative de suppression de C:\WINDOWS\system32\svchosts.exe tentative de suppression de C:\WINDOWS\system32\unsvchosts.exe tentative de suppression de C:\WINDOWS\system32\winsub.xml tentative de suppression de C:\WINDOWS\system32\vx.tll tentative de suppression de C:\WINDOWS\system32\zlbw.dll tentative de suppression de "C:\Program Files\bho plugin" tentative de suppression de "C:\Program Files\funwebproducts\" tentative de suppression de "C:\Program Files\InetGet2\" tentative de suppression de "C:\Program Files\Ipwindows\" tentative de suppression de "C:\Program Files\MyWebSearch\" tentative de suppression de "C:\Program Files\Network Monitor\" *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! RAPPORT SDFIX SDFix: Version 1.76 Run by Administrateur - 04/04/2007 - 3:48:03,43 Microsoft Windows XP [version 5.1.2600] Running From: C:\Documents and Settings\Administrateur\Bureau\SDFix Safe Mode: Checking Services: Name: Client IP-IPX TCP and UDP Supp0rt wincom32 ImagePath: "C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000271 C:\WINDOWS\System32\tccpip.exe /winnt \??\C:\WINDOWS\System32\wincom32.sys Client IP-IPX Deleted TCP and UDP Supp0rt Deleted wincom32 Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SYSTEM32\PFB0E0~1.DLL - Deleted C:\WINDOWS\SYSTEM32\PFCA7F~1.DLL - Deleted C:\WINDOWS\SYSTEM32\SFXZMT~1.DLL - Deleted C:\WINDOWS\SYSTEM32\SFXZMT~2.DLL - Deleted C:\WINDOWS\SYSTEM32\SFXZMT~3.DLL - Deleted C:\WINDOWS\SYSTEM32\SFXZMT~4.DLL - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\5.dllb - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\6.dllb - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\7.dllb - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\5.dllb - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\6.dllb - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\7.dllb - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\mstF9.bat - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun15.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun15.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun5.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun6.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe - Deleted C:\WINDOWS\system32\zoom.exe.exe - Deleted C:\WINDOWS\system32\msdrives\driverpp.sys - Deleted C:\WINDOWS\system32\msdrives\msdrvctrl.exe - Deleted C:\WINDOWS\msdrvctrl.exe - Deleted C:\WINDOWS\system32\comdlg77.dll - Deleted C:\WINDOWS\system32\ldinfo.ldr - Deleted C:\WINDOWS\system32\max1d164v.exe - Deleted C:\WINDOWS\system32\msnav32.ax - Deleted C:\WINDOWS\system32\qvxga7met4.exe - Deleted C:\WINDOWS\system32\sm.exe - Deleted C:\WINDOWS\system32\svcp.csv - Deleted C:\WINDOWS\system32\vexga1me4t1.exe - Deleted C:\WINDOWS\system32\via.exe - Deleted C:\WINDOWS\system32\wincom32.ini - Deleted C:\WINDOWS\system32\wincom32.sys - Deleted C:\WINDOWS\Uninst2.htm - Deleted C:\WINDOWS\Unist1.htm - Deleted C:\WINDOWS\Via.exe - Deleted Folder C:\WINDOWS\system32\msdrives - Removed ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\\system32\\tcpip.exe"="%windir%\\system32\\tcpip.exe:*:Enabled:TCP and UDP Support" "C:\\WINDOWS\\System32\\vexga3me2.exe"="C:\\WINDOWS\\System32\\vexga3me2.exe:*:Enabled:taskmgr32" "C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\11F.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\11F.tmp.exe:*:Enabled:qwertybot" "C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\122.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\122.tmp.exe:*:Enabled:qwertybot" "C:\\WINDOWS\\System32\\qwertybot.exe"="C:\\WINDOWS\\System32\\qwertybot.exe:*:Enabled:qwertybot" "C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\5.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\5.tmp.exe:*:Enabled:qwertybot" "C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\7.tmp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\7.tmp.exe:*:Enabled:qwertybot" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "explorer.exe"="explorer.exe::*:Enabled:Explorer" Remaining Files: --------------- C:\WINDOWS\system32\rsvp32_2.dll Found - LSP! C:\WINDOWS\SYSTEM32\VDB.DLL Found - LSP!! Backups Folder: - C:\DOCUME~1\ADMINI~1\Bureau\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\WINDOWS\system32\8B72026A06.sys Finished RAPPORT FIXWAREOUT Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. C:\Documents and Settings\Administrateur\Application Data\Install.dat Deleted C:\WINDOWS\xpupdate.exe Deleted C:\WINDOWS\System32\kernel32.exe Deleted .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" "Logitech Utility"="Logi_MwX.Exe" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security Professional\\UrlLstCk.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "lnwin.exe"="C:\\WINDOWS\\System32\\lnwin.exe" "fizbsyl.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\fizbsyl.dll,sdhgdcf" "Personal Security Center Monitor"="C:\\WINDOWS\\System32\\psc_mon.exe" "System"="C:\\WINDOWS\\System32\\kernels32.exe" "ExploreUpdSched"="C:\\WINDOWS\\System32\\pwinrodv.exe SKY004" "spoolsvv"="C:\\WINDOWS\\System32\\spoolsvv.exe" "qwertybot.exe"="C:\\WINDOWS\\System32\\qwertybot.exe" "System64"="C:\\WINDOWS\\System32\\inet.exe" "Svcs: Dnscache"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\18010\\explorer.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "WindowsHive"="C:\\WINDOWS\\System32\\rpcc.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "SetDefaultMIDI"="MIDIDef.exe" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "InstantTray"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe" "IW_Drop_Icon"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc" "adirka"="C:\\WINDOWS\\System32\\adirka.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» RAPPORT KILLBOX Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:07 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\WinNB69.dll I Rebooted @ 2:24:51 AM Killbox Closed(Exit) @ 2:24:52 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:37 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\kernels32.exe I Rebooted @ 2:38:59 AM Killbox Closed(Exit) @ 2:39:00 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:43 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\pwinrodv.exe I Rebooted @ 2:45:35 AM Killbox Closed(Exit) @ 2:45:36 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:49 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\spoolsvv.exe I Rebooted @ 2:50:04 AM Killbox Closed(Exit) @ 2:50:05 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:53 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\qwertybot.exe I Rebooted @ 2:54:37 AM Killbox Closed(Exit) @ 2:54:37 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 2:58 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\inet.exe I Rebooted @ 2:59:18 AM Killbox Closed(Exit) @ 2:59:19 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:06 AM # 1 [Delete on Reboot] Path = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\18010\explorer.exe I Rebooted @ 3:06:41 AM Killbox Closed(Exit) @ 3:06:42 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:12 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\adirka.exe I Rebooted @ 3:13:20 AM Killbox Closed(Exit) @ 3:13:21 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:17 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\a3dxq.dll I Rebooted @ 3:18:25 AM Killbox Closed(Exit) @ 3:18:26 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:22 AM # 1 [Delete on Reboot] Path = C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll I Rebooted @ 3:23:08 AM Killbox Closed(Exit) @ 3:23:10 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:30 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\mcuk.dll I Rebooted @ 3:30:50 AM Killbox Closed(Exit) @ 3:30:52 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Administrateur(Administrator) was started @ mercredi, avril 04, 2007, 3:34 AM LOG HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 04:01:45, on 04/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\psc_mon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Ofb11 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file) O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB69.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B8912BCA-0BBC-40E1-8200-A44B5F3A5FDC} - C:\Program Files\Messenger\nipy.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - (no file) O2 - BHO: (no name) - {CDCB3A1B-0B80-4693-9579-29D18FE4606C} - C:\Program Files\Messenger\nipy.dll O2 - BHO: 0 - {EE8B30ED-5C09-4BFC-469D-8D5BDE3DE029} - C:\Program Files\MSN Gaming Zone\rybimo147.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file) O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm745YYFR O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing O15 - Trusted Zone: www.sgnappo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll (file missing) O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Voilà, j'attends ton avis sur le dernier log !!! Mon Pc se sent déjà beaucoup mieux et moi aussi ) BilloO
- le 4 avril 2007
- 17 réponses
Rapport Hijackthis

BilloO a posté un sujet dans Analyses et éradication malwares

Bonjour, Suite à une infection, mon pc reboot sans arrêt. J'ai appliqué la procédure préliminaire à ma demande d'analyse qui m'a permi de nettoyer mon pc, mais je n'arrive toujours pas à le faire fonctionner en mode normal. Que dois faire ???? Merci d'avance pour votre aide !!! Voici le log en mode sans échec : Logfile of HijackThis v1.99.1 Scan saved at 00:34:22, on 03/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: VPNS System - {366B2151-E1C7-44a3-86A3-E5686C2A3D2F} - C:\WINDOWS\iedrives.dll O2 - BHO: (no name) - {3CDE797C-6D77-5753-4AD6-08ADCB5C0C80} - C:\WINDOWS\System32\lrcjgbg.dll (file missing) O2 - BHO: Ofb11 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file) O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB69.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B8912BCA-0BBC-40E1-8200-A44B5F3A5FDC} - C:\Program Files\Messenger\nipy.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - (no file) O2 - BHO: (no name) - {CDCB3A1B-0B80-4693-9579-29D18FE4606C} - C:\Program Files\Messenger\nipy.dll O2 - BHO: 0 - {EE8B30ED-5C09-4BFC-469D-8D5BDE3DE029} - C:\Program Files\MSN Gaming Zone\rybimo147.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - (no file) O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB69.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe O4 - HKLM\..\Run: [fizbsyl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fizbsyl.dll,sdhgdcf O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\kernels32.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\pwinrodv.exe SKY004 O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\System32\qwertybot.exe O4 - HKLM\..\Run: [system64] C:\WINDOWS\System32\inet.exe O4 - HKLM\..\Run: [svcs: Dnscache] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\18010\explorer.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm745YYFR O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing O15 - Trusted Zone: www.sgnappo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B59C339-F51D-4BE9-86EA-2A4AEB8A6EDD}: NameServer = 85.255.115.92,85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\..\{A204FA9B-2FEC-4126-AADA-B4D916CACE0E}: NameServer = 85.255.115.92,85.255.112.10 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Klmfmo32.dll (file missing) O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\System32\mcuk.dll O21 - SSODL: LfTfYzrqPxQsFz - {78971CD8-D23D-B672-98BF-593085E1913E} - C:\WINDOWS\System32\bmurv.dll (file missing) O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - C:\WINDOWS\System32\vmufar32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000271 (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJvbWF0ZXM\command.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TCP and UDP Supp0rt - Unknown owner - C:\WINDOWS\System32\tccpip.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 2 avril 2007
- 17 réponses

Connexion

BilloO

Compteur de contenus

Inscription

Dernière visite

BilloO's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Rapport Hijackthis

Zebulon

Outils en ligne

Naviguer