Aller au contenu

tepoztlan

Membres
  • Compteur de contenus

    17
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais, English

tepoztlan's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. tepoztlan

    Win98

    Bonjour, j'ai un vieux PC sous Windows 98 qui est plus qu'essoufflé (plus de place sur le DD (2Go), peu de Ram (128Mo), ...) J'ai essayé de reinstaller W98 après avoir supprimé tous les softs inutilisés, les fichiers temps, etc... pour ce faire j'ai utilisé le CD de restore qui au lieu de réinstallé proprement pardessus la version fatiguée, m'a créé une deuxième instance de windows donc en prenant encore plus de place que précédemment sur le peu qui restait. Aujourd'hui je souhaiterai faire une vrai réinstall de W98, mais je ne sais comment faire ? J'ai à dispo le cd d'install W98 et aussi celui d'XP je ne sais pas ce qui serait le mieux (ou le plus facile) à installer. Si quelqu'un à une procédure de nettoyage , install qui "marche" je suis tres interessé Merci d'avance pour vos conseils, Tepoztlan
  2. Bonjour, je n'ai pas ces dossiers servicePackFiles\i386\ dans C:\Windows ???
  3. malheureusement ça n'est pas possible renommer le logon.scr sans qu'il se recrée automatiquement dans les qqs secondes qui suivent
  4. J'ai ajouté cette clef mais sans aucun effet .... bon bah on va pas se prendre la tête c'est que du cosmetique après tout Merci quand même d'avoir essayé A bientôt
  5. oui le setting actuel est: [HKEY_CURRENT_USER\Control Panel\Desktop] "ScreenSaveActive"="1" "ScreenSaverIsSecure" = 1 "SCRNSAVE.EXE" = ssbezier.scr et [HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaveActive"="1" "ScreenSaverIsSecure" = 0 "SCRNSAVE.EXE" = ssbezier.scr voilà ....
  6. Angelique, c'est exactement ce que j'ai fait mais rien ne change (meme apres reboot) en fait le screen saver fonctionne (enfin le logon.scr), c'est juste la liste déroulante qui reste grisée. ???
  7. Merci Angelique pour ces infos. en ce qui concerne la politique groupe sur le setup du screen saver: elle est non définie. j'ai par ailleurs lancé regedit ou la valeur de la clef était déjà à 1: HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive Type: REG_SZ Value Data: 1 = ScreenSaveActive Enabled Après reboot aucun changement ? le screen saver fonctionne avec logon.scr mais pas de possibilité de choix autre ! y'a autre chose à faire, stp ?
  8. Bonjour Angelique, en fait j'ai les droits Admin sur mon PC et regedit fonctionne aussi. Il se trouve que tous les PC entrant sont ré-impactés avec une image std "corporate" dans laquelle le screensaver est défini par défaut. Mais bon je comprend si ça te pause un probleme de deonthologie y'a pas de soucis Cdt, Tepoz
  9. Bonjour, sur mon PC, du boulot, l'écran de veille est activé par défaut sur "logon.scr" et la possibilité de le changer via les properties du bureau est désactivée. Il y a t'il une astuce pour modifier ce setting et réactiver le choix d'écran de veille ou simplement le modifier via la base de registre , ou autre ? Merci de votre aide
  10. Bonjour, je ne me suis pas connecter depuis hier soir ... aujourd'hui je suis au boulot et ça ne va pas etre facile pour moi de faire ces manips. je le ferai ce soir après le taff. J'espère que ça ne met pas trop en peril mon PC qui somme toute fonctionne bien mieux (voir tres bien) depuis ton intervention. Encore merci .
  11. apres un nouveau passage de f-secure sur C: pas de virus détecté YESSSSssss tout semble rentre dans l'ordre il y a t'il qqs chose que je dois faire en plus pour être tout à fait tranquille ? Merci beaucoup beaucoup pour ton aide, t'es trop balaize et moi trop nul j'ai batailler pendant des heures et des heures pour quedal et toi en 2 coups de cuillère à pot tu as réglé le truc. Je dis chapeau Môsieur
  12. Voilà les résultats: 1/ Rapport VunDoFix: VundoFix V6.7.8 Checking Java version... Java version is 1.4.2.2 Old versions of java are exploitable and should be removed. Scan started at 03:15:00 10/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\hdlsjkig.dll C:\WINDOWS\system32\knnmp.ini C:\WINDOWS\system32\knnmp.ini2 C:\WINDOWS\system32\pmnnk.dll C:\WINDOWS\system32\rmyuynqt.dll C:\WINDOWS\system32\scwcrrcf.dll C:\WINDOWS\system32\uhioqvel.dll C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\zlohajqo.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\hdlsjkig.dll C:\WINDOWS\system32\hdlsjkig.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\knnmp.ini C:\WINDOWS\system32\knnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\knnmp.ini2 C:\WINDOWS\system32\knnmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnk.dll C:\WINDOWS\system32\pmnnk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rmyuynqt.dll C:\WINDOWS\system32\rmyuynqt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\scwcrrcf.dll C:\WINDOWS\system32\scwcrrcf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\uhioqvel.dll C:\WINDOWS\system32\uhioqvel.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.8 Checking Java version... Java version is 1.4.2.2 Old versions of java are exploitable and should be removed. Scan started at 10:41:12 10/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\abipmekj.dll C:\WINDOWS\system32\euctbybj.dll C:\WINDOWS\system32\hspoanpd.dll C:\WINDOWS\system32\ijjlm.ini C:\WINDOWS\system32\ijjlm.ini2 C:\WINDOWS\system32\jbybtcue.ini C:\WINDOWS\system32\jsenvmpu.dll C:\WINDOWS\system32\lclfswug.dll C:\windows\system32\lclfswug.dllbox C:\WINDOWS\system32\mljji.dll C:\WINDOWS\system32\nysdinyg.dll C:\WINDOWS\system32\urqqopn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\abipmekj.dll C:\WINDOWS\system32\abipmekj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\euctbybj.dll C:\WINDOWS\system32\euctbybj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hspoanpd.dll C:\WINDOWS\system32\hspoanpd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ijjlm.ini C:\WINDOWS\system32\ijjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ijjlm.ini2 C:\WINDOWS\system32\ijjlm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\jbybtcue.ini C:\WINDOWS\system32\jbybtcue.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jsenvmpu.dll C:\WINDOWS\system32\jsenvmpu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lclfswug.dll C:\WINDOWS\system32\lclfswug.dll Could not be deleted. Attempting to delete C:\windows\system32\lclfswug.dllbox C:\windows\system32\lclfswug.dllbox Has been deleted! Attempting to delete C:\WINDOWS\system32\mljji.dll C:\WINDOWS\system32\mljji.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\nysdinyg.dll C:\WINDOWS\system32\nysdinyg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ijjlm.ini C:\WINDOWS\system32\ijjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ijjlm.ini2 C:\WINDOWS\system32\ijjlm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\lclfswug.dll C:\WINDOWS\system32\lclfswug.dll Has been deleted! Attempting to delete C:\windows\system32\lclfswug.dllbox C:\windows\system32\lclfswug.dllbox Has been deleted! Attempting to delete C:\WINDOWS\system32\mljji.dll C:\WINDOWS\system32\mljji.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.8 Checking Java version... Java version is 1.4.2.2 Old versions of java are exploitable and should be removed. Scan started at 16:25:41 10/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\fyvhagko.dll C:\WINDOWS\system32\mmaululq.dll C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\wgzedlpx.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\fyvhagko.dll C:\WINDOWS\system32\fyvhagko.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mmaululq.dll C:\WINDOWS\system32\mmaululq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\wgzedlpx.dll C:\WINDOWS\system32\wgzedlpx.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\urqqopn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2/Rapport ComboFix: ComboFix 08-02.05.3 - rlainel 2008-02-10 17:04:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2895 [GMT 1:00] Running from: d:\Documents and Settings\RLAINEL\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jfexbowb.ini C:\WINDOWS\system32\jtmurdpx.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\orutv.ini2 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\shhspgme.ini C:\WINDOWS\system32\urqqopn.dll C:\WINDOWS\system32\vdonhowa.ini C:\WINDOWS\system32\x64 d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://w2k3004.rnd.gemplus.com . ((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))) . 2008-02-10 16:58 . 2008-02-10 16:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-02-10 11:39 . 2008-02-10 13:31 294 --ahs---- C:\WINDOWS\system32\sgmeoyeq.ini 2008-02-10 10:37 . 2008-02-10 10:37 474 --ahs---- C:\WINDOWS\system32\gynidsyn.ini 2008-02-10 03:15 . 2008-02-10 16:58 <DIR> d-------- C:\VundoFix Backups 2008-02-10 03:14 . 2008-02-10 03:14 294 --ahs---- C:\WINDOWS\system32\fcrrcwcs.ini 2008-02-08 18:38 . 2008-02-10 02:08 <DIR> d-a------ d:\Documents and Settings\All Users\Application Data\TEMP 2008-02-08 18:33 . 2008-02-08 18:33 <DIR> d-------- d:\Documents and Settings\RLAINEL\Application Data\Simply Super Software 2008-02-08 18:33 . 2008-02-08 18:39 <DIR> d-------- C:\Program Files\Trojan Remover 2008-02-08 18:33 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-02-08 18:33 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-02-08 17:44 . 2008-02-08 17:44 <DIR> d-------- d:\Documents and Settings\LocalService\Application Data\StumbleUpon 2008-02-08 16:38 . 2008-02-08 16:38 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-08 11:38 . 2008-02-08 18:44 474 --ahs---- C:\WINDOWS\system32\ykqqaeds.ini 2008-02-08 11:37 . 2008-02-08 11:37 87,616 --a------ C:\WINDOWS\system32\sdeaqqky.dll.vir 2008-02-08 10:20 . 2008-02-08 10:16 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-08 10:20 . 2008-02-08 10:20 3,446 --a------ C:\WINDOWS\unins000.dat 2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- d:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-08 09:22 . 2008-02-08 09:22 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-06 23:04 . 2008-02-06 23:04 8,184 --a------ C:\WINDOWS\system32\vimiwsvg.dll 2008-02-04 18:38 . 2008-02-04 18:38 8,184 --a------ C:\WINDOWS\system32\geobrmfy.dll 2008-02-03 22:47 . 2008-02-03 22:52 <DIR> dr------- C:\Program Files\Add-ins 2008-02-03 22:47 . 2002-09-16 01:41 1,089,536 --a------ C:\WINDOWS\system32\Roboex32.dll 2008-02-03 18:38 . 2008-02-04 08:33 474 --ahs---- C:\WINDOWS\system32\cgatvvxj.ini 2008-02-03 17:37 . 2008-02-03 18:36 354 --ahs---- C:\WINDOWS\system32\gbqjqnfy.ini 2008-02-03 17:30 . 2008-02-10 00:45 354,175 --a------ C:\WINDOWS\system32\knnmp.ini2.vir 2008-02-03 17:30 . 2008-02-10 00:48 354,175 --a------ C:\WINDOWS\system32\knnmp.ini.vir 2008-02-03 17:25 . 2008-02-03 17:28 <DIR> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\TEMP\cXzz9 2008-01-28 17:27 . 2005-08-16 15:05 36,864 --a------ C:\WINDOWS\VB6IDEMouseWheelAddin.dll 2008-01-28 17:24 . 2008-01-28 17:24 <DIR> d-------- C:\Program Files\MouseWheelExcel 2008-01-23 17:48 . 2008-01-23 17:48 <DIR> d--h----- C:\WINDOWS\PIF 2008-01-10 16:15 . 2008-01-10 17:39 32 --a------ C:\WINDOWS\0 2008-01-10 16:15 . 2008-01-10 16:15 0 --a------ C:\WINDOWS\system32\0 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 11:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-09 23:01 --------- d-----w C:\Program Files\Radmin 2008-02-09 15:13 --------- d-----r C:\Program Files\SyncBack 2008-02-08 11:51 --------- d-----w d:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-08 09:27 --------- d-----r C:\Program Files\Spybot - Search & Destroy 2008-02-08 08:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-28 13:13 --------- d-----r C:\Program Files\PSPad editor 2008-01-25 08:32 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\StumbleUpon 2008-01-19 11:24 --------- d-----r C:\Program Files\iTunes 2008-01-19 11:23 --------- d-----r C:\Program Files\iPod 2008-01-19 11:22 --------- d-----r C:\Program Files\QuickTime 2008-01-16 10:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-16 10:38 --------- d-----r C:\Program Files\RegCleaner 2008-01-11 17:20 --------- d-----w d:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-10 16:53 --------- d-----w d:\Documents and Settings\All Users\Application Data\Bluetooth 2008-01-10 16:17 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Nokia 2008-01-08 21:29 --------- d-----r C:\Program Files\Quintessential Player 2008-01-08 20:37 --------- d-----w C:\Program Files\IVT Corporation 2008-01-08 13:38 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Roxio 2008-01-08 13:30 --------- d-----w d:\Documents and Settings\All Users\Application Data\InstallShield 2008-01-08 13:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-08 13:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Sonic 2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-01-08 13:29 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-01-08 13:28 --------- d-----w C:\Program Files\Roxio 2008-01-08 13:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-01-06 19:03 --------- d-----r C:\Program Files\DVDFab HD Decrypter 3 2008-01-06 18:54 --------- d-----r C:\Program Files\Transparency_Glass 2007-12-27 17:02 --------- d-----r C:\Program Files\palmOne 2007-12-26 09:34 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\F-Secure 2007-12-20 08:58 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\InterVideo 2007-12-20 08:21 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\DVDFab 2007-12-19 08:43 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-19 08:37 --------- d-----w d:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-19 08:34 --------- d-----w C:\Program Files\StumbleUpon 2007-12-14 07:45 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\SpamBayes 2007-12-14 07:44 --------- d-----w C:\Program Files\SpamBayes 2007-12-12 22:47 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-12 22:47 --------- d-----r C:\Program Files\Windows Live 2007-12-12 22:37 --------- d-----r C:\Program Files\Autoruns 2007-12-12 22:36 --------- d-----r C:\Program Files\The KMPlayer 2007-12-12 22:36 --------- d-----r C:\Program Files\Canon 2007-12-12 22:35 --------- d-----r C:\Program Files\SplashData 2007-12-12 22:35 --------- d-----r C:\Program Files\Polar 2007-12-12 22:35 --------- d-----r C:\Program Files\Photo Story 3 for Windows 2007-12-12 22:35 --------- d-----r C:\Program Files\File Lister 2007-12-12 22:35 --------- d-----r C:\Program Files\FastStone Image Viewer 2007-12-12 22:30 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\FastStone 2007-12-12 22:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-12 22:11 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Leadertech 2007-12-12 22:10 --------- d-----w d:\Documents and Settings\All Users\Application Data\HotSync 2007-12-12 22:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\HotSync 2007-12-12 22:08 53,248 ----a-w C:\WINDOWS\PalmDevC.dll 2007-12-12 22:08 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys 2007-12-12 17:28 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\AdobeUM 2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-12-12 17:27 --------- d-----w C:\Program Files\Common Files\Nokia 2007-12-12 17:27 --------- d-----r C:\Program Files\Nokia 2007-12-12 17:26 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-12-12 17:21 --------- d-----w d:\Documents and Settings\All Users\Application Data\Installations 2007-12-12 15:22 --------- d-----w C:\Program Files\Common Files\Borland 2007-12-12 15:22 --------- d-----w C:\Program Files\Artviews 2007-12-12 07:38 --------- d-----r C:\Program Files\totalcmd 2007-12-11 22:25 --------- d-----r C:\Program Files\Picasa2 2007-12-11 22:07 --------- d-----r C:\Program Files\X1 2007-12-11 21:51 --------- d-----r C:\Program Files\Cegetel 2007-12-11 21:51 --------- d-----r C:\Program Files\CCleaner 2007-12-11 21:44 --------- d-----r C:\Program Files\Apple Software Update 2007-12-11 21:31 --------- d-----r C:\Program Files\Google 2007-12-11 21:29 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Apple Computer 2007-12-11 21:29 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-11 21:27 --------- d-----w d:\Documents and Settings\All Users\Application Data\Apple 2007-12-11 21:27 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-11 20:27 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Windows Live Writer 2007-12-11 19:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-11 17:02 --------- d-----w C:\Program Files\Java 2007-12-11 16:55 --------- d-----w C:\Program Files\Oracle 2007-12-11 16:36 --------- d-----w C:\Program Files\Bomgar 2007-12-11 15:37 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PSpad 2007-12-11 15:26 --------- d-----r C:\Program Files\Conjug 2007-12-11 13:08 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\PC Suite 2007-12-11 13:08 --------- d-----w d:\Documents and Settings\All Users\Application Data\PC Suite 2007-12-11 13:02 --------- d-----w C:\Program Files\DIFX 2007-12-11 12:54 --------- d-----r C:\Program Files\iColorFolder 2007-12-11 12:54 --------- d-----r C:\Program Files\7-Zip 2007-12-11 12:52 106 --sha-w C:\Program Files\desktop.ini 2007-12-11 12:10 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\Talkback 2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\MobileXpress client 2007-12-11 10:13 --------- d-----w d:\Documents and Settings\All Users\Application Data\BT Common Client 2007-12-11 10:13 --------- d-----w C:\Program Files\MobileXpress client 2007-12-11 10:13 --------- d-----w C:\Program Files\BT Common Client 2007-12-11 10:09 --------- d-----w d:\Documents and Settings\RLAINEL\Application Data\MobileXpress client 2007-12-11 07:49 --------- d-----w d:\Documents and Settings\Administrator\Application Data\F-Secure 2007-12-11 07:47 --------- d-----w d:\Documents and Settings\All Users\Application Data\Infonet Services Corporation 2007-12-11 07:47 --------- d-----w d:\Documents and Settings\Administrator\Application Data\Infonet Services Corporation 2007-12-11 07:47 --------- d-----w C:\Program Files\Infonet Services Corporation 2007-12-11 07:32 --------- d-----w C:\Program Files\Jasc Software Inc 2007-12-11 07:31 --------- d-----w C:\Program Files\Harrap's Multimédia 2007-12-11 07:25 --------- d-----w C:\Program Files\FileZilla 2007-12-11 07:24 --------- d-----w C:\Program Files\Business Objects . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5319181E-7DB0-4602-96A4-C6A6E8A1F975}] C:\WINDOWS\system32\mljji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E13D903F-1321-4350-B69F-94EE6CB36BF0}] C:\WINDOWS\system32\pmnnk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB8B5F9-5CB0-435B-BED8-094BA9DDB6BC}] C:\WINDOWS\system32\vturo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F45F22F7-50FE-4345-BF5E-A4AB08DB4647}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAE2E71A-5B54-4A5D-84F5-5CF7524D17EF}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376] "updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Configuration de la C-BOX"="C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 18:17 395264] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] "X1FileMonitor.exe"="C:\Program Files\X1\X1FileMonitor.exe" [2007-04-03 18:08 428544] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "PCTVOICE"="pctspk.exe" [2002-07-18 16:58 163840 C:\WINDOWS\system32\pctspk.exe] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 13:26 303104 C:\WINDOWS\stsystra.exe] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 02:51 122929] "F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032] "RegTool"="C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe" [2004-08-24 13:56 40960] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104] "nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 13:18 1836544] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881] "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-08 18:36 743504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] D:\Documents and Settings\RLAINEL\Start Menu\Programs\Startup\ X1 System Tray.lnk - C:\Program Files\X1\X1Systray.exe [2007-04-03 18:08:34 345088] X1.lnk - C:\Program Files\X1\X1.exe [2007-04-03 18:09:04 4964352] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2007-12-11 08:22:33 25214] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 15:57:44 691984] F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-12-10 15:58:22 32807] Harrap's Shorter.lnk - C:\WINDOWS\Installer\{8E6BA0F5-DD49-490F-8653-9A4369220B7D}\Icon8E6BA0F5.exe [2007-12-11 08:32:06 6144] HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:27:34 471040] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-11 13:14:45 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] ckpNotify.dll 2006-04-09 21:24 24674 C:\WINDOWS\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgzedlpx] wgzedlpx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zlohajqo] zlohajqo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=SetDNSSuffixSearchOrder.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1] "Script"=LocalAdmPwd.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\2] "Script"=LocalAdmDom.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\3] "Script"=update.vbs R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 11:19] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35] R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-12-10 15:58] R2 BT Common Client;BT Common Client;"C:\Program Files\BT Common Client\btomosrv.exe" [2007-07-03 15:44] R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 21:24] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 14:37] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 15:30] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 14:37] R2 GemSAFE Card Access Service;GemSAFE Card Access Service;C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe [2004-06-28 16:44] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 21:24] R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 21:24] R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 21:24] S2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" [2001-07-24 16:15] S3 BTHFILT;Filtre de commande Bluetooth;C:\WINDOWS\system32\DRIVERS\BthFilt.sys [2006-11-06 22:13] S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 13:41] S3 BTWSp50;BTWSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BTWSp50.sys [2007-04-20 09:14] S3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-10-23 16:04] S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 10:46] S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2000-10-27 12:45] S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 21:58] S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-01-10 16:22] . Contents of the 'Scheduled Tasks' folder "2008-02-07 07:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-10 00:04:52 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt "2008-02-10 15:19:57 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 17:09:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\system32\DLAAPI_W.DLL . ------------------------ Other Running Processes ------------------------ . c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\WINDOWS\system32\StacSV.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat\acrobat_sl.exe C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe C:\Program Files\X1\X1Service.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe . ************************************************************************** . Completion time: 2008-02-10 17:12:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-10 16:11:57 . 2008-01-18 17:03:40 --- E O F --- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3/ le log Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14, on 2008-02-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\BT Common Client\btomosrv.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\stsystra.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Distillr\Acrotray.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\X1\X1FileMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Adobe\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\X1\X1Systray.exe C:\Program Files\X1\X1.exe C:\Program Files\X1\X1Service.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\PSPad editor\PSPad.exe d:\Documents and Settings\RLAINEL\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gweb.gemalto.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gweb1.gemalto.com/user/wwproxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: (no name) - {5319181E-7DB0-4602-96A4-C6A6E8A1F975} - C:\WINDOWS\system32\mljji.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {E13D903F-1321-4350-B69F-94EE6CB36BF0} - C:\WINDOWS\system32\pmnnk.dll (file missing) O2 - BHO: (no name) - {EEB8B5F9-5CB0-435B-BED8-094BA9DDB6BC} - C:\WINDOWS\system32\vturo.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [RegTool] C:\Program Files\Gemplus\GSLibs\BIN\RegTool.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe AcStd7_0_8 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [X1FileMonitor.exe] C:\Program Files\X1\X1FileMonitor.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Startup: X1 System Tray.lnk = C:\Program Files\X1\X1Systray.exe O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Harrap's Shorter.lnk = ? O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://gemweb.gemenos.eur.gemplus.com/index.html O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - https://trackerweb03.rnd.gemplus.com/trackdoc/trkpm660ie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198050970694 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F9B3E1F4-3F66-11D3-AD61-0090275A7262} (ZABOClientControl Class) - http://ggentp48.gemenos.eur.gemplus.com/wi...eX/ZABOIEEN.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rnd.gemplus.com O17 - HKLM\Software\..\Telephony: DomainName = rnd.gemplus.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rnd.gemplus.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rnd.gemplus.com,china.rnd.gemplus.com,gemenos.eur.gemplus.com,ds.gemplus.com,corp.ds.gemplus.com,axalto.com O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: wgzedlpx - wgzedlpx.dll (file missing) O20 - Winlogon Notify: zlohajqo - zlohajqo.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BT Common Client - British Telecommunications Plc. - C:\Program Files\BT Common Client\btomosrv.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: GemSAFE Card Access Service - Gemplus - C:\Program Files\Gemplus\GSLibs\BIN\GCardSrvNT.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OracleClientCache80 - Unknown owner - c:\orant\BIN\ONRSD80.EXE O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 17656 bytes -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Pour ce qui est des changements immediats, toutes les dll de mauvaise augure semblent avoir disparues : - urqqopn.dll - pmnnk.dll - zlohajqo.dll - uhioqvel.dll - hdlsikig.dll - rmyuynqt.dll - knnmp.ini - knnmp.ini2 - ADMDLL.dll - sdeaqqky.dll ainsi que mes quelques 7500 fichiers temp in wood tout ceci me parait super je vais repasser un coup de F-Secure pour etre totalement rassuré et je te poste le résultat des que fini. En tous cas merci beaucoup pour le coup de main
  13. OK je fais les manips et poste les rapports dans qqs minutes ..... Merci
  14. En plus comme malaise j'ai une tetra chié de fichiers temporaires qui c'est générée dans "My Documents" environ 7500 depuis hier... Ma barre de tache est régulièrement inactivée et je dois pour réparer relancer une tache explorer.exe après avoir tuer le process.
×
×
  • Créer...