patator02

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:23:51, on 21/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\styler\Styler.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Mes documents\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 4559 bytes Woila !!

Voila le log Malwarebytes' Anti-Malware 1.21 Version de la base de données: 971 Windows 5.1.2600 Service Pack 2 18:47:41 20/07/2008 mbam-log-7-20-2008 (18-47-41).txt Type de recherche: Examen rapide Eléments examinés: 40198 Temps écoulé: 3 minute(s), 47 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 11 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\byXPHwWO.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\jkkLBuTm.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\xgsegz.dll (Trojan.Vundo) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4388c8d1-f02d-42e7-b241-bd72f70badda} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4388c8d1-f02d-42e7-b241-bd72f70badda} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b142d321-746f-4000-822f-27226dd14f71} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b142d321-746f-4000-822f-27226dd14f71} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{62d6dda7-8fe9-47f1-b8e9-d1d0d3d9ff3a} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d6dda7-8fe9-47f1-b8e9-d1d0d3d9ff3a} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkklbutm (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d6dda7-8fe9-47f1-b8e9-d1d0d3d9ff3a} (Trojan.Vundo) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphwwo -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphwwo note que j'ai rebooté mon PC et que je n'ai plus ces satanées pop ups !! Merci Falkra !!

Deckard's System Scanner v20071014.68 Run by Administrateur on 2008-07-20 17:21:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 96: 2008-07-20 15:21:44 UTC - RP466 - Deckard's System Scanner Restore Point 95: 2008-07-20 10:59:10 UTC - RP465 - Installation de pilote non signé 94: 2008-07-20 09:42:37 UTC - RP464 - Point de vérification système 93: 2008-07-20 07:42:37 UTC - RP463 - Point de vérification système 92: 2008-07-20 05:42:37 UTC - RP462 - Point de vérification système -- First Restore Point -- 1: 2008-07-17 14:59:09 UTC - RP371 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrateur.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:13, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\styler\Styler.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Mes documents\dss.exe C:\DOCUME~1\ADMINI~1\MESDOC~1\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: {addab07f-27db-142b-7e24-d20f1d8c8834} - {4388c8d1-f02d-42e7-b241-bd72f70badda} - C:\WINDOWS\system32\xgsegz.dll O2 - BHO: (no name) - {62D6DDA7-8FE9-47F1-B8E9-D1D0D3D9FF3A} - C:\WINDOWS\system32\jkkLBuTm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B142D321-746F-4000-822F-27226DD14F71} - C:\WINDOWS\system32\byXPHwWO.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O20 - Winlogon Notify: jkkLBuTm - C:\WINDOWS\SYSTEM32\jkkLBuTm.dll O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 4932 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1\MESDOC~1\backups\) ----------- backup-20080720-133352-220 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe backup-20080720-133352-439 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab backup-20080720-133352-441 O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu backup-20080720-133352-523 O4 - HKLM\..\Run: [bM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s backup-20080720-133352-869 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe backup-20080720-133353-525 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe backup-20080720-133514-285 O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') backup-20080720-133514-377 O1 - Hosts: ::1 localhost backup-20080720-133514-484 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') backup-20080720-133514-531 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') backup-20080720-133514-640 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab backup-20080720-133514-644 O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') backup-20080720-133514-708 O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') backup-20080720-133514-725 O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU') backup-20080720-133514-787 O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user') backup-20080720-133514-794 O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL') backup-20080720-133514-945 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL backup-20080720-133514-979 O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM') backup-20080720-133514-995 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab backup-20080720-133515-884 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe backup-20080720-133604-168 O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') backup-20080720-133604-207 O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') backup-20080720-133604-282 O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') backup-20080720-133604-431 O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') backup-20080720-133604-493 O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe backup-20080720-133604-758 O4 - HKLM\..\Run: [bM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s backup-20080720-133617-424 O4 - HKLM\..\Run: [bM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s backup-20080720-133749-192 O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU') backup-20080720-133749-224 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 backup-20080720-133749-402 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') backup-20080720-133749-413 O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') backup-20080720-133749-495 O4 - HKLM\..\Run: [bM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s backup-20080720-133749-587 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') backup-20080720-134057-536 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') backup-20080720-134057-757 O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') backup-20080720-134057-839 O4 - HKLM\..\Run: [bM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s backup-20080720-134057-932 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing) S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 GPU-Z - c:\docume~1\admini~1\locals~1\temp\gpu-z.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AnotoCasparService - c:\program files\fichiers communs\anoto\2.0\caspar.exe -z <Not Verified; Anoto AB; DevCaspar> R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module> R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module> R2 CyberLink Media Library Service - "c:\program files\cyberlink\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server> R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-20 17:14:58 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-06-20 and 2008-07-20 ----------------------------- 2008-07-20 17:04:54 0 d-------- C:\VundoFix Backups 2008-07-20 16:00:20 0 d-------- C:\Program Files\Navilog1 2008-07-20 13:02:44 102400 --a------ C:\WINDOWS\system32\xgsegz.dll 2008-07-20 13:02:42 102400 --a------ C:\WINDOWS\system32\bvtktwhb.dll 2008-07-20 12:59:42 81408 --a------ C:\WINDOWS\system32\xjgfpcgr.dll 2008-07-20 01:44:16 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2008-07-20 01:26:13 2624 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-19 12:59:48 102400 --a------ C:\WINDOWS\system32\pbnbcg.dll 2008-07-19 12:59:46 102400 --a------ C:\WINDOWS\system32\vowpbupe.dll 2008-07-19 12:55:35 93696 --a------ C:\WINDOWS\system32\amwqfxik.dll 2008-07-18 16:22:15 0 d-------- C:\wally 2008-07-18 10:25:35 101888 --a------ C:\WINDOWS\system32\rllgra.dll 2008-07-18 10:25:33 101888 --a------ C:\WINDOWS\system32\cwqrrlnf.dll 2008-07-18 10:24:12 93184 --a------ C:\WINDOWS\system32\egwrkaeb.dll 2008-07-17 22:41:39 0 d-------- C:\Program Files\eddi's Tools 2008-07-17 16:58:58 435574 --ahs---- C:\WINDOWS\system32\OWwHPXyb.ini2 2008-07-17 16:58:49 283136 --a------ C:\WINDOWS\system32\byXPHwWO.dll 2008-07-17 16:53:47 32256 --a------ C:\WINDOWS\system32\pmnlifef.dll 2008-07-17 16:53:47 32256 --a------ C:\WINDOWS\system32\jkkLBuTm.dll 2008-07-17 11:27:06 0 d-------- C:\Program Files\Custom-Strike 2008-07-12 16:23:07 0 d-------- C:\Program Files\GCFScape 2008-07-12 16:15:13 0 d-------- C:\Documents and Settings\Administrateur\Application Data\MilkShape 3D 1.x.x 2008-07-12 16:14:58 0 d-------- C:\Program Files\MilkShape 3D 1.8.3 2008-07-12 15:40:18 0 d-------- C:\Program Files\Half-Life Model Viewer 2008-07-06 15:13:25 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-06 12:13:52 0 d-------- C:\Program Files\Valve 2008-07-06 02:28:22 0 d-------- C:\serveur -- Find3M Report --------------------------------------------------------------- 2008-07-20 01:47:45 0 d-------- C:\Program Files\Ad-Aware 2008-07-17 11:27:06 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-16 09:31:20 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-06-13 20:26:08 0 d-------- C:\Program Files\AMX Mod X 2008-06-09 16:25:19 0 d-------- C:\Program Files\ATI Technologies 2008-06-08 01:19:37 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe 2008-06-08 01:18:35 0 d-------- C:\Program Files\Fichiers communs\Adobe 2008-06-08 01:18:13 0 d-------- C:\Program Files\Fichiers communs 2008-06-08 01:11:18 1007 --a------ C:\WINDOWS\mozver.dat 2008-06-07 23:40:59 103509 --a------ C:\WINDOWS\hpoins04.dat 2008-06-07 23:40:30 0 d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2008-06-07 23:24:25 0 d-------- C:\Program Files\HP 2008-06-07 22:38:11 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Anoto 2008-06-07 22:37:15 0 d-------- C:\Program Files\Nokia Digital Pen 2008-06-07 22:37:15 0 d-------- C:\Program Files\Fichiers communs\Anoto 2008-06-07 19:06:20 0 d-------- C:\Program Files\Rockstar Games 2008-06-05 17:57:42 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM 2008-06-05 17:48:48 0 d-------- C:\Program Files\CAPCOM 2008-06-05 08:00:31 0 d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-05-28 14:37:32 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Real 2008-05-21 21:18:23 0 d-------- C:\Program Files\Microsoft Works 2008-05-21 21:17:23 0 d-------- C:\Program Files\Microsoft.NET 2008-05-16 19:01:13 509420 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-16 19:01:13 83992 --a------ C:\WINDOWS\system32\perfc00C.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4388c8d1-f02d-42e7-b241-bd72f70badda}] 20/07/2008 13:02 102400 --a------ C:\WINDOWS\system32\xgsegz.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62D6DDA7-8FE9-47F1-B8E9-D1D0D3D9FF3A}] 17/07/2008 16:53 32256 --a------ C:\WINDOWS\system32\jkkLBuTm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B142D321-746F-4000-822F-27226DD14F71}] 17/07/2008 16:58 283136 --a------ C:\WINDOWS\system32\byXPHwWO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [17/07/2006 23:16] "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [18/12/2007 04:04] "Styler"="C:\Program Files\styler\Styler.exe" [03/05/2006 11:48] "SoundMan"="SOUNDMAN.EXE" [18/06/2004 10:31 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "MSConfig"="C:\WINDOWS\system32\msconfig.exe" [18/12/2007 04:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [18/12/2007 04:04] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"=1 (0x1) "NoSMHelp"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"=1 (0x1) "NoSMHelp"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{62D6DDA7-8FE9-47F1-B8E9-D1D0D3D9FF3A}"= C:\WINDOWS\system32\jkkLBuTm.dll [17/07/2008 16:53 32256] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLBuTm] jkkLBuTm.dll 17/07/2008 16:53 32256 C:\WINDOWS\system32\jkkLBuTm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXPHwWO [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Docking Director.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Docking Director.lnk backup=C:\WINDOWS\pss\Docking Director.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\642792df] rundll32.exe "C:\WINDOWS\system32\xjgfpcgr.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6714a143] Rundll32.exe "C:\WINDOWS\system32\tspmngtc.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Valve\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV NetworkService -- Hosts ----------------------------------------------------------------------- 127.0.0.1 rad.msn.com 127.0.0.1 rad.live.com 127.0.0.1 ads1.msn.com 127.0.0.1 adfarm.mediaplex.com -- End of Deckard's System Scanner: finished at 2008-07-20 17:24:18 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: AMD Duron Percentage of Memory in Use: 38% Physical Memory (total/avail): 1279.48 MiB / 791.02 MiB Pagefile Memory (total/avail): 3053.15 MiB / 2757.68 MiB Virtual Memory (total/avail): 2047.88 MiB / 1914.81 MiB C: is Fixed (NTFS) - 76.32 GiB total, 31.09 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is Fixed (NTFS) - 100.04 GiB total, 32.31 GiB free. G: is Fixed (NTFS) - 14.99 GiB total, 14.93 GiB free. H: is CDROM (No Media) I: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition \PARTITION0 (bootable) - Système de fichiers installable - 76.32 GiB - C: \\.\PHYSICALDRIVE1 - HDS72251 2VLSA80 SCSI Disk Device - 115.04 GiB - 2 partitions \PARTITION0 - Étendu avec Inter. 13 étendue - 14.99 GiB - G: \PARTITION1 - Système de fichiers installable - 100.04 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is disabled. AUState says computer is ready and waiting. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. AntivirusOverride is set. FirewallOverride is set. Unable to create WMI object. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\Administrateur\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=65F076E40E1A415 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrateur LOGONSERVER=\\65F076E40E1A415 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=65F076E40E1A415 USERNAME=Administrateur USERPROFILE=C:\Documents and Settings\Administrateur windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrateur (admin) -- Add/Remove Programs --------------------------------------------------------- ACDSee Pro 2 --> MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70} Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} AMX Mod X Installer 1.8.0 --> C:\Program Files\AMX Mod X\uninst.exe Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Cabela's African Safari --> MsiExec.exe /I{ACC2CB83-5C44-4221-9E08-43A0DD071CE7} Call of Duty® 4 - Modern Warfare --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG Decal Converter --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe" GCFScape 1.3.1 --> "C:\Program Files\GCFScape\unins000.exe" Half-Life --> C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe High Definition Audio - KB888111 --> HijackThis 2.0.2 --> "C:\Documents and Settings\Administrateur\Mes documents\HijackThis.exe" /uninstall HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat iPod for Windows 2005-09-23 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1036 iTunes --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1036 Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Mega Codec Pack 3.5.7 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" MakeDVD 1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall Max Payne 2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x40c Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MilkShape 3D 1.8.3 --> "C:\Program Files\MilkShape 3D 1.8.3\uninstall.exe" Mise à jour pour Windows XP (KB942763) --> Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D} My Cinema --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7D73CC6B-33A8-4DE2-9539-2498A59C12C2} Navilog1 3.6.1 --> "C:\Program Files\Navilog1\unins000.exe" Nero 8 Lite 8.1.1.3 --> "C:\Program Files\Nero\unins000.exe" Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B} Nokia Digital Pen Application Suite --> MsiExec.exe /I{7F446E70-AB63-45B9-96CA-4AC4A49CDA03} PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall PowerCinema --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall PowerDirector --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerProducer Express --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QT Lite 2.1.1 --> "C:\Program Files\QT Lite\unins000.exe" Real Alternative 1.60 Lite --> "C:\Program Files\Real Alternative\unins000.exe" Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE resident evil 4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x40c -removeonly Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA USB Filter Driver (Vlink) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VIA Technologies, Inc.\VIA USB Filter Driver (VLink)\Uninst.isu" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /I{A90D10BA-1E82-44E1-87DE-56A22BA151DA} Windows Live Mail --> MsiExec.exe /I{680A8EEC-8A9B-4A75-AFAD-65BDD29B86EE} Windows Live Messenger --> MsiExec.exe /X{52B40F14-A731-47BF-BAA2-BBD1227C90A2} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XML Paper Specification Shared Components Pack 1.0 --> ZHLT Compile GUI v8 --> C:\Program Files\eddi's Tools\ZHLT Compile GUI\Uninstall.exe Zoo Tycoon 2 Espèces en danger --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type2345 / Warning Event Submitted/Written: 07/20/2008 05:12:38 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Event Record #/Type2344 / Warning Event Submitted/Written: 07/20/2008 05:12:38 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Event Record #/Type2338 / Warning Event Submitted/Written: 07/20/2008 05:10:12 PM Event ID/Source: 1524 / Userenv Event Description: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé. Event Record #/Type2334 / Success Event Submitted/Written: 07/20/2008 04:30:25 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2333 / Warning Event Submitted/Written: 07/20/2008 04:15:12 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4799 / Error Event Submitted/Written: 07/20/2008 04:12:46 PM Event ID/Source: 10005 / DCOM Event Description: DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type4798 / Error Event Submitted/Written: 07/20/2008 04:12:40 PM Event ID/Source: 10005 / DCOM Event Description: DCOM a reçu l'erreur "%%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type4797 / Error Event Submitted/Written: 07/20/2008 04:12:28 PM Event ID/Source: 10005 / DCOM Event Description: DCOM a reçu l'erreur "%%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type4796 / Error Event Submitted/Written: 07/20/2008 04:12:00 PM Event ID/Source: 10005 / DCOM Event Description: DCOM a reçu l'erreur "%%1084" lors de la mise en route du service netman avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type4795 / Error Event Submitted/Written: 07/20/2008 04:11:20 PM Event ID/Source: 7026 / Service Control Manager Event Description: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip -- End of Deckard's System Scanner: finished at 2008-07-20 17:24:18 ------------ Merci

Merci ! Voila le rapport : Search Navipromo version 3.6.1 commencé le 20/07/2008 à 16:58:14,23 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Administrateur" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier Navipromo trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\OWwHPXyb.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 20/07/2008 à 17:03:43,43 ***

Bonjour Dans IE et firefox j'ai des pubs intempestives un peu embétantes Merci de me dire quoi supprimer et comment !! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:47, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\styler\Styler.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrateur\Mes documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 4351 bytes Merci !!