Aller au contenu

Dstyx

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    18

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Fr-Eng

Dstyx's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Dstyx
    No file were remove , it's clean Tks a lot Au plaisir, merci en particulier à toi mais à toute votre équipe
  2. Dstyx
    Il est aussi rapide qu'avant l'infection, tout à l'air de fonctionner normalement, Un MERCI Pour être clair , G dépanner un copain qui avait une grosse infection en installant son disque sur mon pc car il ne démarrais plus chez lui, et puis résultat , me suis chopé un de ses brols. Soyez sympas , enfin avec un prénom aussi joli, il y a tjs qq pour veillez sur les autres, MERCI ANGElique. :P
  3. Dstyx
    Ca a l'air clean encore une question une idée de ce qu'est ceci????? 2008-12-26 22:09 . 2008-12-27 15:25 6,456 --ah----- c:\windows\system32\papimohi
  4. Dstyx
    C'est fait , j'ai lu cet avis un peu tard .... bref maintenant Cf fonctionne en mode normal et voila le rapport ComboFix 08-12-26.03 - David 2008-12-27 16:17:20.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.598 [GMT 1:00] LancÚ depuis: c:\documents and settings\David\Bureau\ComboFix.exe Commutateurs utilisÚs :: c:\documents and settings\David\Bureau\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) FW: Kaspersky Anti-Virus *disabled* * Un nouveau point de restauration a ÚtÚ crÚÚ AVERTISSEMENT - LA CONSOLE DE R+CUP+RATION N'EST PAS INSTALL+E SUR CETTE MACHINE !! FILE :: C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm c:\windows\system32\jogonelu.dll c:\windows\system32\mawudeke.dll c:\windows\system32\wegabalu.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata00.sqm C:\sqmdata01.sqm C:\sqmnoopt00.sqm C:\sqmnoopt01.sqm c:\windows\system32\mawudeke.dll c:\windows\system32\wegabalu.dll . ((((((((((((((((((((((((((((( Fichiers crÚÚs du 2008-11-27 au 2008-12-27 )))))))))))))))))))))))))))))))))))) . 2008-12-27 16:07 . 2008-12-27 16:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-12-27 14:21 . 2008-12-27 14:21 <REP> d-------- C:\rsit 2008-12-27 10:19 . 2008-12-26 20:21 2,887,936 -ra------ C:\ComboFix.exe 2008-12-27 10:17 . 2008-12-27 16:12 2,148 --a------ c:\windows\system32\wpa.dbl 2008-12-26 22:09 . 2008-12-27 15:25 6,456 --ah----- c:\windows\system32\papimohi 2008-12-26 17:03 . 2008-12-27 09:41 <REP> d-------- C:\!KillBox 2008-12-26 17:01 . 2008-08-27 03:28 <REP> d-------- C:\327882R2FWJFW 2008-12-12 17:12 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2008-12-01 17:41 . 2008-08-25 16:48 40,496 --a------ c:\windows\system32\drivers\hotcore3.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 15:19 955,424 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-27 15:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-27 15:11 --------- d-----w c:\documents and settings\David\Application Data\uTorrent 2008-12-27 15:08 97,616 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-27 15:08 358,412 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-27 15:08 26,331,680 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-27 12:03 --------- d-----w c:\documents and settings\David\Application Data\MailWasherPro 2008-12-26 20:22 --------- d-----w c:\documents and settings\David\Application Data\teamspeak2 2008-11-25 17:19 --------- d-----w c:\program files\MSECache 2008-11-25 17:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-12 19:34 --------- d-----w c:\program files\TeamSpeak3 2008-11-11 18:06 --------- d-----w c:\documents and settings\David\Application Data\Codemasters 2008-11-11 16:48 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-11 16:48 --------- d--h--r c:\documents and settings\David\Application Data\SecuROM 2008-11-11 15:27 --------- d-----w c:\documents and settings\David\Application Data\InstallShield 2008-11-11 15:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-11 15:26 --------- d-----w c:\program files\AGEIA Technologies 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 19:58 121 ----a-w C:\nero.bat 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-04 18:05 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-07 09:13 22,328 ----a-w c:\documents and settings\David\Application Data\PnkBstrK.sys 2008-07-29 14:58 23,056 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2007-11-22 17:19 94,208 ----a-w c:\documents and settings\David\Application Data\ezplay.sys 2007-11-22 17:19 47,360 ----a-w c:\documents and settings\David\Application Data\pcouffin.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\papimohi ---- c:\windows\system32\papimohi\ ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ÚlÚments vides & les ÚlÚments initiaux lÚgitimes ne sont pas listÚs REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "uTorrent"="c:\documents and settings\David\Bureau\utorrent.exe" [2008-08-21 267056] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"="c:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe" [2007-03-12 1626160] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "Opware15"="c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-05 69632] "PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496] "OODefragTray"="c:\windows\System32\oodtray.exe" [2007-06-28 2512128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-26 282624] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HPAiODevice(hp officejet g series) - 1.lnk - c:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.ffds"= ffdshow.ax "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk] backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-02-28 20:00 315392 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task] --a------ 2006-11-03 12:20 264704 c:\program files\Portrait Displays\HP My Display\dthtml.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2003-05-30 08:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2003-05-29 15:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "Alerter"=3 (0x3) "srservice"=2 (0x2) "SharedAccess"=2 (0x2) "wuauserv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\David\\Bureau\\utorrent.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\utilitaires\\Incredimail\\bin\\IncMail.exe"= "c:\\utilitaires\\Incredimail\\bin\\IMApp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\utilitaires\\Incredimail\\bin\\ImpCnt.exe"= "c:\\utilitaires\\Incredimail\\bin\\ImLc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-01 40496] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-06 28544] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [] S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Examen supplÚmentaire ------- . uStart Page = hxxp://www.telemoustique.be/tm/programme_tele_grid18.html?taal=f&dag=vandaag18 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &Add animation to IncrediMail Style Box - c:\utilit~1\INCRED~1\bin\resources\WebMenuImg.htm IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm IE: E&xporter vers Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000 IE: Open with Scansoft PDF Converter 3.0 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\iua6pld4.default\ FF - prefs.js: browser.startup.homepage - hxxp://quebec-partage.com//index.php | http://www.telemoustique.be/tm/programme_tele.html FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\utilitaires\VLC\npvlc.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 16:19:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachÚs ... Recherche d'ÚlÚments en dÚmarrage automatique cachÚs ... Recherche de fichiers cachÚs ... Scan terminÚ avec succÞs Fichiers cachÚs: 0 ************************************************************************** . --------------------- DLLs chargÚes dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1356) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll - - - - - - - > 'lsass.exe'(1412) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll . Heure de fin: 2008-12-27 16:20:33 ComboFix-quarantined-files.txt 2008-12-27 15:20:30 ComboFix2.txt 2008-12-27 14:49:03 Avant-CF: 24,520,273,920 octets libres AprÞs-CF: 24,503,234,560 octets libres 211 --- E O F --- 2008-12-20 15:35:56 Je le lis en même temps
  5. Dstyx
    il y a tjs ça [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLS"=c:\windows\system32\jogonelu.dll je l'ai supprimée du registre . Je reboote
  6. Dstyx
    Bon Cf à bien voulu fonctionner cette fois Log ComboFix 08-12-26.01 - Administrateur 2008-12-27 15:33:20.6 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.824 [GMT 1:00] Lancé depuis: C:\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) FW: Kaspersky Anti-Virus *disabled* AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\vjdylnld.ini c:\windows\system32\xaeefssx.ini ----- BITS: Il y a peut-être des sites infectés ----- hxxp://77.74.48.105 . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive -------\Service_poof ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 )))))))))))))))))))))))))))))))))))) . 2008-12-27 14:21 . 2008-12-27 14:21 <REP> d-------- C:\rsit 2008-12-27 10:19 . 2008-12-26 20:21 2,887,936 -ra------ C:\ComboFix.exe 2008-12-27 10:17 . 2008-12-27 15:46 2,148 --a------ c:\windows\system32\wpa.dbl 2008-12-26 22:09 . 2008-12-27 15:25 6,456 --ah----- c:\windows\system32\papimohi 2008-12-26 20:17 . 2008-12-26 20:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-12-26 17:03 . 2008-12-27 09:41 <REP> d-------- C:\!KillBox 2008-12-26 17:01 . 2008-08-27 03:28 <REP> d-------- C:\327882R2FWJFW 2008-12-24 22:29 . 2008-12-24 22:29 268 --ah----- C:\sqmdata01.sqm 2008-12-24 22:29 . 2008-12-24 22:29 244 --ah----- C:\sqmnoopt01.sqm 2008-12-24 16:32 . 2008-12-24 16:32 268 --ah----- C:\sqmdata00.sqm 2008-12-24 16:32 . 2008-12-24 16:32 244 --ah----- C:\sqmnoopt00.sqm 2008-12-12 17:12 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2008-12-01 17:41 . 2008-08-25 16:48 40,496 --a------ c:\windows\system32\drivers\hotcore3.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 14:46 --------- d-----w c:\documents and settings\David\Application Data\uTorrent 2008-12-27 14:27 950,304 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-27 14:26 97,376 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-27 14:26 358,412 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-27 14:26 26,331,680 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-27 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-27 12:03 --------- d-----w c:\documents and settings\David\Application Data\MailWasherPro 2008-12-26 20:22 --------- d-----w c:\documents and settings\David\Application Data\teamspeak2 2008-11-25 17:19 --------- d-----w c:\program files\MSECache 2008-11-25 17:03 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-12 19:34 --------- d-----w c:\program files\TeamSpeak3 2008-11-11 18:06 --------- d-----w c:\documents and settings\David\Application Data\Codemasters 2008-11-11 16:48 --------- d--h--r c:\documents and settings\David\Application Data\SecuROM 2008-11-11 15:27 --------- d-----w c:\documents and settings\David\Application Data\InstallShield 2008-11-11 15:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-11 15:26 --------- d-----w c:\program files\AGEIA Technologies 2008-10-16 19:58 121 ----a-w C:\nero.bat 2008-09-07 09:13 22,328 ----a-w c:\documents and settings\David\Application Data\PnkBstrK.sys 2008-07-29 14:58 23,056 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2007-11-22 17:19 94,208 ----a-w c:\documents and settings\David\Application Data\ezplay.sys 2007-11-22 17:19 47,360 ----a-w c:\documents and settings\David\Application Data\pcouffin.sys 2008-09-26 11:57 60,928 --sha-w c:\windows\system32\mawudeke.dll 2008-09-26 11:57 60,928 --sha-w c:\windows\system32\wegabalu.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "uTorrent"="c:\documents and settings\David\Bureau\utorrent.exe" [2008-08-21 267056] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"="c:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe" [2007-03-12 1626160] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "Opware15"="c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-05 69632] "PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496] "OODefragTray"="c:\windows\System32\oodtray.exe" [2007-06-28 2512128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-26 282624] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-27 199184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HPAiODevice(hp officejet g series) - 1.lnk - c:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLS"=c:\windows\system32\jogonelu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "vidc.ffds"= ffdshow.ax "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk] backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-02-28 20:00 315392 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task] --a------ 2006-11-03 12:20 264704 c:\program files\Portrait Displays\HP My Display\dthtml.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2003-05-30 08:42 585728 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2003-05-29 15:28 790528 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "Alerter"=3 (0x3) "srservice"=2 (0x2) "SharedAccess"=2 (0x2) "wuauserv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\David\\Bureau\\utorrent.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\utilitaires\\Incredimail\\bin\\IncMail.exe"= "c:\\utilitaires\\Incredimail\\bin\\IMApp.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\utilitaires\\Incredimail\\bin\\ImpCnt.exe"= "c:\\utilitaires\\Incredimail\\bin\\ImLc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-01 40496] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-06 28544] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [] S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d86d2a-d269-11dd-9884-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . - - - - ORPHELINS SUPPRIMES - - - - BHO-{b4237a65-d383-4438-8b07-1892fc2e4466} - c:\windows\system32\vatoteju.dll HKLM-Run-wowihubota - c:\windows\system32\yenojupa.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.telemoustique.be/tm/programme_tele_grid18.html?taal=f&dag=vandaag18 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &Add animation to IncrediMail Style Box - c:\utilit~1\INCRED~1\bin\resources\WebMenuImg.htm IE: E&xporter vers Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000 IE: Open with Scansoft PDF Converter 3.0 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\iua6pld4.default\ FF - prefs.js: browser.startup.homepage - hxxp://quebec-partage.com//index.php | http://www.telemoustique.be/tm/programme_tele.html FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\utilitaires\VLC\npvlc.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 15:45:34 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1324) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll - - - - - - - > 'lsass.exe'(1408) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Portrait Displays\HP My Display\DTSRVC.exe c:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe c:\windows\system32\WgaTray.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\oodag.exe c:\windows\system32\PnkBstrA.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\progra~1\MICROS~3\rapimgr.exe c:\utilit~1\HPg55\AiO\Shared\Bin\hpoevm07.exe c:\utilitaires\HPg55\AiO\Shared\Bin\hposts07.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-12-27 15:48:58 - La machine a redémarré [David] ComboFix-quarantined-files.txt 2008-12-27 14:48:54 Avant-CF: 24 608 059 392 octets libres Après-CF: 24,500,060,160 octets libres 224 --- E O F --- 2008-12-20 15:35:56 C'est vrai qu'il est chiant , d'habitude je m'en sort seul mais là
  7. Dstyx
    Oups voila Logfile of random's system information tool 1.05 (written by random/random) Run by David at 2008-12-27 15:24:34 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 24 GB (24%) free of 100 GB Total RAM: 1023 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:24:40, on 27/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\System32\PnkBstrA.exe C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe C:\WINDOWS\System32\svchost.exe C:\UTILIT~1\HPg55\AiO\Shared\Bin\hpoevm07.exe C:\utilitaires\HPg55\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\attrib.exe C:\WINDOWS\system32\attrib.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\David\Bureau\RSIT.exe C:\utilitaires\Securité\David.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telemoustique.be/tm/programme_t...p;dag=vandaag18 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing) O4 - HKLM\..\Run: [securDisc] C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\David\Bureau\utorrent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\UTILIT~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223643221265 O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: NBService - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9289 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}] C:\WINDOWS\system32\vatoteju.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"=C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe [2007-03-12 1626160] "PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136] "Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648] "Opware15"=C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-05 69632] "PDF3 Registry Controller"=C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496] "OODefragTray"=C:\WINDOWS\System32\oodtray.exe [2007-06-28 2512128] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-26 282624] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 172544] "wowihubota"=C:\WINDOWS\system32\yenojupa.dll [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136] "uTorrent"=C:\Documents and Settings\David\Bureau\utorrent.exe [2008-08-21 267056] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2006-11-03 264704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 "sdCoreService"=3 "sdAuxService"=3 "Alerter"=3 "srservice"=2 "SharedAccess"=2 "wuauserv"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HPAiODevice(hp officejet g series) - 1.lnk - C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\jogonelu.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2008-02-27 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\system32\jogonelu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoInstrumentation"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\David\Bureau\utorrent.exe"="C:\Documents and Settings\David\Bureau\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\utilitaires\Incredimail\bin\IncMail.exe"="C:\utilitaires\Incredimail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\utilitaires\Incredimail\bin\IMApp.exe"="C:\utilitaires\Incredimail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\utilitaires\Incredimail\bin\ImpCnt.exe"="C:\utilitaires\Incredimail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\utilitaires\Incredimail\bin\ImLc.exe"="C:\utilitaires\Incredimail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:~" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d86d2a-d269-11dd-9884-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ======List of files/folders created in the last 1 months====== 2008-12-27 15:22:46 ----D---- C:\ComboFix 2008-12-27 14:21:04 ----D---- C:\rsit 2008-12-27 13:37:18 ----A---- C:\resultat.txt 2008-12-27 13:31:54 ----D---- C:\32788R22FWJFW 2008-12-27 10:19:34 ----A---- C:\ComboFix.exe 2008-12-26 22:26:39 ----A---- C:\VundoFix.txt 2008-12-26 20:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-12-26 20:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-12-26 19:56:47 ----D---- C:\WINDOWS\CSC 2008-12-26 17:03:05 ----D---- C:\!KillBox 2008-12-26 17:01:07 ----D---- C:\327882R2FWJFW 2008-12-12 17:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-12 17:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-12 17:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-12 17:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-01 17:37:25 ----A---- C:\LogProsType.txt 2008-12-01 17:37:25 ----A---- C:\LogEnbWinV.txt ======List of files/folders modified in the last 1 months====== 2008-12-27 15:23:48 ----D---- C:\Program Files\Mozilla Firefox 2008-12-27 15:23:08 ----D---- C:\WINDOWS 2008-12-27 15:23:07 ----D---- C:\WINDOWS\Prefetch 2008-12-27 15:23:02 ----SHD---- C:\System Volume Information 2008-12-27 15:23:01 ----D---- C:\WINDOWS\system32 2008-12-27 15:22:48 ----D---- C:\WINDOWS\erdnt 2008-12-27 15:21:44 ----D---- C:\WINDOWS\Temp 2008-12-27 13:43:45 ----D---- C:\WINDOWS\system32\drivers 2008-12-27 13:31:01 ----RASH---- C:\boot.ini 2008-12-27 13:31:00 ----A---- C:\WINDOWS\win.ini 2008-12-27 13:31:00 ----A---- C:\WINDOWS\system.ini 2008-12-27 13:29:41 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-27 13:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-12-27 13:28:44 ----D---- C:\Documents and Settings\David\Application Data\uTorrent 2008-12-27 13:26:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-27 13:23:06 ----D---- C:\WINDOWS\system32\config 2008-12-27 13:04:55 ----D---- C:\Program Files 2008-12-27 13:03:07 ----D---- C:\Documents and Settings\David\Application Data\MailWasherPro 2008-12-27 09:39:26 ----D---- C:\Temp 2008-12-26 21:22:12 ----D---- C:\Documents and Settings\David\Application Data\teamspeak2 2008-12-26 20:01:57 ----SHD---- C:\RECYCLER 2008-12-26 16:59:05 ----SD---- C:\WINDOWS\Tasks 2008-12-26 16:56:56 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-25 10:55:43 ----HD---- C:\WINDOWS\inf 2008-12-22 17:09:28 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-20 16:35:45 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-20 16:35:42 ----D---- C:\WINDOWS\ie7updates 2008-12-20 16:35:32 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 11:42:14 ----D---- C:\utilitaires 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-12 19:12:11 ----D---- C:\WINDOWS\Debug 2008-12-12 17:36:13 ----D---- C:\Program Files\Internet Explorer 2008-12-11 19:08:12 ----A---- C:\WINDOWS\AviSplitter.INI 2008-12-03 00:42:21 ----D---- C:\WINDOWS\system32\Restore 2008-12-01 17:41:19 ----SHD---- C:\WINDOWS\Installer 2008-12-01 17:41:10 ----DC---- C:\WINDOWS\system32\DRVSTORE ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\utilitaires\UltraISO\drivers\ISODrive.sys [] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652] R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824] R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2007-06-25 15781] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-21 3299840] R3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856] R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-11-22 94208] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-28 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-22 47360] R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-04 15920] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-05 10368] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064] S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 catchme;catchme; \??\C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys [] S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-03 11776] S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-08-21 573440] R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184] R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe [2006-11-03 69632] R2 InCDsrv;InCD Helper; C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-06-28 1049856] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2008-08-23 66872] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920] S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 NBService;NBService; C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432] S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- Combofix Tjs pas, je confirme Kaspersky OFF au démarrage, je réessaye en mode sasn echec.
  8. Dstyx
    Etape 4 Rsit Processing "Files to delete:" file zipped: C:\WINDOWS\system32\jogonelu.dll -> catchme.zip -> jogonelu.dll ( 60928 bytes ) file "C:\WINDOWS\system32\jogonelu.dll" deleted successfully read file error: C:\WINDOWS\system32\remowoka.dll, Le fichier spécifié est introuvable. file zipped: C:\WINDOWS\system32\uyovuhul.ini -> catchme.zip -> uyovuhul.ini ( 120 bytes ) file "C:\WINDOWS\system32\uyovuhul.ini" deleted successfully file zipped: C:\WINDOWS\system32\omutovis.ini -> catchme.zip -> omutovis.ini ( 120 bytes ) file "C:\WINDOWS\system32\omutovis.ini" deleted successfully file zipped: C:\WINDOWS\system32\efajutiy.ini -> catchme.zip -> efajutiy.ini ( 120 bytes ) file "C:\WINDOWS\system32\efajutiy.ini" deleted successfully file zipped: C:\WINDOWS\system32\oruyines.ini -> catchme.zip -> oruyines.ini ( 120 bytes ) file "C:\WINDOWS\system32\oruyines.ini" deleted successfully file zipped: C:\WINDOWS\system32\ebefupep.ini -> catchme.zip -> ebefupep.ini ( 120 bytes ) file "C:\WINDOWS\system32\ebefupep.ini" deleted successfully file zipped: C:\WINDOWS\system32\CF17652.exe -> catchme.zip -> CF17652.exe ( 401408 bytes ) file "C:\WINDOWS\system32\CF17652.exe" deleted successfully file zipped: C:\WINDOWS\system32\igerimiw.ini -> catchme.zip -> igerimiw.ini ( 120 bytes ) file "C:\WINDOWS\system32\igerimiw.ini" deleted successfully file zipped: C:\WINDOWS\system32\pepufebe.dll -> catchme.zip -> pepufebe.dll ( 85108 bytes ) file "C:\WINDOWS\system32\pepufebe.dll" deleted successfully file zipped: C:\WINDOWS\system32\luhuvoyu.dll -> catchme.zip -> luhuvoyu.dll ( 87170 bytes ) file "C:\WINDOWS\system32\luhuvoyu.dll" deleted successfully file zipped: C:\WINDOWS\system32\bogerijo.dll -> catchme.zip -> bogerijo.dll ( 99024 bytes ) file "C:\WINDOWS\system32\bogerijo.dll" deleted successfully file zipped: C:\WINDOWS\system32\zurufalo.dll -> catchme.zip -> zurufalo.dll ( 97859 bytes ) file "C:\WINDOWS\system32\zurufalo.dll" deleted successfully file zipped: C:\WINDOWS\system32\seniyuro.dll -> catchme.zip -> seniyuro.dll ( 85280 bytes ) file "C:\WINDOWS\system32\seniyuro.dll" deleted successfully file zipped: C:\WINDOWS\system32\zayiveva.dll -> catchme.zip -> zayiveva.dll ( 96443 bytes ) file "C:\WINDOWS\system32\zayiveva.dll" deleted successfully file zipped: C:\WINDOWS\system32\cmd.execf -> catchme.zip -> cmd.execf ( 401408 bytes ) file "C:\WINDOWS\system32\cmd.execf" deleted successfully file zipped: C:\InfoSat.txt -> catchme.zip -> InfoSat.txt ( 600 bytes ) file "C:\InfoSat.txt" deleted successfully file zipped: C:\Bug.txt -> catchme.zip -> Bug.txt ( 2164 bytes ) file "C:\Bug.txt" deleted successfully Par contre pas de fichier info cette fois ci je tente maintenant Combofix...
  9. Dstyx
    Etape 3 Execution du script Processing "Files to delete:" file zipped: C:\WINDOWS\system32\jogonelu.dll -> catchme.zip -> jogonelu.dll ( 60928 bytes ) file "C:\WINDOWS\system32\jogonelu.dll" deleted successfully read file error: C:\WINDOWS\system32\remowoka.dll, Le fichier spécifié est introuvable. file zipped: C:\WINDOWS\system32\uyovuhul.ini -> catchme.zip -> uyovuhul.ini ( 120 bytes ) file "C:\WINDOWS\system32\uyovuhul.ini" deleted successfully file zipped: C:\WINDOWS\system32\omutovis.ini -> catchme.zip -> omutovis.ini ( 120 bytes ) file "C:\WINDOWS\system32\omutovis.ini" deleted successfully file zipped: C:\WINDOWS\system32\efajutiy.ini -> catchme.zip -> efajutiy.ini ( 120 bytes ) file "C:\WINDOWS\system32\efajutiy.ini" deleted successfully file zipped: C:\WINDOWS\system32\oruyines.ini -> catchme.zip -> oruyines.ini ( 120 bytes ) file "C:\WINDOWS\system32\oruyines.ini" deleted successfully file zipped: C:\WINDOWS\system32\ebefupep.ini -> catchme.zip -> ebefupep.ini ( 120 bytes ) file "C:\WINDOWS\system32\ebefupep.ini" deleted successfully file zipped: C:\WINDOWS\system32\CF17652.exe -> catchme.zip -> CF17652.exe ( 401408 bytes ) file "C:\WINDOWS\system32\CF17652.exe" deleted successfully file zipped: C:\WINDOWS\system32\igerimiw.ini -> catchme.zip -> igerimiw.ini ( 120 bytes ) file "C:\WINDOWS\system32\igerimiw.ini" deleted successfully file zipped: C:\WINDOWS\system32\pepufebe.dll -> catchme.zip -> pepufebe.dll ( 85108 bytes ) file "C:\WINDOWS\system32\pepufebe.dll" deleted successfully file zipped: C:\WINDOWS\system32\luhuvoyu.dll -> catchme.zip -> luhuvoyu.dll ( 87170 bytes ) file "C:\WINDOWS\system32\luhuvoyu.dll" deleted successfully file zipped: C:\WINDOWS\system32\bogerijo.dll -> catchme.zip -> bogerijo.dll ( 99024 bytes ) file "C:\WINDOWS\system32\bogerijo.dll" deleted successfully file zipped: C:\WINDOWS\system32\zurufalo.dll -> catchme.zip -> zurufalo.dll ( 97859 bytes ) file "C:\WINDOWS\system32\zurufalo.dll" deleted successfully file zipped: C:\WINDOWS\system32\seniyuro.dll -> catchme.zip -> seniyuro.dll ( 85280 bytes ) file "C:\WINDOWS\system32\seniyuro.dll" deleted successfully file zipped: C:\WINDOWS\system32\zayiveva.dll -> catchme.zip -> zayiveva.dll ( 96443 bytes ) file "C:\WINDOWS\system32\zayiveva.dll" deleted successfully file zipped: C:\WINDOWS\system32\cmd.execf -> catchme.zip -> cmd.execf ( 401408 bytes ) file "C:\WINDOWS\system32\cmd.execf" deleted successfully file zipped: C:\InfoSat.txt -> catchme.zip -> InfoSat.txt ( 600 bytes ) file "C:\InfoSat.txt" deleted successfully file zipped: C:\Bug.txt -> catchme.zip -> Bug.txt ( 2164 bytes ) file "C:\Bug.txt" deleted successfully
  10. Dstyx
    Etape 1 ========== PROCESSES ========== Process explorer.exe killed successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wowihubota deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wowihubota\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully! ========== COMMANDS ========== Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12272008_151313 Etape 2 Les données ont étés tranférées.
  11. Dstyx
    Bon j'me lance
  12. Dstyx
    "wowihubota"=C:\WINDOWS\system32\yenojupa.dll [] Tjs présent , G beau le supprimer ds le registre il revien à chaque fois , par contre il n'est plus présent Ds Systeme32
  13. Dstyx
    He oi, G refait un essai et il se bloque encore Rsti 1 info.txt logfile of random's system information tool 1.05 2008-12-27 14:21:23 ======Uninstall list====== -->C:\utilitaires\ahead\Nero7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\NuNInst.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7} -->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611} -->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42-->"C:\utilitaires\7-Zip\Uninstall.exe" ACDSee 8 Media Support Package-->MsiExec.exe /X{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28} ACDSee 8-->MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AviSynth 2.5-->"C:\utilitaires\AviSynth 2.5\Uninstall.exe" BlindWrite 6-->"C:\utilitaires\BlindWrite6\unins000.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799} CCleaner (remove only)-->"C:\utilitaires\CCleaner\uninst.exe" Chessmaster Grandmaster Edition-->C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x040c Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275} Cool Beans NFO Creator 2.0.1.3-->"C:\utilitaires\Cool Beans NFO Creator\unins000.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DiViDiX Génération Codecs Full V1.7 Final-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\les codecs.inf DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe" Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall EVEREST Ultimate Edition v4.20-->"C:\utilitaires\EVEREST Home Edition\Everest Ultimate Edition 4 20 1170 2007 MULTi.iNCL Key\EVEREST Ultimate Edition\unins000.exe" Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Half-Life 2: Lost Coast-->"C:\Jeux\Half Life2\steam.exe" steam://uninstall/340 HijackThis 2.0.2-->"C:\utilitaires\Securité\HijackThis.exe" /uninstall HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x40c -removeonly hp officejet g series-->C:\WINDOWS\System32\hpocon09.exe /u 1207345536 /d "hp officejet g series" IncrediMail Xe-->C:\utilitaires\Incredimail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79} IsoBuster 2.2-->"C:\utilitaires\IsoBuster\Iso2.2\Uninst\unins000.exe" Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Jewels of Cleopatra-->"C:\Program Files\Jewels of Cleopatra\ReflexiveArcade\unins000.exe" Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Online Scanner-->C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe Lame ACM MP3 Codec-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf LandWare Shanghai Bonus Pack-->"C:\WINDOWS\psuninst2.exe" "C:\Program Files\LandWare\Shanghai for Pocket PC Bonus Pack\uninst.dat" LandWare Shanghai-->"C:\WINDOWS\psuninst2.exe" "C:\Program Files\LandWare\Shanghai for Pocket PC\uninst.dat" Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall m4ng-->C:\utilitaires\rmi\m4ng_Uninstal.exe MangaJongg-->C:\Program Files\MangaJongg\Uninstal.exe Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Games Pocket Pak for Pocket PC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{471A9640-39F8-11D5-A07F-005004F915E3}\Setup.exe" anything Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-040C-0000-0000000FF1CE} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Mio Technology SpeedCam Tool-->C:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5} MioTransfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F00501-E02F-458F-8AED-85949AB9656F}\Setup.exe" -l0x9 mIRC-->C:\utilitaires\mIRC\uninstall.exe _?=C:\utilitaires\mIRC Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" MKVtoolnix 2.1.0-->C:\utilitaires\MKVtoolnix\uninst.exe Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645} Music NFO Builder v1.20-->"C:\utilitaires\Music NFO Builder\unins000.exe" Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NFO Creator-->C:\WINDOWS\System32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50} O&O UnErase-->MsiExec.exe /X{534804B0-3563-434B-962A-BAF132B85F1F} Paragon Hard Disk Manager™ 2009 Professional Edition-->MsiExec.exe /I{F898E900-B515-47F8-9451-C2B29F036A53} PunkBuster Services-->C:\WINDOWS\System32\pbsvc.exe -u Quake 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036 Quake Live Mozilla Plugin-->MsiExec.exe /I{F38CB926-7966-432B-8DBF-3E2B81443403} QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036 Registry Mechanic 6.0-->"C:\utilitaires\Registry MechanicNew\unins000.exe" SC Ver 2.58-->"C:\Program Files\SC\unins000.exe" ScanSoft OmniPage 15.0-->MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E} ScanSoft PDF Converter 3.0-->MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984} ScanSoft PDF Create 3.0-->MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316} Services Off-line de Home'Bank 4.03-->"C:\Program Files\ING\Off-line\unins000.exe" Smart PC Professional v5.0-->"C:\utilitaires\smart pc\Smart PC Professional\unins000.exe" SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak Client-->"C:\Program Files\TeamSpeak3\unins000.exe" TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly Total Video Converter 3.11 070908-->"C:\utilitaires\Total video converter 3.11 by dutate\Total Video Converter\unins000.exe" TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} UltraISO Premium V9.0-->"C:\utilitaires\UltraISO\unins000.exe" Undelete Plus 2.97-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe" VideoLAN VLC media player 0.8.6d-->C:\utilitaires\VLC\uninstall.exe Vodei Multimedia Processor 2.10-->C:\Program Files\Vodei\uninst.exe Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\utilitaires\Winrar3-71\uninstall.exe XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe =====HijackThis Backups===== O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\muwgjjyi.dll",sitypnow R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\gztqefzl.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\System32\aeodudqp.dll",b O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll O23 - Service: DomainService - - C:\WINDOWS\System32\ftbmccqi.exe O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183726261968 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\System32\lqacqfkb.dll",b O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\ozawpuzg.dll O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing) O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O20 - Winlogon Notify: gztqefzl - gztqefzl.dll (file missing) O20 - Winlogon Notify: kyruvoyz - kyruvoyz.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O20 - Winlogon Notify: tuvwttt - tuvwttt.dll (file missing) O2 - BHO: {d0516f21-4f88-877a-df64-b6b74720ac24} - {42ca0274-7b6b-46fd-a778-88f412f6150d} - C:\WINDOWS\System32\fanfjrti.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziwafume.dll (file missing) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziwafume.dll (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\yenojupa.dll C:\WINDOWS\system32\remowoka.dll c:\windows\system32\ziwafume.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bogerijo.dll O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL') O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\bogerijo.dll",a O2 - BHO: (no name) - {7abad019-b7a8-4b43-843c-0ef547e47302} - C:\WINDOWS\system32\vatoteju.dll O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll O20 - AppInit_DLLs: c:\windows\system32\bogerijo.dll,C:\WINDOWS\system32\remowoka.dll,C:\WINDOWS\system32\jogonelu.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bogerijo.dll O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\system32\pepufebe.dll",b O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll,C:\WINDOWS\system32\remowoka.dll c:\windows\system32\wosesara.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll O2 - BHO: (no name) - {c593f844-6515-4f17-bae1-54733350a5f6} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL') O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll c:\windows\system32\wosesara.dll,C:\WINDOWS\system32\remowoka.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll (file missing) O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing) O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL') O20 - AppInit_DLLs: c:\windows\system32\wosesara.dll,C:\WINDOWS\system32\remowoka.dll,C:\WINDOWS\system32\jogonelu.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll (file missing) ======Hosts File====== 127.0.0.1 localhost 66.98.148.65 auto.search.msn.com 66.98.148.65 auto.search.msn.es 127.0.0.1 mpa.one.microsoft.com ======Security center information====== AV: Kaspersky Anti-Virus FW: Kaspersky Anti-Virus System event log Computer Name: XXX-3HW2APLOSCW Event Code: 26 Message: Application popup : : \SystemRoot\System32\ativvaxx.dll failed to load Record Number: 371 Source Name: Application Popup Time Written: 20081115220906.000000+060 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 4226 Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Record Number: 370 Source Name: Tcpip Time Written: 20081115213717.000000+060 Event Type: Avertissement User: Computer Name: XXX-3HW2APLOSCW Event Code: 36 Message: Le service de temps n'a pas pu synchroniser l'heure système de 49152 secondes car aucun fournisseur de temps n'a pu fournir de datage utilisable. L'horloge système n'est pas synchronisée. Record Number: 369 Source Name: W32Time Time Written: 20081115201702.000000+060 Event Type: Avertissement User: Computer Name: XXX-3HW2APLOSCW Event Code: 26 Message: Application popup : : \SystemRoot\System32\ativvaxx.dll failed to load Record Number: 368 Source Name: Application Popup Time Written: 20081115201429.000000+060 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 26 Message: Application popup : : \SystemRoot\System32\ativvaxx.dll failed to load Record Number: 367 Source Name: Application Popup Time Written: 20081115201401.000000+060 Event Type: Informations User: Application event log Computer Name: XXX-3HW2APLOSCW Event Code: 0 Message: Record Number: 3243 Source Name: NMIndexingService Time Written: 20080707085108.000000+120 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 2 Message: Record Number: 3242 Source Name: Diskeeper Time Written: 20080707085040.000000+120 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 105 Message: The service was started. Record Number: 3241 Source Name: DTSRVC Time Written: 20080707085039.000000+120 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 105 Message: The service was started. Record Number: 3240 Source Name: ATI Smart Time Written: 20080707085029.000000+120 Event Type: Informations User: Computer Name: XXX-3HW2APLOSCW Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur XXX-3HW2APLOSCW\David alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 3239 Source Name: Userenv Time Written: 20080707055015.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE;C:\UTILITAIRES\ISOBUSTER\ISO2.2;C:\UTILIT~1\DISKEE~1;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0304 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- 2 Logfile of random's system information tool 1.05 (written by random/random) Run by David at 2008-12-27 14:21:04 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 23 GB (23%) free of 100 GB Total RAM: 1023 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21:17, on 27/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\WINDOWS\Explorer.EXE C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\System32\PnkBstrA.exe C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe C:\WINDOWS\System32\svchost.exe C:\UTILIT~1\HPg55\AiO\Shared\Bin\hpoevm07.exe C:\utilitaires\HPg55\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\attrib.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\attrib.exe C:\Documents and Settings\David\Bureau\RSIT.exe C:\utilitaires\Securité\David.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telemoustique.be/tm/programme_t...p;dag=vandaag18 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing) O4 - HKLM\..\Run: [securDisc] C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\David\Bureau\utorrent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\UTILIT~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223643221265 O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: NBService - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9351 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}] C:\WINDOWS\system32\vatoteju.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SecurDisc"=C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe [2007-03-12 1626160] "PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136] "Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648] "Opware15"=C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-05 69632] "PDF3 Registry Controller"=C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496] "OODefragTray"=C:\WINDOWS\System32\oodtray.exe [2007-06-28 2512128] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-26 282624] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 172544] "wowihubota"=C:\WINDOWS\system32\yenojupa.dll [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136] "uTorrent"=C:\Documents and Settings\David\Bureau\utorrent.exe [2008-08-21 267056] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2006-11-03 264704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wowihubota] C:\WINDOWS\system32\yenojupa.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 "sdCoreService"=3 "sdAuxService"=3 "Alerter"=3 "srservice"=2 "SharedAccess"=2 "wuauserv"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HPAiODevice(hp officejet g series) - 1.lnk - C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\jogonelu.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2008-02-27 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=C:\WINDOWS\system32\remowoka.dll C:\WINDOWS\system32\jogonelu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoInstrumentation"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\David\Bureau\utorrent.exe"="C:\Documents and Settings\David\Bureau\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\utilitaires\Incredimail\bin\IncMail.exe"="C:\utilitaires\Incredimail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\utilitaires\Incredimail\bin\IMApp.exe"="C:\utilitaires\Incredimail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\utilitaires\Incredimail\bin\ImpCnt.exe"="C:\utilitaires\Incredimail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\utilitaires\Incredimail\bin\ImLc.exe"="C:\utilitaires\Incredimail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:~" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d86d2a-d269-11dd-9884-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ======List of files/folders created in the last 1 months====== 2008-12-27 14:21:04 ----D---- C:\rsit 2008-12-27 13:37:18 ----A---- C:\resultat.txt 2008-12-27 13:31:54 ----D---- C:\32788R22FWJFW 2008-12-27 12:49:38 ----A---- C:\WINDOWS\system32\CF17652.exe 2008-12-27 12:28:34 ----D---- C:\_OTMoveIt 2008-12-27 10:37:40 ----SH---- C:\WINDOWS\system32\ebefupep.ini 2008-12-27 10:19:49 ----A---- C:\WINDOWS\system32\cmd.execf 2008-12-27 10:19:34 ----A---- C:\ComboFix.exe 2008-12-26 22:26:39 ----D---- C:\VundoFix Backups 2008-12-26 22:26:39 ----A---- C:\VundoFix.txt 2008-12-26 22:10:00 ----SH---- C:\WINDOWS\system32\uyovuhul.ini 2008-12-26 21:57:58 ----SH---- C:\WINDOWS\system32\omutovis.ini 2008-12-26 21:57:58 ----SH---- C:\WINDOWS\system32\efajutiy.ini 2008-12-26 20:36:02 ----SH---- C:\WINDOWS\system32\oruyines.ini 2008-12-26 20:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-12-26 20:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-12-26 19:56:47 ----D---- C:\WINDOWS\CSC 2008-12-26 17:03:05 ----D---- C:\!KillBox 2008-12-26 17:01:16 ----A---- C:\Bug.txt 2008-12-26 17:01:07 ----D---- C:\327882R2FWJFW 2008-12-26 14:07:52 ----SH---- C:\WINDOWS\system32\igerimiw.ini 2008-12-12 17:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-12 17:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-12 17:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-12 17:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-01 17:37:25 ----A---- C:\LogProsType.txt 2008-12-01 17:37:25 ----A---- C:\LogEnbWinV.txt 2008-11-29 14:42:01 ----A---- C:\InfoSat.txt ======List of files/folders modified in the last 1 months====== 2008-12-27 14:09:25 ----D---- C:\WINDOWS\Temp 2008-12-27 13:43:45 ----D---- C:\WINDOWS\system32\drivers 2008-12-27 13:43:45 ----D---- C:\WINDOWS\Prefetch 2008-12-27 13:31:17 ----D---- C:\Program Files\Mozilla Firefox 2008-12-27 13:31:01 ----RASH---- C:\boot.ini 2008-12-27 13:31:00 ----A---- C:\WINDOWS\win.ini 2008-12-27 13:31:00 ----A---- C:\WINDOWS\system.ini 2008-12-27 13:29:41 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-27 13:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-12-27 13:29:30 ----D---- C:\WINDOWS 2008-12-27 13:28:44 ----D---- C:\Documents and Settings\David\Application Data\uTorrent 2008-12-27 13:26:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-27 13:23:06 ----D---- C:\WINDOWS\system32\config 2008-12-27 13:04:55 ----D---- C:\Program Files 2008-12-27 13:03:07 ----D---- C:\Documents and Settings\David\Application Data\MailWasherPro 2008-12-27 12:49:38 ----D---- C:\WINDOWS\system32 2008-12-27 12:49:38 ----D---- C:\ComboFix 2008-12-27 10:37:35 ----ASH---- C:\WINDOWS\system32\pepufebe.dll 2008-12-27 09:39:26 ----D---- C:\Temp 2008-12-26 22:09:59 ----ASH---- C:\WINDOWS\system32\luhuvoyu.dll 2008-12-26 22:09:59 ----ASH---- C:\WINDOWS\system32\bogerijo.dll 2008-12-26 21:57:54 ----ASH---- C:\WINDOWS\system32\zurufalo.dll 2008-12-26 21:22:12 ----D---- C:\Documents and Settings\David\Application Data\teamspeak2 2008-12-26 20:35:59 ----ASH---- C:\WINDOWS\system32\seniyuro.dll 2008-12-26 20:35:57 ----ASH---- C:\WINDOWS\system32\zayiveva.dll 2008-12-26 20:01:57 ----SHD---- C:\RECYCLER 2008-12-26 16:59:05 ----SD---- C:\WINDOWS\Tasks 2008-12-26 16:56:56 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-25 10:55:43 ----HD---- C:\WINDOWS\inf 2008-12-22 17:09:28 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-20 16:35:45 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-20 16:35:42 ----D---- C:\WINDOWS\ie7updates 2008-12-20 16:35:32 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 11:42:14 ----D---- C:\utilitaires 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-12 19:12:11 ----D---- C:\WINDOWS\Debug 2008-12-12 17:36:13 ----D---- C:\Program Files\Internet Explorer 2008-12-11 19:08:12 ----A---- C:\WINDOWS\AviSplitter.INI 2008-12-03 00:42:21 ----D---- C:\WINDOWS\system32\Restore 2008-12-01 17:41:19 ----SHD---- C:\WINDOWS\Installer 2008-12-01 17:41:10 ----DC---- C:\WINDOWS\system32\DRVSTORE ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\utilitaires\UltraISO\drivers\ISODrive.sys [] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652] R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824] R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2007-06-25 15781] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-21 3299840] R3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856] R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-11-22 94208] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-28 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-22 47360] R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-04 15920] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-05 10368] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064] S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-03 11776] S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys [] S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys [] S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-08-21 573440] R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184] R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe [2006-11-03 69632] R2 InCDsrv;InCD Helper; C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-06-28 1049856] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2008-08-23 66872] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920] S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 NBService;NBService; C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432] S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF-----------------
  14. Dstyx
    1) combofix /u 2 reinstall combofix 3) rien 4) mode sans echec, pareil 5 diagHelp, 1 er rapport catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 13:43:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="BFF57483B92166986935EE97660885F38A24F15887260B851445E2D5B20410F0E331740BBC3 3A1C1265BCC614F9C5A3690F189B2C7DC4306ECB58769E7358BCDEBFD00A854890C7ED2B7FEBC9E1 2 7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12 7 BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667A2D97226D213B555D16F781A1 C 4D936F519024451C2BA64C2D98693D32E892CBE63924284E0ABE52055B99B64E1D87B636477CA580 A DE2D4B6633EC7FC445C9996F8AA2BC07DD7B2B914DE3FA8A5303E3EEB049BB7741B94A7DCE447274 7 E41E55F1481D4A76F7B95605A836C6BAB3B380602F6A191C984BDF0186DF64F43AC8725BFA249B05 9 1A736BCE9E1F5948C49812D069B2EA5F8BA347061791D37420FAF8ED4299A1AEF4329EDAA4CB64C8 7 B5BFFDA37735F332AB6DF046406BDC32E843097BD8DF8BAD5671F00544BEE2C7B42A23BA8F215088 6 B4A6C99A39F161754566DA92435163B2DC63EA85AF73CC184A5100D3599681946F9ECD65ABCF7CF5 1 07022E419D56DF1A5276D965009D3FE6085C740077C9CF13A225095A7BFC126467AE6B29CC4F32F3 3 5DCED0128355F249FC4DC4BC9EB70A7DC6A52DF4602E3157E82D6192C67A0128256D109758F1305A C 2A4537D324935FB5B3686BBD4822F145AFFB91D5696A543FEF83A123231F59E18DC4258BB1A21BAD A 013C134F4FB0BA98CF6D61D82A59B68D7972F9C459F74679801BD1BB35BBEBB70326AB11375740F9 1 7BF385C5394C6BDFB45D84B0002BD897B76A61AED130C60734B1F00E65474A5E50B5C7A964D1AD80 1 699AF0783D94879B85C710AECDC2CEFA02763B7792125B2CE2C4F09B51804540B95A84A3EDDB7D26 8 069114E6333ED58F20AAC6AFA0DE76E42D3D219314B99977492CE21D999FDB3E9D3BFB4EA7BF0BAE 3 31FD2DC6BA83396D26716B5370F33D16C2D9A5AF5EB6EC89E9E5687B1EC83BE3ECC5BA82AA815787 8 54EB2A7D35A8257ECF220BDB7D0DA5C89C9BC6CC6FD816E072BE8D8A79703540418FD0E4D5A491C1 6 D8C9239A85A8A9FCC2998F7EA471DFE83C5DD3B28B90C0F9E4E5D6E09F54ABC9352AB82339E3E69F 9 3DDAB772AF51BF28183B72B68B4E0E12595A9EDF8F16B805CC63ADDB459FB1A1FDC1141098C290BA 4 31E679B23E1ABF3492481DC09D04336BB9C35505E9C47F7F35318C1A899224DB8D25841E2C196CE9 7 6BA2F59BE9AFD0C40C17371E3BBDE0896953F6AD8C6820CD780685507DC56522351518276314B26C 3 CD725DB926CF811B35995996B192DBB8233BA95B3F12B2CD86D21AF554A6D208AFBA815CFED8EBE3 5 42757F94B39E20B82925819E19495B8445E3D9EA70C5AD29904267B22123AA432AE499FD76557C39 B 5020407F91A3A393C28F264E8B64A" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 C'est plus tôt bon mais cela fait 10 bonnes minutes qu'il est arrêté sur la même ligne ," liste des programmes installés", je crois qu'il est bloqué, G rien vu de spécial Ds les lignes que G vu passé. Ps:C'est Bcp mieux mais il reste lent et chaque fois que j'éteind Fenêtre cmd.exe à fermer Un conseil.
  15. Dstyx
    Bon comme c'est tjs ds la liste G refait un fix et un scan que je reposte Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:52, on 27/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\System32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\Explorer.EXE C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe C:\UTILIT~1\HPg55\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\utilitaires\HPg55\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\findstr.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\find.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\find.exe C:\WINDOWS\system32\cmd.execf C:\WINDOWS\system32\find.exe C:\WINDOWS\regedit.exe C:\utilitaires\Securité\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telemoustique.be/tm/programme_t...p;dag=vandaag18 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [securDisc] C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\David\Bureau\utorrent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\UTILIT~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223643221265 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: NBService - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9227 bytes
×
×
  • Créer...