jojo69

Voila mais j'ai toujours des soucis, maintenant, au démarrage il me que le fichier khvcol.exe doit être fermé car il a causé un problème et de plus symantec me trouve un virus encore : Virus Backdoor.Trojan in C:\lsass.exe ############################## | UsbFix V6.103 | User : u132mj () # X920SVEF14 Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 14:12:21 | 14.04.2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 CPU T5500 @ 1.66GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 7.0.5730.11 Windows Firewall Status : Enabled AV : Symantec Endpoint Protection 11.0.4202.48 [ Enabled | Updated ] FW : Symantec Endpoint Protection[ Enabled ]10.0 C:\ -> Disque fixe local # 28.99 Go (12.05 Go free) # FAT32 D:\ -> Disque fixe local # 45.51 Go (36.42 Go free) # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque amovible # 1.88 Go (1.59 Go free) # FAT32 ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.103 ! |

désolé je l'avais effacé, je l'ai refait une fois après coup et j'ai ceci ############################## | UsbFix V6.103 | User : u132mj () # X920SVEF14 Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 07:56:16 | 14.04.2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 CPU T5500 @ 1.66GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 7.0.5730.11 Windows Firewall Status : Enabled AV : Symantec Endpoint Protection 11.0.4202.48 [ Enabled | Updated ] FW : Symantec Endpoint Protection[ Enabled ]10.0 C:\ -> Disque fixe local # 28.99 Go (11.95 Go free) # FAT32 D:\ -> Disque fixe local # 45.51 Go (36.42 Go free) # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque amovible # 1.88 Go (1.59 Go free) # FAT32 ################## | Elements infectieux | C:\log.txt C:\lsass.exe ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.103 ! |

Voici le rapport merci Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3983 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 13.04.2010 15:20:41 mbam-log-2010-04-13 (15-20-41).txt Type d'examen: Examen complet (C:\|D:\|F:\|) Elément(s) analysé(s): 170599 Temps écoulé: 1 heure(s), 12 minute(s), 16 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 12 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 67 Processus mémoire infecté(s): C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Delete on reboot. c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\99733940 (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ2F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ30.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ31.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ32.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ33.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ34.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ36.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ37.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ39.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ3F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ40.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ41.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ42.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ44.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ45.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ46.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ48.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ49.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ50.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ51.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ53.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ54.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ55.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ56.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ57.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ58.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ59.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ5F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ61.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ62.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ63.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ64.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ77.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ78.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\Documents and Settings\u132mj\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\u132mj\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\u132mj\Local Settings\Temp\exacormnws.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\u132mj\Local Settings\Temp\xeoarwnmcs.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Program Files\Radmin\AdmDll.dll (PUP.RemoteAdmin) -> Not selected for removal. C:\Program Files\Radmin\raddrv.dll (PUP.RemoteAdmin) -> Not selected for removal. C:\RECYCLER\S-1-5-21-5623195734-0845455361-942306183-3532\mgrls32.exe (Worm.Autorun.B) -> Delete on reboot. C:\WINDOWS\system32\8171.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Delete on reboot. C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\raddrv.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully. C:\lsass.exe (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.

Bonjour, sute à un infection d'un trojan j'ai le sablier qui reste toujours près du curseur et un pc qui ralentit voici le log hijack merci d'avance pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:41, on 13.04.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Smc.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\DIAS\CnxDIAS.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PereSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\System32\r_server.exe C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\SmcGui.exe C:\DOCUME~1\u132mj\LOCALS~1\Temp\khvcol.exe C:\Program Files\Swisscom\Unlimited Data Manager\GuiDashboard.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Canon\MP Navigator EX 2.0\mpnex20.exe c:\lsass.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://pulse.publicitas.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://easyvista.pixedia.com/autoconnect_m...amp;field6=9947 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [20546] C:\DOCUME~1\u132mj\LOCALS~1\Temp\khvcol.exe O4 - HKUS\S-1-5-18\..\Run: [CEMW_R.exe] "C:\Program Files\CEMW\Ceml_rs.exe" -Company="Consultas S.A." -LaunchExe="Cemw_rs.exe" -LaunchArgs="-sti=Cemw.sti -v -pi=.." -Path="C:\Program Files\CEMW" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CEMLoginScript] C:\Program Files\CEMTools\Login\CEMLoginScript.vbs (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [userConfig] C:\Program Files\CEMTools\CEMCreateUserConfig\CEMUserConfig.vbs (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CEMW_R.exe] "C:\Program Files\CEMW\Ceml_rs.exe" -Company="Consultas S.A." -LaunchExe="Cemw_rs.exe" -LaunchArgs="-sti=Cemw.sti -v -pi=.." -Path="C:\Program Files\CEMW" (User 'Default user') O4 - S-1-5-18 Startup: wwwmen32.exe (User 'SYSTEM') O4 - .DEFAULT Startup: wwwmen32.exe (User 'Default user') O4 - Startup: wwwmen32.exe O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.consultas.ch O15 - Trusted Zone: http://*.mediaconnect.ch O15 - Trusted Zone: http://*.nfannonces.ch O15 - Trusted Zone: http://*.nfauto.ch O15 - Trusted Zone: http://*.nfimmo.ch O15 - Trusted Zone: http://*.nicejob.de O15 - Trusted Zone: http://*.nzzdomizil.ch O15 - Trusted Zone: http://*.nzzexecutive.ch O15 - Trusted Zone: http://*.ostcar.ch O15 - Trusted Zone: http://*.osthome.ch O15 - Trusted Zone: http://*.ostjob.ch O15 - Trusted Zone: http://*.pilote.ch O15 - Trusted Zone: http://*.publicitas.ch O15 - Trusted Zone: http://*.publicitas.com O15 - Trusted Zone: http://*.publicjobs.ch O15 - Trusted Zone: http://*.publigroupe.com O15 - Trusted Zone: http://*.publigroupe.net O15 - Trusted Zone: http://*.publinet.ch O15 - Trusted Zone: http://*.publipresse.ch O15 - Trusted Zone: http://*.publiservice.ch O15 - Trusted Zone: http://*.publisherconnect.ch O15 - Trusted Zone: http://*.tuttoclick.ch O15 - Trusted Zone: http://*.westjob.at O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = publigroupe.net O17 - HKLM\Software\..\Telephony: DomainName = publigroupe.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = publigroupe.net O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: peresvc Service (peresvc) - lowest systems - C:\WINDOWS\system32\PereSvc.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sesam Control Service (SesamService) - Swisscom - C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: UDM Service - Swisscom - C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe -- End of file - 11926 bytes