Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu]Vatoteju.dll

Dstyx

Par Dstyx
dans Analyses et éradication malwares

 Partager

Messages recommandés

Dstyx Junior Member

Dstyx

Posté(e)
  • Auteur
Posté(e)

He oi, G refait un essai et il se bloque encore

 

Rsti

 

1

 

info.txt logfile of random's system information tool 1.05 2008-12-27 14:21:23

 

======Uninstall list======

 

-->C:\utilitaires\ahead\Nero7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}

-->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}

-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.42-->"C:\utilitaires\7-Zip\Uninstall.exe"

ACDSee 8 Media Support Package-->MsiExec.exe /X{1EBFA30C-6206-4FD8-8B82-3A29F0D01B28}

ACDSee 8-->MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AviSynth 2.5-->"C:\utilitaires\AviSynth 2.5\Uninstall.exe"

BlindWrite 6-->"C:\utilitaires\BlindWrite6\unins000.exe"

Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}

CCleaner (remove only)-->"C:\utilitaires\CCleaner\uninst.exe"

Chessmaster Grandmaster Edition-->C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x040c

Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}

Cool Beans NFO Creator 2.0.1.3-->"C:\utilitaires\Cool Beans NFO Creator\unins000.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

DiViDiX Génération Codecs Full V1.7 Final-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\les codecs.inf

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"

Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall

EVEREST Ultimate Edition v4.20-->"C:\utilitaires\EVEREST Home Edition\Everest Ultimate Edition 4 20 1170 2007 MULTi.iNCL Key\EVEREST Ultimate Edition\unins000.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Half-Life 2: Lost Coast-->"C:\Jeux\Half Life2\steam.exe" steam://uninstall/340

HijackThis 2.0.2-->"C:\utilitaires\Securité\HijackThis.exe" /uninstall

HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x40c -removeonly

hp officejet g series-->C:\WINDOWS\System32\hpocon09.exe /u 1207345536 /d "hp officejet g series"

IncrediMail Xe-->C:\utilitaires\Incredimail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log

Intel® PRO Network Adapters and Drivers-->Prounstl.exe

Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}

IsoBuster 2.2-->"C:\utilitaires\IsoBuster\Iso2.2\Uninst\unins000.exe"

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Jewels of Cleopatra-->"C:\Program Files\Jewels of Cleopatra\ReflexiveArcade\unins000.exe"

Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

Kaspersky Online Scanner-->C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe

Lame ACM MP3 Codec-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf

LandWare Shanghai Bonus Pack-->"C:\WINDOWS\psuninst2.exe" "C:\Program Files\LandWare\Shanghai for Pocket PC Bonus Pack\uninst.dat"

LandWare Shanghai-->"C:\WINDOWS\psuninst2.exe" "C:\Program Files\LandWare\Shanghai for Pocket PC\uninst.dat"

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

m4ng-->C:\utilitaires\rmi\m4ng_Uninstal.exe

MangaJongg-->C:\Program Files\MangaJongg\Uninstal.exe

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}

Microsoft Games Pocket Pak for Pocket PC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{471A9640-39F8-11D5-A07F-005004F915E3}\Setup.exe" anything

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}

Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-040C-0000-0000000FF1CE}

Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Mio Technology SpeedCam Tool-->C:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove

MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5}

MioTransfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F00501-E02F-458F-8AED-85949AB9656F}\Setup.exe" -l0x9

mIRC-->C:\utilitaires\mIRC\uninstall.exe _?=C:\utilitaires\mIRC

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

MKVtoolnix 2.1.0-->C:\utilitaires\MKVtoolnix\uninst.exe

Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}

Music NFO Builder v1.20-->"C:\utilitaires\Music NFO Builder\unins000.exe"

Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NFO Creator-->C:\WINDOWS\System32\GKSUI18.EXE C:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT

O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}

O&O UnErase-->MsiExec.exe /X{534804B0-3563-434B-962A-BAF132B85F1F}

Paragon Hard Disk Manager 2009 Professional Edition-->MsiExec.exe /I{F898E900-B515-47F8-9451-C2B29F036A53}

PunkBuster Services-->C:\WINDOWS\System32\pbsvc.exe -u

Quake 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036

Quake Live Mozilla Plugin-->MsiExec.exe /I{F38CB926-7966-432B-8DBF-3E2B81443403}

QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036

Registry Mechanic 6.0-->"C:\utilitaires\Registry MechanicNew\unins000.exe"

SC Ver 2.58-->"C:\Program Files\SC\unins000.exe"

ScanSoft OmniPage 15.0-->MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}

ScanSoft PDF Converter 3.0-->MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}

ScanSoft PDF Create 3.0-->MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}

Services Off-line de Home'Bank 4.03-->"C:\Program Files\ING\Off-line\unins000.exe"

Smart PC Professional v5.0-->"C:\utilitaires\smart pc\Smart PC Professional\unins000.exe"

SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TeamSpeak Client-->"C:\Program Files\TeamSpeak3\unins000.exe"

TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly

Total Video Converter 3.11 070908-->"C:\utilitaires\Total video converter 3.11 by dutate\Total Video Converter\unins000.exe"

TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

UltraISO Premium V9.0-->"C:\utilitaires\UltraISO\unins000.exe"

Undelete Plus 2.97-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"

VideoLAN VLC media player 0.8.6d-->C:\utilitaires\VLC\uninstall.exe

Vodei Multimedia Processor 2.10-->C:\Program Files\Vodei\uninst.exe

Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\utilitaires\Winrar3-71\uninstall.exe

XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

 

=====HijackThis Backups=====

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\System32\muwgjjyi.dll",sitypnow

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\gztqefzl.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kyruvoyz.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll

O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\System32\aeodudqp.dll",b

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\fkxoxiex.dll

O23 - Service: DomainService - - C:\WINDOWS\System32\ftbmccqi.exe

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183726261968

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat

O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat

O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\System32\lqacqfkb.dll",b

O20 - AppInit_DLLs: C:\WINDOWS\System32\__c0072F68.dat

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\ozawpuzg.dll

O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)

O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O20 - Winlogon Notify: gztqefzl - gztqefzl.dll (file missing)

O20 - Winlogon Notify: kyruvoyz - kyruvoyz.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - Winlogon Notify: tuvwttt - tuvwttt.dll (file missing)

O2 - BHO: {d0516f21-4f88-877a-df64-b6b74720ac24} - {42ca0274-7b6b-46fd-a778-88f412f6150d} - C:\WINDOWS\System32\fanfjrti.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziwafume.dll (file missing)

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziwafume.dll (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\yenojupa.dll C:\WINDOWS\system32\remowoka.dll c:\windows\system32\ziwafume.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bogerijo.dll

O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL')

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\bogerijo.dll",a

O2 - BHO: (no name) - {7abad019-b7a8-4b43-843c-0ef547e47302} - C:\WINDOWS\system32\vatoteju.dll

O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll

O20 - AppInit_DLLs: c:\windows\system32\bogerijo.dll,C:\WINDOWS\system32\remowoka.dll,C:\WINDOWS\system32\jogonelu.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bogerijo.dll

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a

O4 - HKLM\..\Run: [7437ad24] rundll32.exe "C:\WINDOWS\system32\pepufebe.dll",b

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll,C:\WINDOWS\system32\remowoka.dll c:\windows\system32\wosesara.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll

O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll

O2 - BHO: (no name) - {c593f844-6515-4f17-bae1-54733350a5f6} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL')

O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll c:\windows\system32\wosesara.dll,C:\WINDOWS\system32\remowoka.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll (file missing)

O4 - HKLM\..\Run: [CPM77049eb8] Rundll32.exe "c:\windows\system32\wosesara.dll",a

O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing)

O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL')

O20 - AppInit_DLLs: c:\windows\system32\wosesara.dll,C:\WINDOWS\system32\remowoka.dll,C:\WINDOWS\system32\jogonelu.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wosesara.dll (file missing)

 

======Hosts File======

 

127.0.0.1 localhost

66.98.148.65 auto.search.msn.com

66.98.148.65 auto.search.msn.es

127.0.0.1 mpa.one.microsoft.com

 

======Security center information======

 

AV: Kaspersky Anti-Virus

FW: Kaspersky Anti-Virus

 

System event log

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\ativvaxx.dll failed to load

 

Record Number: 371

Source Name: Application Popup

Time Written: 20081115220906.000000+060

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 4226

Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Record Number: 370

Source Name: Tcpip

Time Written: 20081115213717.000000+060

Event Type: Avertissement

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 36

Message: Le service de temps n'a pas pu synchroniser l'heure système de 49152

secondes car aucun fournisseur de temps n'a pu fournir de datage

utilisable. L'horloge système n'est pas synchronisée.

 

Record Number: 369

Source Name: W32Time

Time Written: 20081115201702.000000+060

Event Type: Avertissement

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\ativvaxx.dll failed to load

 

Record Number: 368

Source Name: Application Popup

Time Written: 20081115201429.000000+060

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 26

Message: Application popup :  : \SystemRoot\System32\ativvaxx.dll failed to load

 

Record Number: 367

Source Name: Application Popup

Time Written: 20081115201401.000000+060

Event Type: Informations

User:

 

Application event log

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 0

Message:

Record Number: 3243

Source Name: NMIndexingService

Time Written: 20080707085108.000000+120

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 2

Message:

Record Number: 3242

Source Name: Diskeeper

Time Written: 20080707085040.000000+120

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 105

Message: The service was started.

 

Record Number: 3241

Source Name: DTSRVC

Time Written: 20080707085039.000000+120

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 105

Message: The service was started.

 

Record Number: 3240

Source Name: ATI Smart

Time Written: 20080707085029.000000+120

Event Type: Informations

User:

 

Computer Name: XXX-3HW2APLOSCW

Event Code: 1517

Message: Windows a sauvegardé le Registre utilisateur XXX-3HW2APLOSCW\David alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

 

 

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

 

Record Number: 3239

Source Name: Userenv

Time Written: 20080707055015.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE;C:\UTILITAIRES\ISOBUSTER\ISO2.2;C:\UTILIT~1\DISKEE~1;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

"FP_NO_HOST_CHECK"=NO

 

-----------------EOF-----------------

 

2

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by David at 2008-12-27 14:21:04

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 23 GB (23%) free of 100 GB

Total RAM: 1023 MB (46% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:21:17, on 27/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

C:\WINDOWS\Explorer.EXE

C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\oodag.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

C:\WINDOWS\System32\svchost.exe

C:\UTILIT~1\HPg55\AiO\Shared\Bin\hpoevm07.exe

C:\utilitaires\HPg55\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.execf

C:\WINDOWS\system32\attrib.exe

C:\WINDOWS\system32\cmd.execf

C:\WINDOWS\system32\attrib.exe

C:\Documents and Settings\David\Bureau\RSIT.exe

C:\utilitaires\Securité\David.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telemoustique.be/tm/programme_t...p;dag=vandaag18

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing)

O4 - HKLM\..\Run: [securDisc] C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\David\Bureau\utorrent.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\UTILIT~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223643221265

O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: NBService - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 9351 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}]

C:\WINDOWS\system32\vatoteju.dll []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SecurDisc"=C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe [2007-03-12 1626160]

"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]

"Opware15"=C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-05 69632]

"PDF3 Registry Controller"=C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496]

"OODefragTray"=C:\WINDOWS\System32\oodtray.exe [2007-06-28 2512128]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-26 282624]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 172544]

"wowihubota"=C:\WINDOWS\system32\yenojupa.dll []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

"uTorrent"=C:\Documents and Settings\David\Bureau\utorrent.exe [2008-08-21 267056]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task]

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2006-11-03 264704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wowihubota]

C:\WINDOWS\system32\yenojupa.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3

"sdCoreService"=3

"sdAuxService"=3

"Alerter"=3

"srservice"=2

"SharedAccess"=2

"wuauserv"=2

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

HPAiODevice(hp officejet g series) - 1.lnk - C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\jogonelu.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\System32\klogon.dll [2008-02-27 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=C:\WINDOWS\system32\remowoka.dll

C:\WINDOWS\system32\jogonelu.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoInstrumentation"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\David\Bureau\utorrent.exe"="C:\Documents and Settings\David\Bureau\utorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\utilitaires\Incredimail\bin\IncMail.exe"="C:\utilitaires\Incredimail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\utilitaires\Incredimail\bin\IMApp.exe"="C:\utilitaires\Incredimail\bin\IMApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\utilitaires\Incredimail\bin\ImpCnt.exe"="C:\utilitaires\Incredimail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\utilitaires\Incredimail\bin\ImLc.exe"="C:\utilitaires\Incredimail\bin\ImLc.exe:*:Enabled:IncrediMail"

"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:~"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d86d2a-d269-11dd-9884-806d6172696f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

 

======List of files/folders created in the last 1 months======

 

2008-12-27 14:21:04 ----D---- C:\rsit

2008-12-27 13:37:18 ----A---- C:\resultat.txt

2008-12-27 13:31:54 ----D---- C:\32788R22FWJFW

2008-12-27 12:49:38 ----A---- C:\WINDOWS\system32\CF17652.exe

2008-12-27 12:28:34 ----D---- C:\_OTMoveIt

2008-12-27 10:37:40 ----SH---- C:\WINDOWS\system32\ebefupep.ini

2008-12-27 10:19:49 ----A---- C:\WINDOWS\system32\cmd.execf

2008-12-27 10:19:34 ----A---- C:\ComboFix.exe

2008-12-26 22:26:39 ----D---- C:\VundoFix Backups

2008-12-26 22:26:39 ----A---- C:\VundoFix.txt

2008-12-26 22:10:00 ----SH---- C:\WINDOWS\system32\uyovuhul.ini

2008-12-26 21:57:58 ----SH---- C:\WINDOWS\system32\omutovis.ini

2008-12-26 21:57:58 ----SH---- C:\WINDOWS\system32\efajutiy.ini

2008-12-26 20:36:02 ----SH---- C:\WINDOWS\system32\oruyines.ini

2008-12-26 20:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-12-26 20:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-12-26 19:56:47 ----D---- C:\WINDOWS\CSC

2008-12-26 17:03:05 ----D---- C:\!KillBox

2008-12-26 17:01:16 ----A---- C:\Bug.txt

2008-12-26 17:01:07 ----D---- C:\327882R2FWJFW

2008-12-26 14:07:52 ----SH---- C:\WINDOWS\system32\igerimiw.ini

2008-12-12 17:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 17:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 17:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 17:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-01 17:37:25 ----A---- C:\LogProsType.txt

2008-12-01 17:37:25 ----A---- C:\LogEnbWinV.txt

2008-11-29 14:42:01 ----A---- C:\InfoSat.txt

 

======List of files/folders modified in the last 1 months======

 

2008-12-27 14:09:25 ----D---- C:\WINDOWS\Temp

2008-12-27 13:43:45 ----D---- C:\WINDOWS\system32\drivers

2008-12-27 13:43:45 ----D---- C:\WINDOWS\Prefetch

2008-12-27 13:31:17 ----D---- C:\Program Files\Mozilla Firefox

2008-12-27 13:31:01 ----RASH---- C:\boot.ini

2008-12-27 13:31:00 ----A---- C:\WINDOWS\win.ini

2008-12-27 13:31:00 ----A---- C:\WINDOWS\system.ini

2008-12-27 13:29:41 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-27 13:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-12-27 13:29:30 ----D---- C:\WINDOWS

2008-12-27 13:28:44 ----D---- C:\Documents and Settings\David\Application Data\uTorrent

2008-12-27 13:26:01 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-27 13:23:06 ----D---- C:\WINDOWS\system32\config

2008-12-27 13:04:55 ----D---- C:\Program Files

2008-12-27 13:03:07 ----D---- C:\Documents and Settings\David\Application Data\MailWasherPro

2008-12-27 12:49:38 ----D---- C:\WINDOWS\system32

2008-12-27 12:49:38 ----D---- C:\ComboFix

2008-12-27 10:37:35 ----ASH---- C:\WINDOWS\system32\pepufebe.dll

2008-12-27 09:39:26 ----D---- C:\Temp

2008-12-26 22:09:59 ----ASH---- C:\WINDOWS\system32\luhuvoyu.dll

2008-12-26 22:09:59 ----ASH---- C:\WINDOWS\system32\bogerijo.dll

2008-12-26 21:57:54 ----ASH---- C:\WINDOWS\system32\zurufalo.dll

2008-12-26 21:22:12 ----D---- C:\Documents and Settings\David\Application Data\teamspeak2

2008-12-26 20:35:59 ----ASH---- C:\WINDOWS\system32\seniyuro.dll

2008-12-26 20:35:57 ----ASH---- C:\WINDOWS\system32\zayiveva.dll

2008-12-26 20:01:57 ----SHD---- C:\RECYCLER

2008-12-26 16:59:05 ----SD---- C:\WINDOWS\Tasks

2008-12-26 16:56:56 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-25 10:55:43 ----HD---- C:\WINDOWS\inf

2008-12-22 17:09:28 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-20 16:35:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-20 16:35:42 ----D---- C:\WINDOWS\ie7updates

2008-12-20 16:35:32 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-13 11:42:14 ----D---- C:\utilitaires

2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 19:12:11 ----D---- C:\WINDOWS\Debug

2008-12-12 17:36:13 ----D---- C:\Program Files\Internet Explorer

2008-12-11 19:08:12 ----A---- C:\WINDOWS\AviSplitter.INI

2008-12-03 00:42:21 ----D---- C:\WINDOWS\system32\Restore

2008-12-01 17:41:19 ----SHD---- C:\WINDOWS\Installer

2008-12-01 17:41:10 ----DC---- C:\WINDOWS\system32\DRVSTORE

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\utilitaires\UltraISO\drivers\ISODrive.sys []

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys []

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]

R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824]

R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2007-06-25 15781]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

R3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]

R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-11-22 94208]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-28 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-22 47360]

R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-04 15920]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-05 10368]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064]

S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]

S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-03 11776]

S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []

S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-08-21 573440]

R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184]

R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe [2006-11-03 69632]

R2 InCDsrv;InCD Helper; C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-06-28 1049856]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2008-08-23 66872]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]

S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []

S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 NBService;NBService; C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432]

S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

 

-----------------EOF-----------------

Lien vers le commentaire
Partager sur d’autres sites

angelique Devil Member !

angelique

Posté(e)
Posté(e)

:P pas si simple!

 

• telecharge FixLsa.reg sur ton bureau: http://senduit.com/1849a2

 

il va etre important, d'etre en possion de Fixlsa.reg et de faire comme je te dis sinon , tu risques de ne plus rebooter :P

 

1• Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wowihubota"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wowihubota]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
"AppInit_DLLS"=""

:commands
[start explorer]

 

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

 

2• double clic sur FixLsa.reg et accepte la fusion , cette etape est tres importante avant de continuer!!!!!! assure toi que la fusion a bien été validée \acceptée.

 

3• double clic dans le dossier diaghelp sur catchme , dans l'onglet onglet script, copie_colle le contenu du cadre ci dessous et clic start:

 

files to delete:
C:\WINDOWS\system32\jogonelu.dll
C:\WINDOWS\system32\remowoka.dll
C:\WINDOWS\system32\uyovuhul.ini
C:\WINDOWS\system32\omutovis.ini
C:\WINDOWS\system32\efajutiy.ini
C:\WINDOWS\system32\oruyines.ini
C:\WINDOWS\system32\ebefupep.ini
C:\WINDOWS\system32\CF17652.exe
C:\WINDOWS\system32\igerimiw.ini
C:\WINDOWS\system32\pepufebe.dll
C:\WINDOWS\system32\luhuvoyu.dll
C:\WINDOWS\system32\bogerijo.dll
C:\WINDOWS\system32\zurufalo.dll
C:\WINDOWS\system32\seniyuro.dll
C:\WINDOWS\system32\zayiveva.dll
C:\WINDOWS\system32\cmd.execf
C:\InfoSat.txt
C:\Bug.txt

 

» poste le contenu du rapport sur ton bureau catchme.log

» reposte un nouveau rapport RSIT

» essaie de lancer ComboFix

Lien vers le commentaire
Partager sur d’autres sites
Dstyx Junior Member

Dstyx

Posté(e)
  • Auteur
Posté(e)

Etape 1

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wowihubota deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wowihubota\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!

========== COMMANDS ==========

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12272008_151313

 

 

Etape 2

 

Les données ont étés tranférées.

Lien vers le commentaire
Partager sur d’autres sites
Dstyx Junior Member

Dstyx

Posté(e)
  • Auteur
Posté(e)

Etape 3

 

Execution du script

 

Processing "Files to delete:"

 

file zipped: C:\WINDOWS\system32\jogonelu.dll -> catchme.zip -> jogonelu.dll ( 60928 bytes )

file "C:\WINDOWS\system32\jogonelu.dll" deleted successfully

read file error: C:\WINDOWS\system32\remowoka.dll, Le fichier spécifié est introuvable.

file zipped: C:\WINDOWS\system32\uyovuhul.ini -> catchme.zip -> uyovuhul.ini ( 120 bytes )

file "C:\WINDOWS\system32\uyovuhul.ini" deleted successfully

file zipped: C:\WINDOWS\system32\omutovis.ini -> catchme.zip -> omutovis.ini ( 120 bytes )

file "C:\WINDOWS\system32\omutovis.ini" deleted successfully

file zipped: C:\WINDOWS\system32\efajutiy.ini -> catchme.zip -> efajutiy.ini ( 120 bytes )

file "C:\WINDOWS\system32\efajutiy.ini" deleted successfully

file zipped: C:\WINDOWS\system32\oruyines.ini -> catchme.zip -> oruyines.ini ( 120 bytes )

file "C:\WINDOWS\system32\oruyines.ini" deleted successfully

file zipped: C:\WINDOWS\system32\ebefupep.ini -> catchme.zip -> ebefupep.ini ( 120 bytes )

file "C:\WINDOWS\system32\ebefupep.ini" deleted successfully

file zipped: C:\WINDOWS\system32\CF17652.exe -> catchme.zip -> CF17652.exe ( 401408 bytes )

file "C:\WINDOWS\system32\CF17652.exe" deleted successfully

file zipped: C:\WINDOWS\system32\igerimiw.ini -> catchme.zip -> igerimiw.ini ( 120 bytes )

file "C:\WINDOWS\system32\igerimiw.ini" deleted successfully

file zipped: C:\WINDOWS\system32\pepufebe.dll -> catchme.zip -> pepufebe.dll ( 85108 bytes )

file "C:\WINDOWS\system32\pepufebe.dll" deleted successfully

file zipped: C:\WINDOWS\system32\luhuvoyu.dll -> catchme.zip -> luhuvoyu.dll ( 87170 bytes )

file "C:\WINDOWS\system32\luhuvoyu.dll" deleted successfully

file zipped: C:\WINDOWS\system32\bogerijo.dll -> catchme.zip -> bogerijo.dll ( 99024 bytes )

file "C:\WINDOWS\system32\bogerijo.dll" deleted successfully

file zipped: C:\WINDOWS\system32\zurufalo.dll -> catchme.zip -> zurufalo.dll ( 97859 bytes )

file "C:\WINDOWS\system32\zurufalo.dll" deleted successfully

file zipped: C:\WINDOWS\system32\seniyuro.dll -> catchme.zip -> seniyuro.dll ( 85280 bytes )

file "C:\WINDOWS\system32\seniyuro.dll" deleted successfully

file zipped: C:\WINDOWS\system32\zayiveva.dll -> catchme.zip -> zayiveva.dll ( 96443 bytes )

file "C:\WINDOWS\system32\zayiveva.dll" deleted successfully

file zipped: C:\WINDOWS\system32\cmd.execf -> catchme.zip -> cmd.execf ( 401408 bytes )

file "C:\WINDOWS\system32\cmd.execf" deleted successfully

file zipped: C:\InfoSat.txt -> catchme.zip -> InfoSat.txt ( 600 bytes )

file "C:\InfoSat.txt" deleted successfully

file zipped: C:\Bug.txt -> catchme.zip -> Bug.txt ( 2164 bytes )

file "C:\Bug.txt" deleted successfully

Lien vers le commentaire
Partager sur d’autres sites
Dstyx Junior Member

Dstyx

Posté(e)
  • Auteur
Posté(e)

Etape 4

 

Rsit

 

 

Processing "Files to delete:"

 

file zipped: C:\WINDOWS\system32\jogonelu.dll -> catchme.zip -> jogonelu.dll ( 60928 bytes )

file "C:\WINDOWS\system32\jogonelu.dll" deleted successfully

read file error: C:\WINDOWS\system32\remowoka.dll, Le fichier spécifié est introuvable.

file zipped: C:\WINDOWS\system32\uyovuhul.ini -> catchme.zip -> uyovuhul.ini ( 120 bytes )

file "C:\WINDOWS\system32\uyovuhul.ini" deleted successfully

file zipped: C:\WINDOWS\system32\omutovis.ini -> catchme.zip -> omutovis.ini ( 120 bytes )

file "C:\WINDOWS\system32\omutovis.ini" deleted successfully

file zipped: C:\WINDOWS\system32\efajutiy.ini -> catchme.zip -> efajutiy.ini ( 120 bytes )

file "C:\WINDOWS\system32\efajutiy.ini" deleted successfully

file zipped: C:\WINDOWS\system32\oruyines.ini -> catchme.zip -> oruyines.ini ( 120 bytes )

file "C:\WINDOWS\system32\oruyines.ini" deleted successfully

file zipped: C:\WINDOWS\system32\ebefupep.ini -> catchme.zip -> ebefupep.ini ( 120 bytes )

file "C:\WINDOWS\system32\ebefupep.ini" deleted successfully

file zipped: C:\WINDOWS\system32\CF17652.exe -> catchme.zip -> CF17652.exe ( 401408 bytes )

file "C:\WINDOWS\system32\CF17652.exe" deleted successfully

file zipped: C:\WINDOWS\system32\igerimiw.ini -> catchme.zip -> igerimiw.ini ( 120 bytes )

file "C:\WINDOWS\system32\igerimiw.ini" deleted successfully

file zipped: C:\WINDOWS\system32\pepufebe.dll -> catchme.zip -> pepufebe.dll ( 85108 bytes )

file "C:\WINDOWS\system32\pepufebe.dll" deleted successfully

file zipped: C:\WINDOWS\system32\luhuvoyu.dll -> catchme.zip -> luhuvoyu.dll ( 87170 bytes )

file "C:\WINDOWS\system32\luhuvoyu.dll" deleted successfully

file zipped: C:\WINDOWS\system32\bogerijo.dll -> catchme.zip -> bogerijo.dll ( 99024 bytes )

file "C:\WINDOWS\system32\bogerijo.dll" deleted successfully

file zipped: C:\WINDOWS\system32\zurufalo.dll -> catchme.zip -> zurufalo.dll ( 97859 bytes )

file "C:\WINDOWS\system32\zurufalo.dll" deleted successfully

file zipped: C:\WINDOWS\system32\seniyuro.dll -> catchme.zip -> seniyuro.dll ( 85280 bytes )

file "C:\WINDOWS\system32\seniyuro.dll" deleted successfully

file zipped: C:\WINDOWS\system32\zayiveva.dll -> catchme.zip -> zayiveva.dll ( 96443 bytes )

file "C:\WINDOWS\system32\zayiveva.dll" deleted successfully

file zipped: C:\WINDOWS\system32\cmd.execf -> catchme.zip -> cmd.execf ( 401408 bytes )

file "C:\WINDOWS\system32\cmd.execf" deleted successfully

file zipped: C:\InfoSat.txt -> catchme.zip -> InfoSat.txt ( 600 bytes )

file "C:\InfoSat.txt" deleted successfully

file zipped: C:\Bug.txt -> catchme.zip -> Bug.txt ( 2164 bytes )

file "C:\Bug.txt" deleted successfully

 

Par contre pas de fichier info cette fois ci

 

je tente maintenant Combofix...

Lien vers le commentaire
Partager sur d’autres sites
Dstyx Junior Member

Dstyx

Posté(e)
  • Auteur
Posté(e)

Oups

 

voila

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by David at 2008-12-27 15:24:34

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 24 GB (24%) free of 100 GB

Total RAM: 1023 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:24:40, on 27/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\oodag.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

C:\WINDOWS\System32\svchost.exe

C:\UTILIT~1\HPg55\AiO\Shared\Bin\hpoevm07.exe

C:\utilitaires\HPg55\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\attrib.exe

C:\WINDOWS\system32\attrib.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\David\Bureau\RSIT.exe

C:\utilitaires\Securité\David.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telemoustique.be/tm/programme_t...p;dag=vandaag18

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {b4237a65-d383-4438-8b07-1892fc2e4466} - C:\WINDOWS\system32\vatoteju.dll (file missing)

O4 - HKLM\..\Run: [securDisc] C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\David\Bureau\utorrent.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wowihubota] Rundll32.exe "C:\WINDOWS\system32\yenojupa.dll",s (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\UTILIT~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223643221265

O20 - AppInit_DLLs: C:\WINDOWS\system32\jogonelu.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: NBService - Nero AG - C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 9289 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4237a65-d383-4438-8b07-1892fc2e4466}]

C:\WINDOWS\system32\vatoteju.dll []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SecurDisc"=C:\utilitaires\ahead\Nero7\Nero 7\InCD\NBHGui.exe [2007-03-12 1626160]

"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]

"Opware15"=C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-05 69632]

"PDF3 Registry Controller"=C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496]

"OODefragTray"=C:\WINDOWS\System32\oodtray.exe [2007-06-28 2512128]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-26 282624]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 172544]

"wowihubota"=C:\WINDOWS\system32\yenojupa.dll []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

"uTorrent"=C:\Documents and Settings\David\Bureau\utorrent.exe [2008-08-21 267056]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task]

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2006-11-03 264704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3

"sdCoreService"=3

"sdAuxService"=3

"Alerter"=3

"srservice"=2

"SharedAccess"=2

"wuauserv"=2

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

HPAiODevice(hp officejet g series) - 1.lnk - C:\utilitaires\HPg55\AiO\hp officejet g series\Bin\hpoavn07.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\jogonelu.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\System32\klogon.dll [2008-02-27 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

C:\WINDOWS\system32\jogonelu.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoInstrumentation"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\David\Bureau\utorrent.exe"="C:\Documents and Settings\David\Bureau\utorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\utilitaires\Incredimail\bin\IncMail.exe"="C:\utilitaires\Incredimail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\utilitaires\Incredimail\bin\IMApp.exe"="C:\utilitaires\Incredimail\bin\IMApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\utilitaires\Incredimail\bin\ImpCnt.exe"="C:\utilitaires\Incredimail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\utilitaires\Incredimail\bin\ImLc.exe"="C:\utilitaires\Incredimail\bin\ImLc.exe:*:Enabled:IncrediMail"

"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:~"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d86d2a-d269-11dd-9884-806d6172696f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

 

======List of files/folders created in the last 1 months======

 

2008-12-27 15:22:46 ----D---- C:\ComboFix

2008-12-27 14:21:04 ----D---- C:\rsit

2008-12-27 13:37:18 ----A---- C:\resultat.txt

2008-12-27 13:31:54 ----D---- C:\32788R22FWJFW

2008-12-27 10:19:34 ----A---- C:\ComboFix.exe

2008-12-26 22:26:39 ----A---- C:\VundoFix.txt

2008-12-26 20:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-12-26 20:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-12-26 19:56:47 ----D---- C:\WINDOWS\CSC

2008-12-26 17:03:05 ----D---- C:\!KillBox

2008-12-26 17:01:07 ----D---- C:\327882R2FWJFW

2008-12-12 17:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 17:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 17:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 17:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-01 17:37:25 ----A---- C:\LogProsType.txt

2008-12-01 17:37:25 ----A---- C:\LogEnbWinV.txt

 

======List of files/folders modified in the last 1 months======

 

2008-12-27 15:23:48 ----D---- C:\Program Files\Mozilla Firefox

2008-12-27 15:23:08 ----D---- C:\WINDOWS

2008-12-27 15:23:07 ----D---- C:\WINDOWS\Prefetch

2008-12-27 15:23:02 ----SHD---- C:\System Volume Information

2008-12-27 15:23:01 ----D---- C:\WINDOWS\system32

2008-12-27 15:22:48 ----D---- C:\WINDOWS\erdnt

2008-12-27 15:21:44 ----D---- C:\WINDOWS\Temp

2008-12-27 13:43:45 ----D---- C:\WINDOWS\system32\drivers

2008-12-27 13:31:01 ----RASH---- C:\boot.ini

2008-12-27 13:31:00 ----A---- C:\WINDOWS\win.ini

2008-12-27 13:31:00 ----A---- C:\WINDOWS\system.ini

2008-12-27 13:29:41 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-27 13:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-12-27 13:28:44 ----D---- C:\Documents and Settings\David\Application Data\uTorrent

2008-12-27 13:26:01 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-27 13:23:06 ----D---- C:\WINDOWS\system32\config

2008-12-27 13:04:55 ----D---- C:\Program Files

2008-12-27 13:03:07 ----D---- C:\Documents and Settings\David\Application Data\MailWasherPro

2008-12-27 09:39:26 ----D---- C:\Temp

2008-12-26 21:22:12 ----D---- C:\Documents and Settings\David\Application Data\teamspeak2

2008-12-26 20:01:57 ----SHD---- C:\RECYCLER

2008-12-26 16:59:05 ----SD---- C:\WINDOWS\Tasks

2008-12-26 16:56:56 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-25 10:55:43 ----HD---- C:\WINDOWS\inf

2008-12-22 17:09:28 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-20 16:35:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-20 16:35:42 ----D---- C:\WINDOWS\ie7updates

2008-12-20 16:35:32 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-13 11:42:14 ----D---- C:\utilitaires

2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 19:12:11 ----D---- C:\WINDOWS\Debug

2008-12-12 17:36:13 ----D---- C:\Program Files\Internet Explorer

2008-12-11 19:08:12 ----A---- C:\WINDOWS\AviSplitter.INI

2008-12-03 00:42:21 ----D---- C:\WINDOWS\system32\Restore

2008-12-01 17:41:19 ----SHD---- C:\WINDOWS\Installer

2008-12-01 17:41:10 ----DC---- C:\WINDOWS\system32\DRVSTORE

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-03-12 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-03-12 38576]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\utilitaires\UltraISO\drivers\ISODrive.sys []

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys []

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]

R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-09-26 129824]

R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-09-26 32048]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2007-06-25 15781]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

R3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-20 121856]

R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-11-22 94208]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-28 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-11-22 47360]

R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-04 15920]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-05 10368]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-03-12 118064]

S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 catchme;catchme; \??\C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys []

S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]

S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-03 11776]

S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []

S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2005-06-14 104576]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-08-21 573440]

R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-27 199184]

R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe [2006-11-03 69632]

R2 InCDsrv;InCD Helper; C:\utilitaires\ahead\Nero7\Nero 7\InCD\InCDsrv.exe [2007-03-12 931376]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-06-28 1049856]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2008-08-23 66872]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]

S2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []

S2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 NBService;NBService; C:\utilitaires\ahead\Nero7\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]

S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-04 306432]

S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

 

-----------------EOF-----------------

 

Combofix Tjs pas, je confirme Kaspersky OFF au démarrage, je réessaye en mode sasn echec.

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...