infection trojan virtumonde + blocage mise a jour logiciel de travail.

[Apollo]

On va essayer autrement, même si je crois que la première syntaxe était bonne.

 

Ce script a été rédigé spécialement pour cet utilisateur; ne pas l'utiliser sur une autre machine: dangereux!

 

1. Ferme tous les navigateurs ouverts.

2. Désactive provisoirement l'antivirus.

 

--> connecte les supports amovibles!

 

2. Ferme/désactive tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

 

3. Ouvre le Bloc-notes et fais un copier/coller du texte situé dans la boîte Code ci-dessous dans le Bloc-notes: (sans le mot code)!

 

DeQuarantine::

C:\Qoobox\Quarantine\c:\program files\ford motor company\ids\runtime\tmctrlbho.dll

Quit::

 

Enregistre le fichier sous le nom CFScript.txt, au même endroit que ComboFix.exe

 

 

 

Comme sur l'image ci-dessus, fais glisser CFScript puis dépose-le sur ComboFix.exe

 

Lorsque l'outil aura terminé, il t'affichera un rapport nommé C:\DeQuarantine_log.txt que tu devras m'envoyer dans ton prochain message.

 

++

[benjifast]

Re,

 

combofix demande sa mise à jour pour l'instant j'ai mis non, doit-je la faire?

 

Rapport combofix:

 

ComboFix 10-06-11.01 - IDS Administrator 13/06/2010 15:30:27.4.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1033.18.502.177 [GMT 2:00]

Lancé depuis: c:\documents and settings\IDS Administrator\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\IDS Administrator\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-13 au 2010-06-13 ))))))))))))))))))))))))))))))))))))

.

 

2010-06-13 08:27 . 2010-06-13 08:27 -------- d-----w- C:\rsit

2010-06-13 08:22 . 2010-06-13 08:22 -------- d-----w- c:\windows\system32\LogFiles

2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\CheckPoint

2010-06-12 19:41 . 2010-06-12 19:41 -------- d-----w- c:\program files\CheckPoint

2010-06-12 19:41 . 2010-06-12 19:41 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-06-12 19:40 . 2009-12-04 14:35 46472 ----a-w- c:\windows\system32\vsutil_loc040c.dll

2010-06-12 19:40 . 2009-12-04 14:34 69000 ----a-w- c:\windows\system32\zlcomm.dll

2010-06-12 19:40 . 2009-12-04 14:34 103816 ----a-w- c:\windows\system32\zlcommdb.dll

2010-06-12 19:40 . 2009-12-04 14:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll

2010-06-12 19:40 . 2010-06-12 19:41 -------- d-----w- c:\windows\system32\ZoneLabs

2010-06-12 19:40 . 2010-06-12 19:40 -------- d-----w- c:\program files\Zone Labs

2010-06-12 19:39 . 2010-06-13 13:27 -------- d-----w- c:\windows\Internet Logs

2010-06-12 10:40 . 2010-06-13 08:27 -------- d-----w- c:\program files\Trend Micro

2010-06-12 10:39 . 2010-06-12 10:40 -------- d-----w- C:\HJT

2010-06-12 10:03 . 2010-06-12 10:05 -------- d-----w- C:\ToolBar SD

2010-06-11 11:02 . 2010-06-11 11:02 -------- d-----w- c:\documents and settings\IDS Administrator\Application Data\Malwarebytes

2010-06-11 11:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 11:01 . 2010-06-11 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 11:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-10 19:15 . 2010-06-11 10:56 -------- d-----w- c:\program files\ZHPDiag

2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-10 09:11 . 2010-06-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-10 06:48 . 2010-06-10 07:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-10 06:48 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-06-10 06:48 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-06-10 06:48 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\program files\Avira

2010-06-10 06:48 . 2010-06-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-06-08 14:34 . 2010-06-08 14:34 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-13 12:34 . 2010-06-12 22:17 3877974 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-06-09 09:49 . 2007-02-07 13:43 -------- d-----w- c:\program files\Common Files\Teradyne

2010-06-08 17:37 . 2007-02-07 13:51 -------- d-----w- c:\program files\FordEtis

2010-05-04 17:20 . 2006-02-17 16:59 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20 . 2006-02-17 16:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20 . 2006-02-17 16:56 17408 ------w- c:\windows\system32\corpol.dll

2010-05-02 05:22 . 2006-02-17 16:59 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2006-02-17 16:56 285696 ----a-w- c:\windows\system32\atmfd.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-03-14 222496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]

"HPlsKey"="c:\program files\Panasonic\HPLSMAN\hplskey.exe" [2005-06-01 61440]

"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592]

"PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2005-06-15 45056]

"Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2005-06-14 974848]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 401408]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 385024]

"IDSMainMenu"="c:\program files\IDS Main Menu\IDS Main Menu2.exe" [2007-02-07 360448]

"IDSTechnician"="c:\program files\IDS\TechLocale.exe" [2006-04-04 32768]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]

"Starburst"="c:\program files\Ford Motor Company\IDS\Runtime\Starburst.exe" [2010-02-21 90112]

"Feedback"="c:\program files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [2010-02-21 72704]

"TDSReanimator"="c:\program files\Common Files\Teradyne\TDSReanimator.exe" [2010-01-11 11264]

"ProbeTickHandler"="c:\program files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [2010-02-21 43008]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Display Rotation Tool.lnk - c:\program files\Panasonic\DispRot\IDRot.exe [2006-2-18 81920]

Panasonic Hand Writing.lnk - c:\program files\Panasonic\WRITING\Writing.exe [2006-2-18 278528]

Software Keyboard.lnk - c:\program files\Panasonic\MEISKB\meiskb.exe [2006-2-18 139264]

Wireless LAN Switch.lnk - c:\program files\Panasonic\WLANSW\WLANSW.EXE [2006-2-28 94208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2005-10-04 06:59 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FordEtis\\etisdvd.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Tabman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SysPage.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SWUpdWizard.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\PtchApply.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Rtdb.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\Starburst.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\EngineeringFeedback.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\SystemDiagnostic.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\VMM.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C402.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C403.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C407.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C412.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\C413.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\LVPCheck.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\NetworkActivation.exe"=

"c:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"=

 

R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\Panasonic\WLANSW\WLANSW.sys [28/02/2006 14:14 7680]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2010 08:48 108289]

R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [28/02/2006 14:13 7168]

R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [18/02/2006 04:13 7168]

R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [18/02/2006 04:14 8192]

R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [17/02/2006 19:03 23463]

R3 HTKPLUS;Panasonic Hotkey PLUS Driver;c:\windows\system32\drivers\HTKPLUS.SYS [17/02/2006 19:03 8448]

S2 TDSNetSetup;TDSNetSetup;c:\program files\Common Files\Teradyne\TDSNetSetup.exe [07/02/2007 15:43 17920]

S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [27/10/2004 01:15 31375]

S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rsmartc.sys [17/02/2006 19:03 69460]

S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [07/02/2007 15:41 22016]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = hxxp://www.ford.com/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-13 15:40

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(888)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

 

- - - - - - - > 'explorer.exe'(1824)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Heure de fin: 2010-06-13 15:44:00

ComboFix-quarantined-files.txt 2010-06-13 13:43

ComboFix2.txt 2010-06-13 12:29

ComboFix3.txt 2010-06-12 18:12

ComboFix4.txt 2010-06-12 11:55

 

Avant-CF: 33 068 572 672 bytes free

Après-CF: 33 061 629 952 bytes free

 

- - End Of File - - 7F6F1F4D932248462C0D214E4BF5DF21

Modifié le 13 juin 2010 par benjifast

[Apollo]

Re,

 

Va dans le dossier C:\QooBox\Quarantine\Registry_Backups et repère les clés suivantes:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60EC89B7-367D-402B-8C55-30FAEB32A705}.reg.dat

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60EC89B7-367D-402B-8C55-30FAEB32A705}.reg.dat

 

*** Dans tous les cas, les clés qui montrent la clsid en question {60EC89B7-367D-402B-8C55-30FAEB32A705} Ne touche pas aux autres car elles sont infectieuses.

 

 

Supprime leur extension *.dat et tu obtiendras deux fichiers *.reg . (l'icône devrait se changer en un "cube".)

 

Il ne te restera qu'à double cliquer sur chacun de ces 2 fichiers *.reg obtenus pour restaurer ces clés de registre.

 

++

[benjifast]

Re,

 

Je n'ai que 2 fichiers et pas ceux dont tu parle: AddRemove-HijackThis.reg et tcpip (Registration Entries).

 

J'attend tes instructions.

[Apollo]

Poste un rapport Hijackthis stp.

[benjifast]

Re,

 

Rapport hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:51, on 13/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Panasonic\HPLSMAN\hplskey.exe

C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\IDS Main Menu\IDS Main Menu2.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe

C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panasonic\DispRot\IDRot.exe

C:\Program Files\Panasonic\WRITING\Writing.exe

C:\Program Files\Panasonic\MEISKB\meiskb.exe

C:\Program Files\Panasonic\WLANSW\WLANSW.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ford.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPlsKey] C:\Program Files\Panasonic\HPLSMAN\hplskey.exe

O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe

O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin

O4 - HKLM\..\Run: [Panasonic HotKey Manager] "C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iDSMainMenu] "C:\Program Files\IDS Main Menu\IDS Main Menu2.exe"

O4 - HKLM\..\Run: [iDSTechnician] "C:\Program Files\IDS\TechLocale.exe"

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"

O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"

O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe"

O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Display Rotation Tool.lnk = ?

O4 - Global Startup: Panasonic Hand Writing.lnk = ?

O4 - Global Startup: Software Keyboard.lnk = ?

O4 - Global Startup: Wireless LAN Switch.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172140183305

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7178 bytes