Hello,merci de me consacrer du temps
,
Ca a été long mais ça rame de ce côté ci!
Enfin,voici les differents rapports,ces 2 programmes ont trouvé pas mal de choses :
ComboFix 08-07-07.3 - greg 2008-07-08 18:28:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.489 [GMT 2:00]
Endroit: C:\Documents and Settings\greg\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\444.470
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\BM072c71ad.txt
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\aaugsw.dll
C:\WINDOWS\system32\abqkmous.ini
C:\WINDOWS\system32\amcaomcl.dll
C:\WINDOWS\system32\atnpmear.ini
C:\WINDOWS\system32\awqleqkq.dll
C:\WINDOWS\system32\awtuuSMc.dll
C:\WINDOWS\system32\bboafdvr.dll
C:\WINDOWS\system32\bdixlsrf.ini
C:\WINDOWS\system32\cbXOFyvT.dll
C:\WINDOWS\system32\ccyospmo.dll
C:\WINDOWS\system32\cMSuutwa.ini
C:\WINDOWS\system32\cMSuutwa.ini2
C:\WINDOWS\system32\ctzfbr.dll
C:\WINDOWS\system32\dpomriit.dll
C:\WINDOWS\system32\dpyjwadt.ini
C:\WINDOWS\system32\fhjxigqsv.dat
C:\WINDOWS\system32\fhjxigqsv_nav.dat
C:\WINDOWS\system32\fhjxigqsv_navps.dat
C:\WINDOWS\system32\fhjxigqsv_navup.dat
C:\WINDOWS\system32\fkxmgmjo.dll
C:\WINDOWS\system32\fqsdgo.dll
C:\WINDOWS\system32\geBsqPFx.dll
C:\WINDOWS\system32\haivhj.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hunvjsxy.ini
C:\WINDOWS\system32\icirilmi.dll
C:\WINDOWS\system32\ilgfqriw.dll
C:\WINDOWS\system32\imlirici.ini
C:\WINDOWS\system32\jbfcmkvd.dll
C:\WINDOWS\system32\khfFUMFV.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpqXwyxx.ini
C:\WINDOWS\system32\mpqXwyxx.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ncntktdm.exe
C:\WINDOWS\system32\ompsoycc.ini
C:\WINDOWS\system32\opnomnol.dll
C:\WINDOWS\system32\orvenqwl.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbyeikfd.dll
C:\WINDOWS\system32\peneiclq.dll
C:\WINDOWS\system32\pmnlkKEU.dll
C:\WINDOWS\system32\ptfblo.dll
C:\WINDOWS\system32\qkqelqwa.ini
C:\WINDOWS\system32\qoMfcDtu.dll
C:\WINDOWS\system32\qtkgvv.dll
C:\WINDOWS\system32\qvyikh.dll
C:\WINDOWS\system32\rlbdhoenlwklwk.dll
C:\WINDOWS\system32\rsuegkwh.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\rwxldnvf.ini
C:\WINDOWS\system32\rxrfxw.dll
C:\WINDOWS\system32\sAHOnnmp.ini
C:\WINDOWS\system32\sAHOnnmp.ini2
C:\WINDOWS\system32\ssqnLEtq.dll
C:\WINDOWS\system32\ssqQjJdA.dll
C:\WINDOWS\system32\suomkqba.dll
C:\WINDOWS\system32\tckrle.dll
C:\WINDOWS\system32\tdawjypd.dll
C:\WINDOWS\system32\VGPsCJjl.ini
C:\WINDOWS\system32\VGPsCJjl.ini2
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wirqfgli.ini
C:\WINDOWS\system32\wqneicpl.dll
C:\WINDOWS\system32\wsdoipea.dat
C:\WINDOWS\system32\wsdoipea_nav.dat
C:\WINDOWS\system32\wsdoipea_navps.dat
C:\WINDOWS\system32\xctgtkqa.dll
C:\WINDOWS\system32\yayaBTLd.dll
C:\WINDOWS\system32\ytmlmvae.dll
C:\WINDOWS\system32\yxsjvnuh.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 18:35 . 2008-07-08 18:35 49,204 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-07-08 18:35 . 2008-07-08 18:35 36 --a------ C:\WINDOWS\system32\msnav32.ax
2008-07-08 17:57 . 2008-07-08 17:57 26,016 --a------ C:\WINDOWS\system32\opnmJAPj.dll
2008-07-08 17:57 . 2008-07-08 17:57 26,016 --a------ C:\WINDOWS\system32\nnnmmnLE.dll
2008-07-08 12:33 . 2008-07-08 12:33 152,157 --a------ C:\WINDOWS\system32\g0.exe
2008-07-08 12:33 . 2008-07-08 12:33 64,332 --a------ C:\WINDOWS\system32\smhtaaylwabzdd.exe
2008-07-08 12:32 . 2008-07-08 12:32 49,183 --a------ C:\WINDOWS\system32\rswnw64s.exe
2008-07-08 10:44 . 2008-07-08 10:44 <REP> d-------- C:\WINDOWS\system32\ver
2008-07-08 10:44 . 2008-07-08 10:44 <REP> d-------- C:\WINDOWS\system32\olixds18
2008-07-08 10:44 . 2008-07-08 10:44 <REP> d-------- C:\WINDOWS\system32\IP3
2008-07-08 10:44 . 2008-07-08 10:44 <REP> d-------- C:\WINDOWS\system32\dapi
2008-07-08 10:44 . 2008-07-08 10:44 89,561 --a------ C:\WINDOWS\system32\uoyzsydz.exe
2008-07-08 10:44 . 2008-07-08 10:44 41,984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-07-08 10:44 . 2008-07-08 10:44 41,984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-07-08 10:43 . 2008-07-08 10:44 <REP> d-------- C:\Temp\stmpv4
2008-07-08 10:43 . 2008-07-08 18:29 <REP> d-------- C:\Temp
2008-07-07 16:45 . 2008-07-07 16:45 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-07-07 16:31 . 2008-07-08 12:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-07 16:30 . 2008-07-07 16:31 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-07-07 16:30 . 2008-07-07 16:30 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-07-07 16:30 . 2008-07-07 16:31 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-07 16:30 . 2008-07-07 16:30 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-07-07 14:38 . 2008-07-07 14:38 <REP> d-------- C:\Program Files\Webroot
2008-07-07 14:38 . 2008-07-07 14:38 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-07 14:38 . 2008-07-07 14:38 <REP> d-------- C:\Documents and Settings\greg\Application Data\Webroot
2008-07-07 14:38 . 2008-07-07 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-07 14:38 . 2007-07-19 22:54 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2008-07-07 14:38 . 2007-07-19 22:42 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-07 14:38 . 2007-07-19 22:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-07 14:38 . 2007-07-19 22:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-07 14:38 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-07-07 14:38 . 2008-07-07 14:38 112 --a------ C:\WINDOWS\Win.ini
2008-07-07 14:37 . 2008-07-07 14:37 164 --a------ C:\install.dat
2008-07-07 14:05 . 2008-07-07 14:37 <REP> d-------- C:\Documents and Settings\greg\Application Data\GetRightToGo
2008-07-05 07:15 . 2008-07-05 07:15 32,768 --a------ C:\WINDOWS\system32\olixds18\olixds182328.exe
2008-07-01 18:02 . 2008-07-01 18:03 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-07-01 14:00 . 2008-07-01 14:00 <REP> d-------- C:\Documents and Settings\greg\Application Data\Sony Ericsson
2008-07-01 13:07 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-30 02:21 . 2008-06-30 18:06 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-06-29 23:31 . 2008-06-29 23:31 <REP> d-------- C:\fsaua.data
2008-06-29 23:29 . 2008-07-03 18:16 <REP> d-------- C:\Program Files\Panda Security
2008-06-29 17:57 . 2006-02-20 20:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-06-29 17:57 . 2003-09-23 16:42 17,024 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-06-29 17:57 . 2006-04-11 21:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-06-29 17:57 . 2006-07-11 21:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-06-29 17:57 . 2003-09-23 16:42 7,296 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-06-29 17:55 . 2008-07-04 20:03 <REP> d-------- C:\Garmin
2008-06-28 23:20 . 2008-07-07 14:29 110,465 --a------ C:\WINDOWS\BM072c71ad.xml
2008-06-27 18:38 . 2008-06-27 18:38 53,248 --ahs---- C:\Documents and Settings\greg\winlogon.exe
2008-06-26 01:47 . 2008-06-27 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fitn17
2008-06-25 00:10 . 2008-06-25 00:10 <REP> d-------- C:\Documents and Settings\greg\Saved Games
2008-06-25 00:10 . 2008-06-25 00:10 <REP> d-------- C:\Documents and Settings\greg\Application Data\Flood Light Games
2008-06-25 00:10 . 2008-06-25 00:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-24 17:48 . 2008-06-24 17:48 <REP> d-------- C:\Documents and Settings\greg\Application Data\PlanetPlayMore
2008-06-24 14:02 . 2008-06-24 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-06-21 00:43 . 2008-06-21 00:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-06-20 17:28 . 2008-06-20 17:28 <REP> d-------- C:\Documents and Settings\greg\Application Data\ITTNord
2008-06-20 01:02 . 2008-06-20 01:02 <REP> d-------- C:\Documents and Settings\greg\Application Data\iWinArcade
2008-06-19 16:53 . 2008-06-19 16:53 <REP> d-------- C:\Documents and Settings\greg\Application Data\Teleca
2008-06-16 18:49 . 2008-06-16 22:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-13 22:51 . 2008-06-13 22:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-06-11 13:58 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:58 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-04 21:41 --------- d-----w C:\Program Files\HOTAS
2008-07-01 16:27 --------- d-----w C:\Program Files\X10 Hardware
2008-06-29 20:33 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-06-29 20:25 --------- d-----w C:\Program Files\CCleaner
2008-06-29 18:09 --------- d-----w C:\Program Files\Spamihilator
2008-06-29 16:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 20:25 --------- d-----w C:\Documents and Settings\greg\Application Data\Skype
2008-06-27 18:51 --------- d-----w C:\Documents and Settings\greg\Application Data\FileZilla
2008-06-26 20:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-25 00:53 23,024 ----a-w C:\Documents and Settings\greg\Application Data\wklnhst.dat
2008-06-18 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-16 22:37 --------- d-----w C:\Documents and Settings\greg\Application Data\PlayFirst
2008-06-15 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-11 17:12 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-08 15:17 --------- d-----w C:\Program Files\Test-A
2008-06-03 18:22 --------- d-----w C:\Program Files\InternetProgram
2008-05-18 21:07 --------- d-----w C:\Documents and Settings\greg\Application Data\SprillBermudeFr
2008-05-18 15:33 --------- d-----w C:\Documents and Settings\greg\Application Data\SpinTop
2008-05-17 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-17 19:20 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-17 19:20 --------- d-----w C:\Program Files\Windows Live
2008-05-13 10:17 --------- d-----w C:\Program Files\Samsung
2008-05-11 09:44 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-17 07:01 36,972 ----a-w C:\mediamp3.dat
2008-03-05 22:45 0 ----a-w C:\Program Files\temp01
2007-10-02 16:59 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-18 16:37 768 ----a-w C:\Documents and Settings\greg\highscore.dat
2007-06-27 22:36 73,496 ----a-w C:\Documents and Settings\greg\Application Data\GDIPFONTCACHEV1.DAT
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
2000-11-15 18:33 1,016,320 ----a-w C:\Documents and Settings\greg\2ndquest.exe
2000-01-22 00:55 172,544 ----a-w C:\Documents and Settings\greg\cncs32.dll
2000-01-10 09:29 282,112 ----a-w C:\Documents and Settings\greg\cncs232.dll
2000-01-05 02:53 133,088 ----a-w C:\Documents and Settings\greg\cncs.dll
2006-04-14 13:17 152 --sh--r C:\WINDOWS\system32\A75BB1DB54.sys
2005-10-19 19:19 8 --sh--r C:\WINDOWS\system32\CFE20AE075.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"HOTASMode"="C:\Program Files\HOTAS\HOTASConfig.exe" [2004-07-14 17:23 495616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-22 16:35 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Logon Applicationedc"="C:\Documents and Settings\greg\winlogon.exe" [2008-06-27 18:38 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 00:21 7282688]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2005-10-12 14:44 241664]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [2005-10-11 18:11 126976]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 14:19 93640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [2005-11-23 14:11 73728]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-11-01 21:42 139264]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 03:20 398944]
"CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-10-12 04:29 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 13:50 98304]
"{F4-42-29-9E-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-07-08 18:35 49204]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54 5361464]
"nwiz"="nwiz.exe" [2005-09-23 00:21 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-09-23 00:21 86016 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 16:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"CHotkey"="mHotkey.exe" [2004-06-03 21:07 549376 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 22:28 5577216 C:\WINDOWS\CNYHKey.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D}"= "C:\WINDOWS\system32\vtUNGAqr.dll" [2008-07-08 18:37 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUNGAqr]
2008-07-08 18:37 31232 C:\WINDOWS\system32\vtUNGAqr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4"= MI-SC4.acm
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EoEngine"=
"EoWeather"=
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"C:\\CreativesFiles\\Shareaza.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-17 15:52]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2005-10-04 18:37]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
R3 STTub203;Thrustmaster HOTAS USB Bulk Out;C:\WINDOWS\system32\Drivers\STTub203.sys [2002-10-03 13:52]
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service []
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 Allied;CopperJet ADSL modem Installer;C:\WINDOWS\system32\DRIVERS\instl.sys [2002-07-08 12:43]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 14:00]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 14:00]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-01-05 13:45]
S3 TIAu5Bt;AU5 USB DSL Modem Boot Device;C:\WINDOWS\system32\Drivers\tiau5bt.sys []
S3 TIAU5CO;AU5 USB DSL Modem(WAN);C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys []
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{3CD9C267-160A-4288-8E91-C6EE34B83648} - (no file)
BHO-{413B7B11-06BB-4071-A00E-4416FDC50E76} - (no file)
BHO-{4E5A1232-9358-457D-9F77-A1FFD9554179} - (no file)
BHO-{5BB75A9C-9633-4930-8C0B-91FD7F7749F1} - C:\WINDOWS\system32\xxywXqpm.dll
BHO-{5C5B0569-ADE7-40DF-B9C7-10FE8888FBAB} - (no file)
BHO-{6388A346-3B41-420F-A35A-ED65B349F777} - C:\WINDOWS\system32\ljJCsPGV.dll
BHO-{64A058D4-4851-4A04-B243-6D13364066EF} - (no file)
BHO-{74D1B988-A23E-4C86-AE1E-6D226CDD03FB} - C:\WINDOWS\system32\pmnnOHAs.dll
BHO-{85891CF5-118E-44AF-8682-A7B08D33A9E7} - (no file)
BHO-{93F5F18B-5878-414B-AB0E-4FF9B5C2FBEA} - (no file)
BHO-{95AE355D-A5B0-4B06-8276-2B2B78D5B061} - (no file)
BHO-{95ED1CE5-20AB-4555-A139-78C36F113260} - (no file)
BHO-{b73a4708-a850-2e89-323f-68ace242aa4c} - (no file)
BHO-{BA2A2046-75A4-47C0-A09C-F0DCC706D39B} - (no file)
BHO-{D24984D4-08A8-44CB-8540-4A13C4363719} - (no file)
BHO-{E6003118-D0E7-490F-ACDC-2E1FE30CB23D} - (no file)
BHO-{F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
BHO-{F344CF0F-CD06-471F-95CE-38EA8611F75A} - (no file)
BHO-{F652F26E-B465-4DA3-9B1B-AD38F19DE307} - (no file)
BHO-{FC608CBB-00FA-46AE-A2FC-A8AEF97C8CE7} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKLM-Run-041f4231 - C:\WINDOWS\system32\frslxidb.dll
HKLM-Run-BM072c71ad - C:\WINDOWS\system32\mcesrlno.dll
HKLM-Run-{f82c1ca9-81dc-c39d-deec-323039476da4} - C:\WINDOWS\system32\rlbdhoenlwklwk.dll
Notify-geBsqPFx - (no file)
Notify-hgGawTjg - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:35:17
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\msnav32.ax 36 bytes
C:\WINDOWS\system32\rwwnw64d.exe 49204 bytes executable
C:\WINDOWS\system32\vtUNGAqr.dll 31232 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 3
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vtUNGAqr.dll
-> C:\Documents and Settings\greg\winlogon.exe
-> C:\WINDOWS\system32\nview.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-08 18:42:13 - machine was rebooted [greg]
ComboFix-quarantined-files.txt 2008-07-08 16:42:02
Pre-Run: 78,920,314,880 octets libres
Post-Run: 78,912,942,080 octets libres
422 --- E O F --- 2008-06-20 17:02:10
Le suivant :
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 932
Windows 5.1.2600 Service Pack 2
21:43:25 8/07/2008
mbam-log-7-8-2008 (21-43-25).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 131012
Temps écoulé: 44 minute(s), 49 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 45
Processus mémoire infecté(s):
C:\WINDOWS\system32\rswnw64s.exe (Adware.Agent) -> Unloaded process successfully.
C:\Documents and Settings\greg\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\efcDVooP.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtUNGAqr.dll (Trojan.vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a0763ae-c1a7-4770-a3b8-9f02dd31ddd1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1a0763ae-c1a7-4770-a3b8-9f02dd31ddd1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e91c2855-ac7e-4ed9-b488-0f78fae8ad2d} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e91c2855-ac7e-4ed9-b488-0f78fae8ad2d} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtungaqr (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\downloader.downloaderctrl.1 (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon applicationedc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm072c71ad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e91c2855-ac7e-4ed9-b488-0f78fae8ad2d} (Trojan.vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdvoop -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdvoop -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\efcDVooP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\PooVDcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PooVDcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rswnw64s.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].2.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\aaugsw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXOFyvT.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dpomriit.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBsqPFx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\opnomnol.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlkKEU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayaBTLd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP115\A0048063.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP121\A0058373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079904.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079956.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079977.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0079991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0081133.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP139\A0081134.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP31\A0008364.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP45\A0012262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP45\A0012292.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP46\A0012521.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP83\A0032037.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP83\A0032093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dapi\jvvtmp3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ver\bmndird.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\greg\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmJAPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmmnLE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUNFXOg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUNGAqr.dll (Trojan.vundo) -> Delete on reboot.
Et enfin :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:16, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {092D0DD3-1AE2-4CAB-BE79-CC7156608AEE} - (no file)
O2 - BHO: (no name) - {1A0763AE-C1A7-4770-A3B8-9F02DD31DDD1} - C:\WINDOWS\system32\efcDVooP.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {3CD9C267-160A-4288-8E91-C6EE34B83648} - (no file)
O2 - BHO: (no name) - {413B7B11-06BB-4071-A00E-4416FDC50E76} - (no file)
O2 - BHO: (no name) - {4E5A1232-9358-457D-9F77-A1FFD9554179} - (no file)
O2 - BHO: (no name) - {5BB75A9C-9633-4930-8C0B-91FD7F7749F1} - (no file)
O2 - BHO: (no name) - {5C5B0569-ADE7-40DF-B9C7-10FE8888FBAB} - (no file)
O2 - BHO: (no name) - {6388A346-3B41-420F-A35A-ED65B349F777} - (no file)
O2 - BHO: (no name) - {64A058D4-4851-4A04-B243-6D13364066EF} - (no file)
O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: (no name) - {74D1B988-A23E-4C86-AE1E-6D226CDD03FB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85891CF5-118E-44AF-8682-A7B08D33A9E7} - (no file)
O2 - BHO: (no name) - {93F5F18B-5878-414B-AB0E-4FF9B5C2FBEA} - (no file)
O2 - BHO: (no name) - {95AE355D-A5B0-4B06-8276-2B2B78D5B061} - (no file)
O2 - BHO: (no name) - {95ED1CE5-20AB-4555-A139-78C36F113260} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O2 - BHO: gooochi browser optimizer - {b73a4708-a850-2e89-323f-68ace242aa4c} - C:\WINDOWS\system32\rlbdhoenlwklwk.dll
O2 - BHO: (no name) - {BA2A2046-75A4-47C0-A09C-F0DCC706D39B} - (no file)
O2 - BHO: (no name) - {D24984D4-08A8-44CB-8540-4A13C4363719} - (no file)
O2 - BHO: (no name) - {E6003118-D0E7-490F-ACDC-2E1FE30CB23D} - (no file)
O2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - C:\WINDOWS\system32\vtUNGAqr.dll
O2 - BHO: (no name) - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
O2 - BHO: (no name) - {F344CF0F-CD06-471F-95CE-38EA8611F75A} - (no file)
O2 - BHO: (no name) - {F652F26E-B465-4DA3-9B1B-AD38F19DE307} - (no file)
O2 - BHO: (no name) - {FC608CBB-00FA-46AE-A2FC-A8AEF97C8CE7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{f82c1ca9-81dc-c39d-deec-323039476da4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\rlbdhoenlwklwk.dll" DllStart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\greg\winlogon.exe
O4 - HKLM\..\Run: [BM072c71ad] "Rundll32.exe" "C:\WINDOWS\system32\mcesrlno.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntktdm.exe DWram02
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HOTASMode] "C:\Program Files\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BU
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64s.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fitness%20Frenzy/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129731383765
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} -
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geBsqPFx - C:\WINDOWS\
O20 - Winlogon Notify: hgGawTjg - C:\WINDOWS\
O20 - Winlogon Notify: vtUNGAqr - C:\WINDOWS\SYSTEM32\vtUNGAqr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 14301 bytes
Voilà,surtout ne psse pas la nuit dessus,je propose de continuer demain
Bonne soirée et merci
17 ans.
