Pc lent à cause de virus...(ulimate defender)

foubit Messages postés 78 Statut Membre -  
 tronaz -
bonjour.
j'ai un probleme depuis ce matin mon pc est tres lent depuis qu'une fenetre est aparue me proposant "ultimate defender".cette fenetre est revenue plusieurs fois et je n'arrive pas à m'en debarrasser..
J'ai essayé des logiciels que j'ai (avast avg antyspyware spybot...) mais toujours rien de mieux..
Quelqu'un peut m'aider?
Merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

36 réponses

  • 1
  • 2
Résumé de la discussion

Un problème de lenteur persiste après l'apparition d'une fenêtre proposant « Ultimate Defender », et les solutions antivirus habituelles ne suffisent pas à éliminer l'infection sur le système.
Plusieurs utilisateurs recommandent de démarrer en mode sans échec et d'utiliser des outils spécialisés comme SmitFraudFix, ComboFix ou HijackThis, puis d'analyser les rapports pour cibler les éléments malveillants.
D'autres interventions consistent à identifier des programmes de démarrage ou des BHO et à nettoyer les entrées du registre et les fichiers suspects pour restaurer les performances.
En cas de persistance, le fil montre des échanges de rapports détaillés et des vérifications complémentaires, avec des conseils sur la lecture des journaux d'infection pour guider les prochaines étapes.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    oki

    relance en mode sans echec et cette fois fait l option 2

    a++
    1
    1. tronaz
       
      enfin tout à l'air d'etre rentre dans l'ordre plus d'icone sur mon bureau 10 minutes que ma session est ouverte et toujours pas de message d'alerte, t'est tro fort!!!
      cependant une derniere chose si possible et sans vouloir abuser de ta gentillesse c'est ma nature curieuse qui veut ca, serait il possible que tu m'explique ou eventuellement tu me dise ou c que je peux comprendre comment diagnostiquer le probleme en editant de tel rapport, comment savoir ce qui est correcte ou non???
      En espérant que toi ou un autre puisse me l'expliker, je te remercie encore de ton aide precieuse et à bientot salut!!!!!!!!!!!
      0
  2. foubit Messages postés 78 Statut Membre
     
    s'il vous plait aidez moi!!!
    0
  3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    fait ceci
    HijackThis (ici) http://ww11.spywareinfo.com/%7Emerijn/downloads.html

    telecharge le et met le dans son propre dossier ex/c :hj
    clik sur do a systeme scan et save a logfile
    et copier coller le rapport
    demo
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    ---------------------------
    ensuite
    Scan bit defender
    https://www.bitdefender.fr/
    clik sur scan on line a gauche et suis la procedure
    demo de scan
    http://perso.orange.fr/rginformatique/section%20virus/defender.htm
    et donne le rapport
    a++
    0
  4. foubit Messages postés 78 Statut Membre
     
    mercide la reponse.voici mon scan:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:03:15, on 12/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\itmanhc.exe
    C:\WINDOWS\system32\relccxs.exe
    C:\WINDOWS\system32\secrvkkm.exe
    C:\WINDOWS\system32\regyscqm.exe
    C:\WINDOWS\system32\xmllwmew.exe
    C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    C:\WINDOWS\system32\dfmmaps.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elise et Quentin
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {09705708-BB6B-4223-93DA-6B17D9CCD288} - (no file)
    O2 - BHO: (no name) - {1B4BC9DC-B9E1-4181-80C5-3FA329FBDCDE} - C:\WINDOWS\system32\pmnnn.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvuut.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ohlsgmog.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKLM\..\Run: [mmsddlx] regyscqm.exe
    O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    O4 - HKLM\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ntlfyxct.dll",realset
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKCU\..\Run: [mmsddlx] regyscqm.exe
    O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
    O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
    O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
    O20 - Winlogon Notify: xxyvuut - C:\WINDOWS\SYSTEM32\xxyvuut.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for

    a++
    0
  7. foubit Messages postés 78 Statut Membre
     
    voici le rapport de bitdefender
    BitDefender Online Scanner

    Scan report generated at: Wed, Jun 13, 2007 - 00:52:10

    Scan path: C:\;D:\;E:\;

    Statistics

    Time
    01:45:54

    Files
    374171

    Folders
    7413

    Boot Sectors
    3

    Archives
    7588

    Packed Files
    12362

    Results

    Identified Viruses
    7

    Infected Files
    10

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    8

    Engines Info

    Virus Definitions
    513261

    Engine build
    AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\(quentin)\3.tmp
    Infected with: Backdoor.Rustock.NBM

    C:\Documents and Settings\(quentin)\3.tmp
    Disinfection failed

    C:\Documents and Settings\(quentin)\3.tmp
    Deleted

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
    Infected with: Win32.Worm.Wupad.A

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
    Disinfection failed

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
    Deleted

    C:\WINDOWS\system32\fybvjyyl.exe
    Infected with: Trojan.LowZones.SA

    C:\WINDOWS\system32\fybvjyyl.exe
    Disinfection failed

    C:\WINDOWS\system32\fybvjyyl.exe
    Deleted

    C:\WINDOWS\system32\hvjdyurp.dll
    Infected with: GenPack:Trojan.Vundo.DLZ

    C:\WINDOWS\system32\hvjdyurp.dll
    Disinfection failed

    C:\WINDOWS\system32\hvjdyurp.dll
    Deleted

    C:\WINDOWS\system32\iifeded.dll
    Infected with: Trojan.Vundo.DMA

    C:\WINDOWS\system32\iifeded.dll
    Disinfection failed

    C:\WINDOWS\system32\iifeded.dll
    Deleted

    C:\WINDOWS\system32\pmnnn.dll
    Infected with: Trojan.Vundo.DLY

    C:\WINDOWS\system32\pmnnn.dll
    Disinfection failed

    C:\WINDOWS\system32\pmnnn.dll
    Delete failed

    C:\WINDOWS\system32\pvirtqyd.exe
    Infected with: Trojan.LowZones.SA

    C:\WINDOWS\system32\pvirtqyd.exe
    Disinfection failed

    C:\WINDOWS\system32\pvirtqyd.exe
    Deleted

    C:\WINDOWS\system32\rqrqpqp.dll
    Infected with: Trojan.Vundo.DMA

    C:\WINDOWS\system32\rqrqpqp.dll
    Disinfection failed

    C:\WINDOWS\system32\rqrqpqp.dll
    Deleted

    C:\WINDOWS\system32\xxyvuut.dll
    Infected with: Trojan.Vundo.DMA

    C:\WINDOWS\system32\xxyvuut.dll
    Disinfection failed

    C:\WINDOWS\system32\xxyvuut.dll
    Delete failed

    C:\WINDOWS\system32\ygpmfwvm.dll
    Infected with: Trojan.Spy.VBStat.B

    C:\WINDOWS\system32\ygpmfwvm.dll
    Deleted

    je m'occupe tout de suite du logiciel dont tu m'as parlé
    Merci encore
    0
  8. foubit Messages postés 78 Statut Membre
     
    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.10

    Scan started at 01:46:44 13/06/2007

    Listing files found while scanning....

    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.10

    Scan started at 19:47:22 13/06/2007

    Listing files found while scanning....

    C:\windows\system32\nnnmp.bak1
    C:\WINDOWS\system32\nnnmp.bak2
    C:\WINDOWS\system32\nnnmp.ini
    C:\windows\system32\ohlsgmog.dll
    C:\WINDOWS\system32\pmnnn.dll
    C:\windows\system32\xxyvuut.dll

    Beginning removal...

    Beginning removal...

    Attempting to delete C:\windows\system32\nnnmp.bak1
    C:\windows\system32\nnnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnmp.bak2
    C:\WINDOWS\system32\nnnmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnmp.ini
    C:\WINDOWS\system32\nnnmp.ini Has been deleted!

    Attempting to delete C:\windows\system32\ohlsgmog.dll
    C:\windows\system32\ohlsgmog.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\pmnnn.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxyvuut.dll
    C:\windows\system32\xxyvuut.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  9. foubit Messages postés 78 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:02:35, on 13/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\itmanhc.exe
    C:\WINDOWS\system32\relccxs.exe
    C:\WINDOWS\system32\secrvkkm.exe
    C:\WINDOWS\system32\regyscqm.exe
    C:\WINDOWS\system32\xmllwmew.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    C:\WINDOWS\system32\dfmmaps.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.30-delta.exe
    c:\123017fce6fe33eb8a75d4\mrtstub.exe
    C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe
    C:\WINDOWS\system32\MRT.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b29e2e7187b59f66d367afef04c7dfd5\update\update.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elise et Quentin
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvuut.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ohlsgmog.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKLM\..\Run: [mmsddlx] regyscqm.exe
    O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    O4 - HKLM\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ntlfyxct.dll",realset
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKCU\..\Run: [mmsddlx] regyscqm.exe
    O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
    O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
    O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  10. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    1. Télécharge combofix.exe (par sUBs) ici :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    sur ton Bureau.

    2. Double clique combofix.exe et suis les invites.
    3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    a++
    0
  11. foubit Messages postés 78 Statut Membre
     
    je suis désolé pour le delai,j'ai eu beaucoup de mal à ce que combofix fonctionne correctement..
    voici le rapport:
    [code]
    2006-12-14 14:52 461 --a--c--- C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
    2007-01-20 16:34 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\(QUENT~1\Bureau\Internet Explorer.lnk.vir
    2007-06-11 08:41 22016 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winpsa32.dll.vir
    2007-06-11 10:12 62350 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
    2007-06-11 10:13 58130 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll.vir
    2007-06-11 10:13 73727 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll.vir
    2007-06-12 18:17 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ntlfyxct.dll.vir
    2007-06-12 23:11 555 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wpcjmd.log.vir
    2007-06-14 11:22 973008 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tcxyfltn.ini.vir
    2007-06-14 11:30 10182 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
    2007-06-14 11:30 200 --a------ C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf
    2007-06-14 11:32 295 --a------ C:\Qoobox\Quarantine\catchme.log
    2007-06-14 11:32 60431 --a------ C:\Qoobox\Quarantine\catchme2007-06-14_113919.35.zip

    Structure du dossier pour le volume HDD
    Le num‚ro de s‚rie du volume est 6060-B295
    C:\QOOBOX
    \---Quarantine
    | catchme.log
    | catchme2007-06-14_113919.35.zip
    |
    +---C
    | +---DOCUME~1
    | | \---(QUENT~1
    | | \---Bureau
    | | Internet Explorer.lnk.vir
    | |
    | +---Program Files
    | | | INSTALL.LOG.vir
    | | |
    | | \---Fichiers communs
    | | \---Microsoft Shared
    | | \---Web Folders
    | | ibm00001.dll.vir
    | | ibm00002.dll.vir
    | |
    | \---WINDOWS
    | | wpcjmd.log.vir
    | |
    | \---system32
    | ntlfyxct.dll.vir
    | tcxyfltn.ini.vir
    | winpsa32.dll.vir
    | xpdx.sys.vir
    |
    \---Registry_backups
    services_nm.reg.cf
    services_xpdx.reg.cf

    [/code]
    0
  12. foubit Messages postés 78 Statut Membre
     
    désolé,je crois que le rapport,c'est plutot ça:
    ComboFix 07-06-13.3
    "(quentin)" - 2007-06-14 11:22:55 - Service Pack 2 NTFS

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\ntlfyxct.dll
    C:\WINDOWS\system32\winpsa32.dll
    C:\WINDOWS\system32\tcxyfltn.ini

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\(QUENT~1\Bureau.\internet explorer.lnk
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
    C:\Program Files\install.log
    C:\WINDOWS\system32\xpdx.sys
    C:\WINDOWS\wpcjmd.log

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\nm
    -------\xpdx

    ((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))

    2007-06-14 00:32 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-13 01:46 <REP> d-------- C:\VundoFix Backups
    2007-06-12 22:51 70,941 --a------ C:\WINDOWS\ertreedwefwe.exe
    2007-06-12 22:51 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
    2007-06-12 18:23 <REP> d-------- C:\Program Files\Ultimate Cleaner
    2007-06-12 18:15 47,019 --a------ C:\WINDOWS\regrththrerer.exe
    2007-06-11 23:23 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gdqfqtyx.exe
    2007-06-11 21:48 45,357 --a------ C:\WINDOWS\erwtyhtujherg.exe
    2007-06-11 14:21 <REP> d-------- C:\Downloads
    2007-06-11 10:47 76,641 --a------ C:\WINDOWS\dsfrertr.exe
    2007-06-11 10:47 72,152 --a------ C:\WINDOWS\tryewfdewgre.exe
    2007-06-11 10:12 1,536 --a------ C:\wyjgsa.exe
    2007-06-11 08:42 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gjepsvkz.exe
    2007-06-11 00:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    2007-06-09 17:37 <REP> d-------- C:\DOCUME~1\(QUENT~1\WINDOWS
    2007-06-07 17:07 3,313 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
    2007-06-05 08:20 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-06-05 07:20 13,045 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    2007-06-05 00:04 2,981 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    2007-06-04 15:14 <REP> d-------- C:\Program Files\MSN Messenger
    2007-06-04 15:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2007-06-04 11:39 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
    2007-06-04 10:17 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
    2007-06-03 22:28 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-03 15:14 178,408 --a------ C:\WINDOWS\system32\muweb.dll
    2007-06-03 15:14 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-06-03 08:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    2007-06-03 08:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2007-06-02 13:50 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2007-06-02 01:19 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
    2007-06-01 12:47 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
    2007-06-01 12:46 740,442 --a------ C:\WINDOWS\system32\divx.dll
    2007-06-01 12:46 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
    2007-06-01 12:46 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-06-01 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-06-01 12:46 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2007-06-01 12:46 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-06-01 12:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-05-29 23:09 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
    2007-05-25 22:27 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2007-05-24 00:35 <REP> d-------- C:\Program Files\Emoticons-plus.com
    2007-05-23 19:15 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
    2007-05-23 16:44 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2007-05-23 16:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\National Instruments
    2007-05-23 16:37 <REP> d-------- C:\WINDOWS\system32\cvirte
    2007-05-20 12:45 755,200 --a------ C:\WINDOWS\system32\Ir50_32.dll
    2007-05-20 12:45 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2007-05-20 12:45 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2007-05-20 12:45 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
    2007-05-20 12:45 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
    2007-05-20 12:45 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
    2007-05-20 12:45 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
    2007-05-17 18:59 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-05-17 12:52 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
    2007-05-17 12:52 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
    2007-05-17 12:52 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
    2007-05-16 07:53 <REP> d-------- C:\Program Files\Resource Kit
    2007-05-14 12:44 3,395 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-14 09:40:32 74,940 ----a-w C:\WINDOWS\wqefefgre.exe
    2007-06-14 09:40:32 72,458 ----a-w C:\WINDOWS\ghregrgrfew.exe
    2007-06-14 09:40:31 71,625 ----a-w C:\WINDOWS\twesdwdewewd.exe
    2007-06-14 09:40:24 46,896 ----a-w C:\WINDOWS\jgregrgrethyt.exe
    2007-06-14 09:40:15 75,017 ----a-w C:\WINDOWS\hrefhtrgfew.exe
    2007-06-14 09:40:14 70,376 ----a-w C:\WINDOWS\weewsarfewre.exe
    2007-06-13 22:28:01 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\OpenOffice.org2
    2007-06-12 20:51:31 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
    2007-06-11 11:17:12 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Skype
    2007-06-10 20:56:16 -------- d-----w C:\Program Files\Lx_cats
    2007-06-10 12:20:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-07 15:06:52 593,272 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-06-05 09:30:51 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-06-05 09:30:51 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-06-05 05:56:13 -------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-06-04 07:21:17 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
    2007-06-04 07:21:14 87,608 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\ezpinst.exe
    2007-06-04 07:21:14 47,360 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\pcouffin.sys
    2007-06-04 07:20:37 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Dev-Cpp
    2007-06-02 14:01:34 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ahead
    2007-06-01 10:47:42 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
    2007-05-30 17:21:46 -------- d-----w C:\Program Files\Microsoft Works
    2007-05-29 21:09:04 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
    2007-05-25 18:10:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-05-23 17:25:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-05-23 14:49:32 -------- d-----w C:\Program Files\Common Files
    2007-05-18 17:21:17 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-05-17 10:52:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-05-14 21:50:40 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-05-14 11:11:25 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\AdobeUM
    2007-05-08 09:34:43 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\TuneUp Software
    2007-05-07 09:22:08 -------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-05-06 22:48:59 -------- d-----w C:\Program Files\Ghostgum
    2007-05-06 22:44:23 -------- d-----w C:\Program Files\OpenOffice.org 2.2
    2007-05-04 12:50:53 26 ----a-w C:\AUTOEXEC.BAT
    2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
    2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-05 15:46:59 29 ----a-w C:\WINDOWS\system32\getfile.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2004-08-05 13:00:00 70,941 --sh--r C:\WINDOWS\system32\dfmmaps.exe
    2004-08-05 13:00:00 90,326 --sh--r C:\WINDOWS\system32\dlljwdwv.exe
    2004-08-05 13:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe
    2004-08-05 13:00:00 72,152 --sh--r C:\WINDOWS\system32\itmanhc.exe
    2004-08-05 13:00:00 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe
    2004-08-05 13:00:00 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe
    2004-08-05 13:00:00 93,426 --sh--r C:\WINDOWS\system32\regyscqm.exe
    2004-08-05 13:00:00 76,641 --sh--r C:\WINDOWS\system32\relccxs.exe
    2004-08-05 13:00:00 47,019 --sh--r C:\WINDOWS\system32\secrvkkm.exe
    2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmliklvh.exe
    2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmllwmew.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 12:00]
    {3A8AAF02-744B-4E8A-90BF-FFB026984B98}=C:\WINDOWS\system32\pmnnn.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
    "gdqfqtyx.exe"="C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe" [2007-06-11 23:23]
    "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
    "passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
    "zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
    "rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
    "wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
    "mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
    "msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
    "kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
    "zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
    "rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
    "mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
    "ifperx"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 18:47]
    "wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "imcssl"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "jcidls"="C:\WINDOWS\system32\dfmmaps.exe" [2004-08-05 15:00]
    "scmplay"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
    "mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
    "msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
    "kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "RunStartupScriptSync"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlm]
    opnomlm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnllk]
    pmnnllk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^(quentin)^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\(quentin)\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin300.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin300.exe.lnk
    backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
    rundll32.exe "C:\WINDOWS\system32\hvjdyurp.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
    "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Documents and Settings\(quentin)\Mes documents\program\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
    C:\APPS\EmailChecker\ech.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjepsvkz.exe]
    C:\Documents and Settings\All Users\Application Data\gjepsvkz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
    C:\WINDOWS\ATK0100\HControl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idlesam]
    drvcihsk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifperx]
    C:\WINDOWS\system32\xmliklvh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\passcxd]
    C:\WINDOWS\system32\itmanhc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "c:\Apps\Powercinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\WINDOWS\system32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scmplay]
    C:\WINDOWS\system32\xmliklvh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    Rundll32.exe SiSPower.dll,ModeAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheDaVinciCode_Setup.exe]
    E:\THEDAV~1.EXE /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    %systemroot%\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zcseacrt]
    C:\WINDOWS\system32\relccxs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "TheDaVinciCode_Setup.exe"=E:\THEDAV~1.EXE /r
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
    "Skype"="C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "PCMService"="c:\Apps\Powercinema\PCMService.exe"
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
    "InCD"=C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCD.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp
    NtmlSvc

    Contents of the 'Scheduled Tasks' folder
    2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job
    2007-06-08 15:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-14 11:39:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    ? [268]

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\mmswr.exe
    C:\WINDOWS\system32\dlljwdwv.exe
    C:\WINDOWS\system32\rdsruns.exe
    C:\WINDOWS\system32\ikern32.exe

    scan completed successfully
    hidden files: 4

    **************************************************************************

    Completion time: 2007-06-14 11:42:40 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-14 11:42

    --- E O F ---
    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\ntlfyxct.dll
    C:\WINDOWS\system32\winpsa32.dll
    C:\WINDOWS\system32\tcxyfltn.ini

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\(QUENT~1\Bureau.\internet explorer.lnk
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
    C:\Program Files\install.log
    C:\WINDOWS\system32\xpdx.sys
    C:\WINDOWS\wpcjmd.log

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\nm
    -------\xpdx

    ((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))

    2007-06-14 11:40 75,017 --a------ C:\WINDOWS\hrefhtrgfew.exe
    2007-06-14 11:40 74,940 --a------ C:\WINDOWS\wqefefgre.exe
    2007-06-14 11:40 72,458 --a------ C:\WINDOWS\ghregrgrfew.exe
    2007-06-14 11:40 71,625 --a------ C:\WINDOWS\twesdwdewewd.exe
    2007-06-14 11:40 70,376 --a------ C:\WINDOWS\weewsarfewre.exe
    2007-06-14 11:40 46,896 --a------ C:\WINDOWS\jgregrgrethyt.exe
    2007-06-12 22:51 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
    2007-06-09 17:37 <REP> d-------- C:\DOCUME~1\(QUENT~1\WINDOWS
    2007-06-02 01:19 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
    2007-06-01 12:47 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
    2007-05-29 23:09 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-13 22:28:01 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\OpenOffice.org2
    2007-06-12 20:51:31 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
    2007-06-11 11:17:12 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Skype
    2007-06-10 20:56:16 -------- d-----w C:\Program Files\Lx_cats
    2007-06-10 12:20:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-07 15:06:52 593,272 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-06-05 09:30:51 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-06-05 09:30:51 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-06-05 05:56:13 -------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-06-04 07:21:17 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
    2007-06-04 07:21:14 87,608 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\ezpinst.exe
    2007-06-04 07:21:14 47,360 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\pcouffin.sys
    2007-06-04 07:20:37 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Dev-Cpp
    2007-06-02 14:01:34 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ahead
    2007-06-01 10:47:42 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
    2007-05-30 17:21:46 -------- d-----w C:\Program Files\Microsoft Works
    2007-05-29 21:09:04 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
    2007-05-25 18:10:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-05-23 17:25:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-05-23 14:49:32 -------- d-----w C:\Program Files\Common Files
    2007-05-18 17:21:17 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-05-17 10:52:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-05-14 21:50:40 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-05-14 11:11:25 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\AdobeUM
    2007-05-08 09:34:43 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\TuneUp Software
    2007-05-07 09:22:08 -------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-05-06 22:48:59 -------- d-----w C:\Program Files\Ghostgum
    2007-05-06 22:44:23 -------- d-----w C:\Program Files\OpenOffice.org 2.2
    2007-05-04 12:50:53 26 ----a-w C:\AUTOEXEC.BAT
    2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
    2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-05 15:46:59 29 ----a-w C:\WINDOWS\system32\getfile.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2004-08-05 13:00:00 70,941 --sh--r C:\WINDOWS\system32\dfmmaps.exe
    2004-08-05 13:00:00 90,326 --sh--r C:\WINDOWS\system32\dlljwdwv.exe
    2004-08-05 13:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe
    2004-08-05 13:00:00 72,152 --sh--r C:\WINDOWS\system32\itmanhc.exe
    2004-08-05 13:00:00 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe
    2004-08-05 13:00:00 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe
    2004-08-05 13:00:00 93,426 --sh--r C:\WINDOWS\system32\regyscqm.exe
    2004-08-05 13:00:00 76,641 --sh--r C:\WINDOWS\system32\relccxs.exe
    2004-08-05 13:00:00 47,019 --sh--r C:\WINDOWS\system32\secrvkkm.exe
    2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmliklvh.exe
    2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmllwmew.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 12:00]
    {3A8AAF02-744B-4E8A-90BF-FFB026984B98}=C:\WINDOWS\system32\pmnnn.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
    "gdqfqtyx.exe"="C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe" [2007-06-11 23:23]
    "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
    "syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
    "mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
    "msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
    "kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
    "zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
    "rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
    "mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
    "ifperx"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 18:47]
    "wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "imcssl"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "jcidls"="C:\WINDOWS\system32\dfmmaps.exe" [2004-08-05 15:00]
    "scmplay"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
    "syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
    "mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
    "msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
    "kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "RunStartupScriptSync"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlm]
    opnomlm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnllk]
    pmnnllk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^(quentin)^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\(quentin)\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin300.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin300.exe.lnk
    backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
    rundll32.exe "C:\WINDOWS\system32\hvjdyurp.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
    "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Documents and Settings\(quentin)\Mes documents\program\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
    C:\APPS\EmailChecker\ech.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjepsvkz.exe]
    C:\Documents and Settings\All Users\Application Data\gjepsvkz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
    C:\WINDOWS\ATK0100\HControl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idlesam]
    drvcihsk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifperx]
    C:\WINDOWS\system32\xmliklvh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\passcxd]
    C:\WINDOWS\system32\itmanhc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "c:\Apps\Powercinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\WINDOWS\system32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scmplay]
    C:\WINDOWS\system32\xmliklvh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    Rundll32.exe SiSPower.dll,ModeAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheDaVinciCode_Setup.exe]
    E:\THEDAV~1.EXE /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    %systemroot%\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zcseacrt]
    C:\WINDOWS\system32\relccxs.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "TheDaVinciCode_Setup.exe"=E:\THEDAV~1.EXE /r
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
    "Skype"="C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "PCMService"="c:\Apps\Powercinema\PCMService.exe"
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
    "InCD"=C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCD.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp
    NtmlSvc

    Contents of the 'Scheduled Tasks' folder
    2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job
    2007-06-08 15:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job
    0
  13. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    télécharge Brute Force Uninstaller
    http://www.merijn.org/files/bfu.zip
    met le dans son propre dossier ex:c:bfu (voir demo) http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm

    ensuite
    ouvre ton bloc note et copie colle ceci pas les etoiles

    ************
    ProcessKill \relccxs.exe
    ProcessKill \secrvkkm.exe
    ProcessKill \regyscqm.exe
    ProcessKill \xmllwmew.exe
    ProcessKill \gdqfqtyx.exe
    ProcessKill \dfmmaps.exe

    OptionUnloadShell
    DllUnregister %SYSDIR%\winpsa32.dll|1

    FileDelete %SYSDIR%\itmanhc.exe
    FileDelete %SYSDIR%\relccxs.exe
    FileDelete %SYSDIR%\secrvkkm.exe
    FileDelete %SYSDIR%\xmllwmew.exe
    FileDelete %SYSDIR%\dfmmaps.exe
    FileDelete %SYSDIR%\regyscqm.exe
    FileDelete %SYSDIR%\winpsa32.dll
    FileDelete %ALLUSERSAPPDATA%\gdqfqtyx.exe

    RegDeleteKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpsa32.dll

    ************
    enregistre le dans le meme dossier que bfu.exe et donne lui comme nom fixer

    ensuite double clik sur bfu.exe
    Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur fixer
    Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\FIXER
    Clique sur "Execute" et laisse-le faire son travail.
    Attendre que "Complete script execution" apparaîsse et clique sur OK.
    Clique exit pour fermer le programme BFU.
    Recommence encore une fois.

    LA REFAIT UN HIJACK ET DONNE LE RAPPORT
    0
  14. foubit Messages postés 78 Statut Membre
     
    je suis désolé,je vais certainement paraitre bete,mais je n'obtient pas le meme dossier que sur la video..je n'ai pas le dossier "egdaccess"... Pourtant j'ai bien dezipé le dossier dans C...
    Désolé...
    0
  15. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    sur la video c est un exemple la le dossier que tu doit avoir c est celui que je t est fait enregistre
    via le bloc note il s appelle fixer
    a++
    0
  16. foubit Messages postés 78 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:22, on 2007-06-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ikern32.exe
    C:\WINDOWS\system32\mmswr.exe
    C:\WINDOWS\system32\rdsruns.exe
    C:\WINDOWS\system32\itmanhc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\office\OFFICE11\POWERPNT.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKLM\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKLM\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKLM\..\Run: [kstscc] dlljwdwv.exe
    O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKCU\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKCU\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKCU\..\Run: [kstscc] dlljwdwv.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
    O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  17. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    relance hijack coche toutes les ligne que je te met en dessous et ensuite clik sur fix

    O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
    O4 - HKLM\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKLM\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKLM\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKLM\..\Run: [kstscc] dlljwdwv.exe
    O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
    O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
    O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
    O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
    O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
    O4 - HKCU\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKCU\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKCU\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKCU\..\Run: [kstscc] dlljwdwv.exe
    O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
    O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)

    ensuite redemarre et refait moi un nouvel hijack

    a tu bien fait le script bfu?
    0
  18. foubit Messages postés 78 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:21, on 2007-06-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\xmlawhfz.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\antivirus\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  19. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    re
    assure toi de ceci

    Affiche tous les fichiers et dossiers :
    cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu
    Puis fais "Ok" pour valider les changements.

    Et appliquer

    recherche et suppr ceci
    C:\WINDOWS\system32\xmlawhfz.exe
    si il ne veut pas se suppr redemarre en mode sans echec et suppr le
    ensuite refait un hijack
    0
  20. foubit Messages postés 78 Statut Membre
     
    revoici le log..
    merci de ton aide, j'ai l'impression que mon pc rame de moins en moins
    0
  21. foubit Messages postés 78 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:02, on 2007-06-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Alwil Software\Avast4\aswUpdSv.exe
    C:\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Alwil Software\Avast4\ashMaiSv.exe
    C:\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\(quentin)\Mes documents\program\antivirus\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  • 1
  • 2