Pb adware Virtumonde dll
bakroman
Messages postés
15
Statut
Membre
-
bakroman Messages postés 15 Statut Membre -
bakroman Messages postés 15 Statut Membre -
Bonjour,
J'ai un soucis avec l'adware Virtumonde et un fichier sous C:\windows\system32\pmnmnkk.dll
Je n'arrive pas à le supprimer avec différents logiciels préconiser sur un précédent sujet du forum.
voici mon log:
Logfile of HijackThis v1.99.1
Scan saved at 17:44:11, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
H:\oijfxd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\pmnmnkk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AFB3D58D-C4F6-466C-B8C8-D8BAFCC5B811} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: (no name) - {BEFDFBD6-9B21-4483-8AAD-77A06243D560} - C:\WINDOWS\system32\awtsp.dll (file missing)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] NHL Live 2007
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marmottons73.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnmnkk - C:\WINDOWS\SYSTEM32\pmnmnkk.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Merci d'avance de me donner un coup de main !!!
J'ai un soucis avec l'adware Virtumonde et un fichier sous C:\windows\system32\pmnmnkk.dll
Je n'arrive pas à le supprimer avec différents logiciels préconiser sur un précédent sujet du forum.
voici mon log:
Logfile of HijackThis v1.99.1
Scan saved at 17:44:11, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
H:\oijfxd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\pmnmnkk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AFB3D58D-C4F6-466C-B8C8-D8BAFCC5B811} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: (no name) - {BEFDFBD6-9B21-4483-8AAD-77A06243D560} - C:\WINDOWS\system32\awtsp.dll (file missing)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] NHL Live 2007
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/messenger/AxLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://marmottons73.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnmnkk - C:\WINDOWS\SYSTEM32\pmnmnkk.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Merci d'avance de me donner un coup de main !!!
A voir également:
- Pb adware Virtumonde dll
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- Adware - Guide
- Xinput1_3.dll - Forum Windows
- Advapi32.dll ccleaner - Forum Windows 7
- CCleaner détecte dll manquantes ✓ - Forum Windows
23 réponses
Voici mon rapport combo fix car j'ai encore un pb avec spyware secure !!! mon scan vundofix n'a rien donné...
merci pour votre aide
"Administrateur" - 2007-10-29 9:41:41 - ComboFix 07-07-23.2 - Service Pack 2 NTFS [SAFE MODE]
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
2007-10-29 09:36 <REP> d-------- C:\WINDOWS\pss
2007-10-29 09:25 <REP> d-------- C:\Program Files\Trend Micro
2007-10-21 19:56 90,112 --a------ C:\WINDOWS\system32\CNMCP50.exe
2007-10-21 19:56 8,704 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2007-10-21 19:56 140,288 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2007-10-21 19:56 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-10-18 21:49 <REP> d-------- C:\ConvertTemp
2007-10-18 21:35 <REP> d-------- C:\DOCUME~1\LECORR~1\APPLIC~1\Samsung
2007-10-18 19:13 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-10-18 19:13 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-10-18 19:13 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-10-18 19:13 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-10-18 19:13 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-10-18 19:13 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-10-18 19:13 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-10-18 19:13 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-10-18 19:12 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-10-18 19:12 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-10-18 19:12 <REP> d-------- C:\Program Files\Samsung
2007-10-08 11:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-29 08:06:29 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-28 11:46:46 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-28 09:06:11 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-28 09:06:10 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-24 19:07:32 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2007-10-24 17:15:52 -------- d-----w C:\Program Files\Paint.NET
2007-10-22 14:55:04 -------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-10-20 18:56:59 -------- d-----w C:\Program Files\eMule
2007-10-18 20:32:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 10:51:24 -------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-10-01 15:05:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-01 15:01:36 -------- d-----w C:\Program Files\EA SPORTS
2007-09-14 11:14:01 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-09-14 11:13:20 -------- d-----w C:\Program Files\MeuhMeuhTV
2007-09-12 18:09:49 -------- d-----w C:\Program Files\adslTV
2007-09-08 09:52:06 -------- d-----w C:\Program Files\Azureus
2007-09-06 05:50:53 -------- d-----w C:\Program Files\Neuf
2007-09-06 05:50:43 -------- d-----w C:\Program Files\neuf telecom
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-07-18 13:41:13 1,019,094 -csha-r C:\Program Files\serial.zip
2006-07-18 13:41:13 1,019,094 -csha-r C:\Program Files\serial.tde
2006-05-28 16:46:51 397,306 -csha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46:51 397,306 -csha-r C:\Program Files\wunauclt.tbe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C648A2B7-1EDF-442F-BEBE-03C5F793959D}]
C:\WINDOWS\system32\vtstu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2004-04-02 13:31 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-08-10 00:45]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-05 15:07]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-12-08 19:57]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 07:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EoRss"=
"EoEngine"=
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R2 winmgmt;Infrastructure de gestion Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 09:44:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-10-29 9:45:46
C:\ComboFix-quarantined-files.txt ... 2007-07-22 18:17
C:\ComboFix2.txt ... 2007-07-22 18:17
--- E O F ---
merci pour votre aide
"Administrateur" - 2007-10-29 9:41:41 - ComboFix 07-07-23.2 - Service Pack 2 NTFS [SAFE MODE]
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
2007-10-29 09:36 <REP> d-------- C:\WINDOWS\pss
2007-10-29 09:25 <REP> d-------- C:\Program Files\Trend Micro
2007-10-21 19:56 90,112 --a------ C:\WINDOWS\system32\CNMCP50.exe
2007-10-21 19:56 8,704 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2007-10-21 19:56 140,288 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2007-10-21 19:56 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-10-18 21:49 <REP> d-------- C:\ConvertTemp
2007-10-18 21:35 <REP> d-------- C:\DOCUME~1\LECORR~1\APPLIC~1\Samsung
2007-10-18 19:13 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-10-18 19:13 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-10-18 19:13 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-10-18 19:13 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-10-18 19:13 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-10-18 19:13 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-10-18 19:13 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-10-18 19:13 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-10-18 19:12 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-10-18 19:12 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-10-18 19:12 <REP> d-------- C:\Program Files\Samsung
2007-10-08 11:52 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-29 08:06:29 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-28 11:46:46 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-28 09:06:11 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-10-28 09:06:10 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-10-24 19:07:32 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2007-10-24 17:15:52 -------- d-----w C:\Program Files\Paint.NET
2007-10-22 14:55:04 -------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-10-20 18:56:59 -------- d-----w C:\Program Files\eMule
2007-10-18 20:32:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 10:51:24 -------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-10-01 15:05:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-01 15:01:36 -------- d-----w C:\Program Files\EA SPORTS
2007-09-14 11:14:01 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-09-14 11:13:20 -------- d-----w C:\Program Files\MeuhMeuhTV
2007-09-12 18:09:49 -------- d-----w C:\Program Files\adslTV
2007-09-08 09:52:06 -------- d-----w C:\Program Files\Azureus
2007-09-06 05:50:53 -------- d-----w C:\Program Files\Neuf
2007-09-06 05:50:43 -------- d-----w C:\Program Files\neuf telecom
2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-07-18 13:41:13 1,019,094 -csha-r C:\Program Files\serial.zip
2006-07-18 13:41:13 1,019,094 -csha-r C:\Program Files\serial.tde
2006-05-28 16:46:51 397,306 -csha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46:51 397,306 -csha-r C:\Program Files\wunauclt.tbe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C648A2B7-1EDF-442F-BEBE-03C5F793959D}]
C:\WINDOWS\system32\vtstu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2004-04-02 13:31 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-08-10 00:45]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-05 15:07]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-12-08 19:57]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 07:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EoRss"=
"EoEngine"=
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R2 winmgmt;Infrastructure de gestion Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 09:44:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-10-29 9:45:46
C:\ComboFix-quarantined-files.txt ... 2007-07-22 18:17
C:\ComboFix2.txt ... 2007-07-22 18:17
--- E O F ---
