[windows] Lenteur PC
Imade
-
Imade -
Imade -
Bonjour,
Suite à une nouvelle install de mon PC, je le trouve particulièrement lent.
Au fait, j'ai fait l'erreur de le laisser connecté à internet (30 secondes!) sans avoir de firewall ni d'antivirus. du coup j'ai récupéré plein de m ... (virus, trojan .. et compagnie).
J'ai fait des analyses antivirus avec Avast et puis avec Bitdefender, qui ont trouvé effectivement des virus, j'ai pris aussi les dernières update de windows SP2, j'ai aussi Kerio, mais il est toujours lent, avec des fois des publicités qui s'affichent automatiquement..
J'ai utilisé Hijack this, mais j'avoue que je ne suis pas un spécialiste .. merci de votre aide pour l'analyse de ce rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:40, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {98EA5D7D-D404-4678-AE20-43337EF44547} - C:\WINDOWS\System32\jkklk.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkklk - C:\WINDOWS\System32\jkklk.dll
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Suite à une nouvelle install de mon PC, je le trouve particulièrement lent.
Au fait, j'ai fait l'erreur de le laisser connecté à internet (30 secondes!) sans avoir de firewall ni d'antivirus. du coup j'ai récupéré plein de m ... (virus, trojan .. et compagnie).
J'ai fait des analyses antivirus avec Avast et puis avec Bitdefender, qui ont trouvé effectivement des virus, j'ai pris aussi les dernières update de windows SP2, j'ai aussi Kerio, mais il est toujours lent, avec des fois des publicités qui s'affichent automatiquement..
J'ai utilisé Hijack this, mais j'avoue que je ne suis pas un spécialiste .. merci de votre aide pour l'analyse de ce rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:40, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {98EA5D7D-D404-4678-AE20-43337EF44547} - C:\WINDOWS\System32\jkklk.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: jkklk - C:\WINDOWS\System32\jkklk.dll
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- [windows] Lenteur PC
- Lenteur pc - Guide
- Reinitialiser pc - Guide
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Clé windows 8 - Guide
21 réponses
Salut
effectivement, ces 30 sec. ont été fatales :)
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
++
effectivement, ces 30 sec. ont été fatales :)
Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :
http://www.atribune.org/ccount/click.php?id=4
*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
++
Merci de cette première réponse!
Voilà ce que donne le deuxième log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:31, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Voilà ce que donne le deuxième log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:31, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Salut
ok,
Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Démarre en mode sans echec
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt, avec un nouveau hijack stp
@+
ok,
Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Démarre en mode sans echec
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt, avec un nouveau hijack stp
@+
Salut!
Voilà les rapports : COMBOFIX :
ComboFix 07-08-17.2 - "Imade elbaraka" 2007-08-24 21:01:55.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.387 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-24 15:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 12:09 758,917 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-08-24 00:35 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\vlc
2007-08-24 00:15 901,120 --------- C:\WINDOWS\Unnero.exe
2007-08-24 00:15 532,480 --------- C:\WINDOWS\system32\imagx5.dll
2007-08-24 00:15 507,904 --------- C:\WINDOWS\system32\imagr5.dll
2007-08-24 00:15 49,152 --------- C:\WINDOWS\system32\MultiSZ.dll
2007-08-24 00:15 35,328 --------- C:\WINDOWS\system32\picn20.dll
2007-08-24 00:15 275,312 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-08-24 00:15 155,648 --------- C:\WINDOWS\system32\NeroCheck.exe
2007-08-24 00:15 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-08-24 00:15 <DIR> d-------- C:\Program Files\Ahead
2007-08-24 00:09 6,473 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-08-24 00:08 298,080 --a------ C:\WINDOWS\system32\pmkji.dll
2007-08-24 00:04 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\Steinberg
2007-08-24 00:00 <DIR> d-------- C:\VundoFix Backups
2007-08-22 21:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-22 21:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-22 21:20 <DIR> d-------- C:\Program Files\MSBuild
2007-08-22 21:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-22 21:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-22 21:11 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-22 21:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-22 20:51 <DIR> d-------- C:\DOCUME~1\IMADEE~1\Contacts
2007-08-22 20:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-22 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-22 20:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-22 20:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-22 20:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-22 20:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-22 18:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-22 18:31 <DIR> d-------- C:\WINDOWS\pss
2007-08-22 17:52 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\HP
2007-08-22 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-22 14:49 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-22 14:28 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-22 14:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-22 14:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-22 14:02 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-22 14:02 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-22 14:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-22 13:57 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-08-22 13:56 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-22 13:56 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-22 13:56 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-22 13:56 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-22 13:56 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-22 13:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-22 13:53 <DIR> d-------- C:\Program Files\HP
2007-08-22 13:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-22 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-22 13:46 117,118 --a------ C:\WINDOWS\hpoins11.dat
2007-08-22 12:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-22 12:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-22 12:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-22 11:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\peernet
2007-08-22 03:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-22 03:25 <DIR> d-------- C:\WINDOWS\EHome
2007-08-22 03:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-22 03:03 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-22 03:03 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-22 03:03 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-08-22 03:03 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-22 03:03 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-22 03:03 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-22 03:03 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-22 03:03 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-22 03:03 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-22 03:03 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-08-22 03:03 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-22 03:03 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-22 03:03 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-22 03:03 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-22 03:03 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-22 03:03 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-22 03:03 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-22 03:03 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-22 03:03 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-22 03:03 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-22 03:03 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-22 03:03 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-22 03:03 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-22 03:03 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-08-22 03:03 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-22 03:03 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-08-22 03:03 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-08-22 03:03 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-08-22 03:03 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-08-22 03:03 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-08-22 03:03 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-08-22 03:03 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-08-22 03:03 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-08-22 03:03 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-08-22 03:03 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-24 20:58 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-22 04:08 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-22 04:04 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDA2B52-3809-49FC-A1D7-F21FDE7FD4A6}]
2007-08-24 00:08 298080 --a------ C:\WINDOWS\system32\pmkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-22 00:23 43542 --a------ C:\WINDOWS\System32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spooler SubSystem App"="C:\WINDOWS\system32\spooIsv.exe" []
"Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\nnnlihh.dll [2007-08-22 00:23 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlihh]
nnnlihh.dll 2007-08-22 00:23 43542 C:\WINDOWS\system32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]
C:\WINDOWS\system32\pmkji.dll 2007-08-24 00:08 298080 C:\WINDOWS\system32\pmkji.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys
S3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 21:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-24 21:05:43
--- E O F ---
et HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:50, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {1F3BC1CA-3602-469C-9037-11CA474B5146} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Voilà les rapports : COMBOFIX :
ComboFix 07-08-17.2 - "Imade elbaraka" 2007-08-24 21:01:55.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.387 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-24 15:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 12:09 758,917 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-08-24 00:35 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\vlc
2007-08-24 00:15 901,120 --------- C:\WINDOWS\Unnero.exe
2007-08-24 00:15 532,480 --------- C:\WINDOWS\system32\imagx5.dll
2007-08-24 00:15 507,904 --------- C:\WINDOWS\system32\imagr5.dll
2007-08-24 00:15 49,152 --------- C:\WINDOWS\system32\MultiSZ.dll
2007-08-24 00:15 35,328 --------- C:\WINDOWS\system32\picn20.dll
2007-08-24 00:15 275,312 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-08-24 00:15 155,648 --------- C:\WINDOWS\system32\NeroCheck.exe
2007-08-24 00:15 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-08-24 00:15 <DIR> d-------- C:\Program Files\Ahead
2007-08-24 00:09 6,473 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-08-24 00:08 298,080 --a------ C:\WINDOWS\system32\pmkji.dll
2007-08-24 00:04 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\Steinberg
2007-08-24 00:00 <DIR> d-------- C:\VundoFix Backups
2007-08-22 21:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-22 21:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-22 21:20 <DIR> d-------- C:\Program Files\MSBuild
2007-08-22 21:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-22 21:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-22 21:11 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-22 21:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-22 20:51 <DIR> d-------- C:\DOCUME~1\IMADEE~1\Contacts
2007-08-22 20:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-22 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-22 20:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-22 20:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-22 20:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-22 20:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-22 18:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-22 18:31 <DIR> d-------- C:\WINDOWS\pss
2007-08-22 17:52 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\HP
2007-08-22 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-22 14:49 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-22 14:28 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-22 14:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-22 14:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-22 14:02 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-22 14:02 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-22 14:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-22 13:57 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-08-22 13:56 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-22 13:56 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-22 13:56 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-22 13:56 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-22 13:56 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-22 13:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-22 13:53 <DIR> d-------- C:\Program Files\HP
2007-08-22 13:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-22 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-22 13:46 117,118 --a------ C:\WINDOWS\hpoins11.dat
2007-08-22 12:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-22 12:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-22 12:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-22 11:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\peernet
2007-08-22 03:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-22 03:25 <DIR> d-------- C:\WINDOWS\EHome
2007-08-22 03:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-22 03:03 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-22 03:03 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-22 03:03 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-08-22 03:03 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-22 03:03 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-22 03:03 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-22 03:03 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-22 03:03 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-22 03:03 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-22 03:03 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-08-22 03:03 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-22 03:03 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-22 03:03 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-22 03:03 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-22 03:03 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-22 03:03 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-22 03:03 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-22 03:03 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-22 03:03 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-22 03:03 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-22 03:03 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-22 03:03 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-22 03:03 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-22 03:03 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-08-22 03:03 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-22 03:03 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-08-22 03:03 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-08-22 03:03 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-08-22 03:03 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-08-22 03:03 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-08-22 03:03 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-08-22 03:03 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-08-22 03:03 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-08-22 03:03 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-08-22 03:03 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-24 20:58 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-22 04:08 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-22 04:04 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDA2B52-3809-49FC-A1D7-F21FDE7FD4A6}]
2007-08-24 00:08 298080 --a------ C:\WINDOWS\system32\pmkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-22 00:23 43542 --a------ C:\WINDOWS\System32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spooler SubSystem App"="C:\WINDOWS\system32\spooIsv.exe" []
"Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\nnnlihh.dll [2007-08-22 00:23 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlihh]
nnnlihh.dll 2007-08-22 00:23 43542 C:\WINDOWS\system32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]
C:\WINDOWS\system32\pmkji.dll 2007-08-24 00:08 298080 C:\WINDOWS\system32\pmkji.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys
S3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 21:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-24 21:05:43
--- E O F ---
et HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:50, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {1F3BC1CA-3602-469C-9037-11CA474B5146} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut
AUTRE QUESTION : mon antivirus n'arrête pas de trouver des virus.. pourtant il y a trois jours j'ai fait une analyse complète j'ai tout "tué" et j'ai un firewall assez performant... je me demande donc par où rentrent ces virus???
ça dépend si tu télécharges, de ton surf, le fait d'avoir était connecté sans parefeu même quelques minutes peut être fatal ...
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
@+
AUTRE QUESTION : mon antivirus n'arrête pas de trouver des virus.. pourtant il y a trois jours j'ai fait une analyse complète j'ai tout "tué" et j'ai un firewall assez performant... je me demande donc par où rentrent ces virus???
ça dépend si tu télécharges, de ton surf, le fait d'avoir était connecté sans parefeu même quelques minutes peut être fatal ...
Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.
@+
Salut,
Voici le nouveau rapport!
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlihh]
"Asynchronous"=dword:00000001
"DllName"="nnnlihh.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkji]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkji.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{CB6C13AE-D1BD-4EA5-81FC-A1AC20942B6A}"="dsContextMenu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{45670FA8-ED97-4F44-BC93-305082590BFB}"="Microsoft.XPS.Shell.Metadata.1"
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}"="Microsoft.XPS.Shell.Thumbnail.1"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Wed 27 Jun 2007 16:34:52 A.... 124 928 122,00 K
browseui.dll Fri 15 Jun 2007 10:12:28 A.... 1 022 976 999,00 K
cdfview.dll Fri 15 Jun 2007 10:12:28 A.... 151 040 147,50 K
cdm.dll Mon 30 Jul 2007 19:19:20 A.... 92 504 90,34 K
danim.dll Fri 15 Jun 2007 10:12:28 A.... 1 054 208 1,00 M
extmgr.dll Wed 27 Jun 2007 16:34:52 A.... 132 608 129,50 K
gdi32.dll Tue 19 Jun 2007 15:31:20 A.... 282 112 275,50 K
ieakeng.dll Wed 27 Jun 2007 16:34:52 A.... 153 088 149,50 K
ieaksie.dll Wed 27 Jun 2007 16:34:52 A.... 230 400 225,00 K
ieakui.dll Wed 27 Jun 2007 9:00:34 A.... 161 792 158,00 K
ieapfltr.dll Wed 27 Jun 2007 16:34:52 A.... 383 488 374,50 K
iedkcs32.dll Wed 27 Jun 2007 16:34:52 A.... 384 512 375,50 K
ieframe.dll Wed 27 Jun 2007 16:34:56 A.... 6 058 496 5,78 M
iernonce.dll Wed 27 Jun 2007 16:34:56 A.... 44 544 43,50 K
iertutil.dll Wed 27 Jun 2007 16:34:56 A.... 267 776 261,50 K
jsproxy.dll Wed 27 Jun 2007 16:34:56 A.... 27 648 27,00 K
msfeeds.dll Wed 27 Jun 2007 16:34:56 A.... 459 264 448,50 K
msfeed~1.dll Wed 27 Jun 2007 16:34:56 A.... 52 224 51,00 K
mshtml.dll Thu 19 Jul 2007 9:00:00 A.... 3 583 488 3,41 M
mshtmled.dll Wed 27 Jun 2007 16:34:58 A.... 477 696 466,50 K
msrating.dll Wed 27 Jun 2007 16:34:58 A.... 193 024 188,50 K
mstime.dll Wed 27 Jun 2007 16:34:58 A.... 671 232 655,50 K
msxml3.dll Tue 26 Jun 2007 8:08:16 A.... 1 104 896 1,05 M
nnnlihh.dll Wed 22 Aug 2007 0:23:38 A.... 43 542 42,52 K
occache.dll Wed 27 Jun 2007 16:34:58 A.... 102 400 100,00 K
pmkji.dll Fri 24 Aug 2007 0:08:56 A.... 298 080 291,09 K
shdocvw.dll Fri 15 Jun 2007 10:12:30 A.... 1 498 112 1,43 M
shlwapi.dll Fri 15 Jun 2007 10:12:30 A.... 474 112 463,00 K
url.dll Wed 27 Jun 2007 16:34:58 A.... 105 984 103,50 K
urlmon.dll Wed 27 Jun 2007 16:34:58 A.... 1 152 000 1,10 M
webcheck.dll Wed 27 Jun 2007 16:35:00 A.... 232 960 227,50 K
wininet.dll Wed 27 Jun 2007 16:35:00 A.... 823 808 804,50 K
wmp.dll Mon 11 Jun 2007 23:51:12 ..... 10 834 944 10,33 M
wuapi.dll Mon 30 Jul 2007 19:19:36 A.... 549 720 536,84 K
wuaueng.dll Mon 30 Jul 2007 19:19:42 A.... 1 712 984 1,63 M
wucltui.dll Mon 30 Jul 2007 19:19:32 A.... 325 976 318,34 K
wups.dll Mon 30 Jul 2007 19:18:40 A.... 33 624 32,84 K
wups2.dll Mon 30 Jul 2007 19:19:12 A.... 43 352 42,34 K
wuweb.dll Mon 30 Jul 2007 19:19:28 A.... 203 096 198,34 K
xpsp3res.dll Thu 14 Jun 2007 12:08:46 A.... 350 720 342,50 K
40 items found: 40 files, 0 directories.
Total of file sizes: 35 899 358 bytes 34,23 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 84A0-21C1
Directory of C:\WINDOWS\System32
25/08/2007 19:28 763ÿ346 ijkmp.ini
25/08/2007 13:31 763ÿ396 ijkmp.bak2
24/08/2007 00:09 6ÿ473 ijkmp.bak1
22/08/2007 22:06 <DIR> dllcache
21/08/2007 23:57 <DIR> Microsoft
3 File(s) 1ÿ533ÿ215 bytes
2 Dir(s) 3ÿ179ÿ110ÿ400 bytes free
Merci!
Voici le nouveau rapport!
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlihh]
"Asynchronous"=dword:00000001
"DllName"="nnnlihh.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkji]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkji.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{CB6C13AE-D1BD-4EA5-81FC-A1AC20942B6A}"="dsContextMenu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{45670FA8-ED97-4F44-BC93-305082590BFB}"="Microsoft.XPS.Shell.Metadata.1"
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}"="Microsoft.XPS.Shell.Thumbnail.1"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Wed 27 Jun 2007 16:34:52 A.... 124 928 122,00 K
browseui.dll Fri 15 Jun 2007 10:12:28 A.... 1 022 976 999,00 K
cdfview.dll Fri 15 Jun 2007 10:12:28 A.... 151 040 147,50 K
cdm.dll Mon 30 Jul 2007 19:19:20 A.... 92 504 90,34 K
danim.dll Fri 15 Jun 2007 10:12:28 A.... 1 054 208 1,00 M
extmgr.dll Wed 27 Jun 2007 16:34:52 A.... 132 608 129,50 K
gdi32.dll Tue 19 Jun 2007 15:31:20 A.... 282 112 275,50 K
ieakeng.dll Wed 27 Jun 2007 16:34:52 A.... 153 088 149,50 K
ieaksie.dll Wed 27 Jun 2007 16:34:52 A.... 230 400 225,00 K
ieakui.dll Wed 27 Jun 2007 9:00:34 A.... 161 792 158,00 K
ieapfltr.dll Wed 27 Jun 2007 16:34:52 A.... 383 488 374,50 K
iedkcs32.dll Wed 27 Jun 2007 16:34:52 A.... 384 512 375,50 K
ieframe.dll Wed 27 Jun 2007 16:34:56 A.... 6 058 496 5,78 M
iernonce.dll Wed 27 Jun 2007 16:34:56 A.... 44 544 43,50 K
iertutil.dll Wed 27 Jun 2007 16:34:56 A.... 267 776 261,50 K
jsproxy.dll Wed 27 Jun 2007 16:34:56 A.... 27 648 27,00 K
msfeeds.dll Wed 27 Jun 2007 16:34:56 A.... 459 264 448,50 K
msfeed~1.dll Wed 27 Jun 2007 16:34:56 A.... 52 224 51,00 K
mshtml.dll Thu 19 Jul 2007 9:00:00 A.... 3 583 488 3,41 M
mshtmled.dll Wed 27 Jun 2007 16:34:58 A.... 477 696 466,50 K
msrating.dll Wed 27 Jun 2007 16:34:58 A.... 193 024 188,50 K
mstime.dll Wed 27 Jun 2007 16:34:58 A.... 671 232 655,50 K
msxml3.dll Tue 26 Jun 2007 8:08:16 A.... 1 104 896 1,05 M
nnnlihh.dll Wed 22 Aug 2007 0:23:38 A.... 43 542 42,52 K
occache.dll Wed 27 Jun 2007 16:34:58 A.... 102 400 100,00 K
pmkji.dll Fri 24 Aug 2007 0:08:56 A.... 298 080 291,09 K
shdocvw.dll Fri 15 Jun 2007 10:12:30 A.... 1 498 112 1,43 M
shlwapi.dll Fri 15 Jun 2007 10:12:30 A.... 474 112 463,00 K
url.dll Wed 27 Jun 2007 16:34:58 A.... 105 984 103,50 K
urlmon.dll Wed 27 Jun 2007 16:34:58 A.... 1 152 000 1,10 M
webcheck.dll Wed 27 Jun 2007 16:35:00 A.... 232 960 227,50 K
wininet.dll Wed 27 Jun 2007 16:35:00 A.... 823 808 804,50 K
wmp.dll Mon 11 Jun 2007 23:51:12 ..... 10 834 944 10,33 M
wuapi.dll Mon 30 Jul 2007 19:19:36 A.... 549 720 536,84 K
wuaueng.dll Mon 30 Jul 2007 19:19:42 A.... 1 712 984 1,63 M
wucltui.dll Mon 30 Jul 2007 19:19:32 A.... 325 976 318,34 K
wups.dll Mon 30 Jul 2007 19:18:40 A.... 33 624 32,84 K
wups2.dll Mon 30 Jul 2007 19:19:12 A.... 43 352 42,34 K
wuweb.dll Mon 30 Jul 2007 19:19:28 A.... 203 096 198,34 K
xpsp3res.dll Thu 14 Jun 2007 12:08:46 A.... 350 720 342,50 K
40 items found: 40 files, 0 directories.
Total of file sizes: 35 899 358 bytes 34,23 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 84A0-21C1
Directory of C:\WINDOWS\System32
25/08/2007 19:28 763ÿ346 ijkmp.ini
25/08/2007 13:31 763ÿ396 ijkmp.bak2
24/08/2007 00:09 6ÿ473 ijkmp.bak1
22/08/2007 22:06 <DIR> dllcache
21/08/2007 23:57 <DIR> Microsoft
3 File(s) 1ÿ533ÿ215 bytes
2 Dir(s) 3ÿ179ÿ110ÿ400 bytes free
Merci!
ok,
Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
ensuite :
Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Démarre en mode sans echec
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
ensuite :
Télécharge ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Démarre en mode sans echec
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Premier L2mFIX :
L2mfix 051206
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (660)
Killing 'winlogon.exe'
winlogon.exe (764)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1672)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlihh]
"Asynchronous"=dword:00000001
"DllName"="nnnlihh.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkji]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkji.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
L2mfix 051206
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (660)
Killing 'winlogon.exe'
winlogon.exe (764)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1672)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlihh]
"Asynchronous"=dword:00000001
"DllName"="nnnlihh.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkji]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkji.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
et le combofix!!
ComboFix 07-08-17.2 - "Imade elbaraka" 2007-08-26 3:42:56.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.389 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-24 15:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 12:09 763,396 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-08-24 00:35 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\vlc
2007-08-24 00:15 901,120 --------- C:\WINDOWS\Unnero.exe
2007-08-24 00:15 532,480 --------- C:\WINDOWS\system32\imagx5.dll
2007-08-24 00:15 507,904 --------- C:\WINDOWS\system32\imagr5.dll
2007-08-24 00:15 49,152 --------- C:\WINDOWS\system32\MultiSZ.dll
2007-08-24 00:15 35,328 --------- C:\WINDOWS\system32\picn20.dll
2007-08-24 00:15 275,312 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-08-24 00:15 155,648 --------- C:\WINDOWS\system32\NeroCheck.exe
2007-08-24 00:15 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-08-24 00:15 <DIR> d-------- C:\Program Files\Ahead
2007-08-24 00:09 6,473 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-08-24 00:08 298,080 --a------ C:\WINDOWS\system32\pmkji.dll
2007-08-24 00:04 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\Steinberg
2007-08-24 00:00 <DIR> d-------- C:\VundoFix Backups
2007-08-22 21:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-22 21:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-22 21:20 <DIR> d-------- C:\Program Files\MSBuild
2007-08-22 21:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-22 21:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-22 21:11 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-22 21:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-22 20:51 <DIR> d-------- C:\DOCUME~1\IMADEE~1\Contacts
2007-08-22 20:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-22 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-22 20:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-22 20:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-22 20:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-22 20:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-22 18:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-22 18:31 <DIR> d-------- C:\WINDOWS\pss
2007-08-22 17:52 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\HP
2007-08-22 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-22 14:49 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-22 14:28 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-22 14:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-22 14:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-22 14:02 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-22 14:02 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-22 14:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-22 13:57 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-08-22 13:56 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-22 13:56 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-22 13:56 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-22 13:56 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-22 13:56 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-22 13:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-22 13:53 <DIR> d-------- C:\Program Files\HP
2007-08-22 13:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-22 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-22 13:46 117,118 --a------ C:\WINDOWS\hpoins11.dat
2007-08-22 12:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-22 12:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-22 12:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-22 11:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\peernet
2007-08-22 03:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-22 03:25 <DIR> d-------- C:\WINDOWS\EHome
2007-08-22 03:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-22 03:03 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-22 03:03 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-22 03:03 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-08-22 03:03 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-22 03:03 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-22 03:03 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-22 03:03 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-22 03:03 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-22 03:03 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-22 03:03 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-08-22 03:03 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-22 03:03 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-22 03:03 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-22 03:03 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-22 03:03 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-22 03:03 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-22 03:03 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-22 03:03 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-22 03:03 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-22 03:03 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-22 03:03 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-22 03:03 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-22 03:03 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-22 03:03 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-08-22 03:03 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-22 03:03 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-08-22 03:03 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-08-22 03:03 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-08-22 03:03 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-08-22 03:03 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-08-22 03:03 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-08-22 03:03 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-08-22 03:03 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-08-22 03:03 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-08-22 03:03 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-26 03:41 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-22 04:08 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-22 04:04 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EAF2FB8-E0E0-4453-A479-30A6F6229717}]
2007-08-24 00:08 298080 --a------ C:\WINDOWS\system32\pmkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-22 00:23 43542 --a------ C:\WINDOWS\System32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spooler SubSystem App"="C:\WINDOWS\system32\spooIsv.exe" []
"Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01]
"RAM Idle"="E:\Program Files\Customizer XP\RAMIdle.exe" [2002-04-22 00:52]
"WinampAgent"="E:\Program Files\Winamp\Winampa.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\nnnlihh.dll [2007-08-22 00:23 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlihh]
nnnlihh.dll 2007-08-22 00:23 43542 C:\WINDOWS\system32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]
C:\WINDOWS\system32\pmkji.dll 2007-08-24 00:08 298080 C:\WINDOWS\system32\pmkji.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys
S3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 03:45:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 3:46:33
C:\ComboFix2.txt ... 2007-08-24 21:05
--- E O F ---
ComboFix 07-08-17.2 - "Imade elbaraka" 2007-08-26 3:42:56.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.389 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))
2007-08-24 15:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 12:09 763,396 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-08-24 00:35 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\vlc
2007-08-24 00:15 901,120 --------- C:\WINDOWS\Unnero.exe
2007-08-24 00:15 532,480 --------- C:\WINDOWS\system32\imagx5.dll
2007-08-24 00:15 507,904 --------- C:\WINDOWS\system32\imagr5.dll
2007-08-24 00:15 49,152 --------- C:\WINDOWS\system32\MultiSZ.dll
2007-08-24 00:15 35,328 --------- C:\WINDOWS\system32\picn20.dll
2007-08-24 00:15 275,312 --------- C:\WINDOWS\system32\ImagXpr5.dll
2007-08-24 00:15 155,648 --------- C:\WINDOWS\system32\NeroCheck.exe
2007-08-24 00:15 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-08-24 00:15 <DIR> d-------- C:\Program Files\Ahead
2007-08-24 00:09 6,473 ---hs---- C:\WINDOWS\system32\ijkmp.bak1
2007-08-24 00:08 298,080 --a------ C:\WINDOWS\system32\pmkji.dll
2007-08-24 00:04 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\Steinberg
2007-08-24 00:00 <DIR> d-------- C:\VundoFix Backups
2007-08-22 21:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-22 21:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-22 21:20 <DIR> d-------- C:\Program Files\MSBuild
2007-08-22 21:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-22 21:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-22 21:11 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-22 21:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-22 21:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-22 20:51 <DIR> d-------- C:\DOCUME~1\IMADEE~1\Contacts
2007-08-22 20:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-22 20:47 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-22 20:45 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-22 20:45 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-22 20:45 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-22 20:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-22 18:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-22 18:31 <DIR> d-------- C:\WINDOWS\pss
2007-08-22 17:52 <DIR> d-------- C:\DOCUME~1\IMADEE~1\APPLIC~1\HP
2007-08-22 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-22 14:49 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-22 14:28 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-22 14:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-08-22 14:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-22 14:02 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-22 14:02 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-22 14:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-22 13:57 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-08-22 13:56 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-22 13:56 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-22 13:56 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-22 13:56 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-22 13:56 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-22 13:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-22 13:53 <DIR> d-------- C:\Program Files\HP
2007-08-22 13:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-22 13:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-22 13:46 117,118 --a------ C:\WINDOWS\hpoins11.dat
2007-08-22 12:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-22 12:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-22 12:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-08-22 11:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-22 03:54 <DIR> d-------- C:\WINDOWS\peernet
2007-08-22 03:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-22 03:25 <DIR> d-------- C:\WINDOWS\EHome
2007-08-22 03:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-22 03:03 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-08-22 03:03 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-08-22 03:03 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-08-22 03:03 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-08-22 03:03 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-08-22 03:03 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-08-22 03:03 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-08-22 03:03 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-08-22 03:03 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-08-22 03:03 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-08-22 03:03 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-08-22 03:03 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-08-22 03:03 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-08-22 03:03 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-08-22 03:03 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-08-22 03:03 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-08-22 03:03 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-08-22 03:03 32,866 --------- C:\WINDOWS\slrundll.exe
2007-08-22 03:03 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-08-22 03:03 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-08-22 03:03 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-08-22 03:03 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-08-22 03:03 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-08-22 03:03 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-08-22 03:03 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-08-22 03:03 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-08-22 03:03 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-08-22 03:03 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-08-22 03:03 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-08-22 03:03 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-08-22 03:03 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-08-22 03:03 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-08-22 03:03 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-08-22 03:03 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-08-22 03:03 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-26 03:41 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-22 04:08 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-22 04:04 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EAF2FB8-E0E0-4453-A479-30A6F6229717}]
2007-08-24 00:08 298080 --a------ C:\WINDOWS\system32\pmkji.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-22 00:23 43542 --a------ C:\WINDOWS\System32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spooler SubSystem App"="C:\WINDOWS\system32\spooIsv.exe" []
"Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01]
"RAM Idle"="E:\Program Files\Customizer XP\RAMIdle.exe" [2002-04-22 00:52]
"WinampAgent"="E:\Program Files\Winamp\Winampa.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\nnnlihh.dll [2007-08-22 00:23 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlihh]
nnnlihh.dll 2007-08-22 00:23 43542 C:\WINDOWS\system32\nnnlihh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]
C:\WINDOWS\system32\pmkji.dll 2007-08-24 00:08 298080 C:\WINDOWS\system32\pmkji.dll
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 dmxfire;DMX6fire WDM Audio;C:\WINDOWS\system32\drivers\dmx6fire.sys
S3 dmxsens;dmxsens;C:\WINDOWS\system32\drivers\dmxsens.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 03:45:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-26 3:46:33
C:\ComboFix2.txt ... 2007-08-24 21:05
--- E O F ---
Salut,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:58, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O2 - BHO: (no name) - {FD3F2A97-E03D-4DE6-811E-1BBD6C1E9771} - C:\WINDOWS\system32\pmkji.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:58, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O2 - BHO: (no name) - {FD3F2A97-E03D-4DE6-811E-1BBD6C1E9771} - C:\WINDOWS\system32\pmkji.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
ok,
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis
++
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis
++
SDFix: Version 1.100
Run by Imade elbaraka on 26/08/2007 at 20:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
Run by Imade elbaraka on 26/08/2007 at 20:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
Salut, et le HIJACK THIS!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:21, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2EC693C9-B8AA-4434-987B-B2BC08D66618} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:21, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2EC693C9-B8AA-4434-987B-B2BC08D66618} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Salut
ok, on continue, fais ce qui est indiqué ici stp :
virus methode preliminaire de desinfection version fr
++
ok, on continue, fais ce qui est indiqué ici stp :
virus methode preliminaire de desinfection version fr
++
Salut!
j'ai suivi les étapes décrites dans ton lien. J'ai effectivement trouvé pas mal de virus.
Voici le rapport final généré par Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:21, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {998B6355-233B-43AE-9D2F-BEF50706F991} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\igaokpgm.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
j'ai suivi les étapes décrites dans ton lien. J'ai effectivement trouvé pas mal de virus.
Voici le rapport final généré par Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:21, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Imade elbaraka\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {998B6355-233B-43AE-9D2F-BEF50706F991} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\System32\nnnlihh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RAM Idle] E:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - Winlogon Notify: nnnlihh - C:\WINDOWS\SYSTEM32\nnnlihh.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\igaokpgm.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Salut
il fallait poster les rapports !! :)
Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
++
il fallait poster les rapports !! :)
Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4
* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
++
Salut!!
En espérant que ce sera le dernier rapport posté sur le sujet!! :))
VundoFix V6.5.4
Checking Java version...
Sun Java not detected
Scan started at 23:38:17 05/09/2007
Listing files found while scanning....
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\pmkji.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!
Performing Repairs to the registry.
Done!
En espérant que ce sera le dernier rapport posté sur le sujet!! :))
VundoFix V6.5.4
Checking Java version...
Sun Java not detected
Scan started at 23:38:17 05/09/2007
Listing files found while scanning....
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\pmkji.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!
Performing Repairs to the registry.
Done!
