Smitfraud-C.CoreService

Résolu
antoune -  
 g!rly -
Bonjour à tous,

Comme beaucoup, je suis confronté à l'irréductible Smitfraud-C.CoreService lorsque je lance Spybot S&D. J'ai lu quelques-unes de vos réponses sur ce forum mais elles semblent largement dépendre de la configuration de la machine infectée.
Que dois-je faire?
D'avance merci pour votre aide

66 réponses

Réponse 1 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
salut a toi,

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.

@+
0
Réponse 2 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Merci encore pour la rapidité de la réponse...
Et voilà.




SmitFraudFix v2.235

Scan done at 17:41:20.48, 04/10/2007
Run from C:\smitfraudfix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\axu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\axu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\axu\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 3 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
ok

Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
0
Réponse 4 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
SmitFraudFix v2.235

Scan done at 18:06:20.05, 04/10/2007
Run from C:\smitfraudfix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
remets un hijack this stp..
0
Réponse 6 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:20, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Common Files\{B023D737-07CE-1033-0727-050411240021}\Update.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\VM5BF9.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dassault Data Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{B023D737-07CE-1033-0727-050411240021}] "C:\Program Files\Common Files\{B023D737-07CE-1033-0727-050411240021}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 7 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
peux tu passer celui ci :

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et repost un hijack this aussi

@+
0
Réponse 8 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
tu trouveras les deux logs demandés: Combofix d'abord, Hijackthis ensuite
J'espère que cela t'aidera.

ComboFix 07-10-04.5 - AXU 2007-10-04 19:28:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.976 [GMT 2:00]
Running from: C:\Documents and Settings\axu\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\axu\Application Data\ICROSO~1.NET
C:\Documents and Settings\axu\Application Data\PPPATC~1
C:\Documents and Settings\axu\Application Data\STEM32~1
C:\Program Files\Common Files\{3023D~1
C:\Program Files\Common Files\{3023D~1\UnInstall.exe
C:\Program Files\Common Files\{B023D~1
C:\Program Files\Common Files\{B023D~1\system.dll
C:\Program Files\Common Files\{B023D~1\Update.exe
C:\Program Files\Common Files\icroso~1
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\wapiicomsv32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 17:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-04 17:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-04 17:41 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-04 17:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-04 17:41 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-04 17:16 <DIR> d-------- C:\smitfraudfix
2007-10-04 17:13 <DIR> d-------- C:\HijackThis
2007-10-03 17:34 <DIR> d-------- C:\cygwin
2007-10-01 11:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DassaultSystemes
2007-10-01 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hummingbird
2007-10-01 11:04 <DIR> d-------- C:\Program Files\Hummingbird
2007-09-30 11:55 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-09-30 11:55 <DIR> d-------- C:\Program Files\Album Cover Finder
2007-09-28 19:35 <DIR> d-------- C:\Program Files\Microsoft Money Plus
2007-09-28 01:13 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2007-09-28 01:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2007-09-28 01:05 <DIR> d-------- C:\Documents and Settings\axu\Application Data\MechCAD
2007-09-27 01:03 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-09-27 01:03 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-09-27 01:03 <DIR> d-------- C:\Documents and Settings\axu\Application Data\Intuit
2007-09-27 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-09-26 00:29 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2007-09-26 00:09 <DIR> d-------- C:\Program Files\foobar2000
2007-09-26 00:09 <DIR> d-------- C:\Documents and Settings\axu\Application Data\foobar2000
2007-09-24 20:22 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE
2007-09-24 20:22 <DIR> d-------- C:\Program Files\JPEG Recovery
2007-09-24 19:43 <DIR> d-------- C:\Program Files\Digital Picture Recovery
2007-09-24 18:21 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2007-09-23 19:19 <DIR> d-------- C:\Program Files\iTunes
2007-09-23 19:19 <DIR> d-------- C:\Program Files\iPod
2007-09-23 19:17 <DIR> d-------- C:\Program Files\QuickTime
2007-09-23 19:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-23 19:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-07 21:50 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 19:35 --------- d-------- C:\Documents and Settings\axu\Application Data\Azureus
2007-10-04 19:07 --------- d-------- C:\Documents and Settings\axu\Application Data\Skype
2007-10-04 18:06 5752 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 11:46 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 11:44 30601 --a------ C:\WINDOWS\java\x.exe
2007-10-04 11:44 --------- d-------- C:\Program Files\VisualRoute
2007-10-04 10:17 --------- d-------- C:\Program Files\Nortel Networks
2007-10-01 11:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-09-30 22:50 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 22:50 --------- d-------- C:\Program Files\Subtitle Workshop
2007-09-30 22:50 --------- d-------- C:\Program Files\Common Files\Real
2007-09-30 22:50 --------- d-------- C:\Program Files\CDBurnerXP Pro 3
2007-09-30 22:50 --------- d-------- C:\Documents and Settings\axu\Application Data\dvdcss
2007-09-28 11:29 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-28 09:50 --------- d-------- C:\Documents and Settings\axu\Application Data\U3
2007-09-20 23:07 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-20 23:07 --------- d-------- C:\Documents and Settings\axu\Application Data\Ahead
2007-09-17 12:11 --------- d-------- C:\Program Files\Dassault Systemes
2007-09-05 22:16 --------- d-------- C:\Program Files\Azureus
2007-08-26 15:11 --------- d-------- C:\Documents and Settings\axu\Application Data\Samsung
2007-08-26 15:06 --------- d-------- C:\Program Files\Samsung
2007-08-23 00:47 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-08-23 00:47 286720 --------- C:\WINDOWS\Setup1.exe
2007-08-22 09:21 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-21 19:17 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-21 19:12 --------- d-------- C:\Program Files\Skype
2007-08-21 19:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-08-20 12:00 --------- d-------- C:\Documents and Settings\axu\Application Data\firstdaleeach
2007-08-16 21:05 --------- d-------- C:\Program Files\Google
2007-08-14 21:17 --------- d-------- C:\Documents and Settings\All Users\Application Data\does dog two city
2007-08-06 23:57 --------- d-------- C:\Program Files\Polar
2007-07-04 19:15 52809 --a------ C:\WINDOWS\UN_CODA.EXE
2007-01-19 11:03 24192 --a------ C:\Documents and Settings\axu\usbsermptxp.sys
2007-01-19 11:03 22768 --a------ C:\Documents and Settings\axu\usbsermpt.sys
2006-05-29 12:14 36352 --a------ C:\Program Files\wc.exe
2006-05-29 12:12 86016 --a------ C:\Program Files\pslist.exe
2006-05-29 12:12 51200 --a------ C:\Program Files\grep.exe
2006-05-29 12:12 36352 --a------ C:\Program Files\kill.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04DCB78C-AB45-83AD-A86A-6DFB90277939}]
C:\Program Files\psquery\psquery.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 15:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 15:16]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 C:\WINDOWS\system32\TpShocks.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 21:00]
"frymxins"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" []
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 16:08]
"NuTCSetupEnviron"="C:\PROGRA~1\mksnt\bin\ncoeenv.exe" [2002-04-25 17:25]
"SwPrnMon"="C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [2006-01-11 15:26]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl]
"FWConfig"="c:\windows\FirewallWifiConfiguration.vbs" [2006-05-18 12:47]
"Sysnetdrv"="c:\windows\system32\sysnetdrv.exe" [2006-05-29 12:12]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2007-01-08 20:20]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 05:01]
"DkAutoReg.exe"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [2003-10-08 19:04]
"DkStartup"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [2003-10-08 19:12]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00]
"DSXTools"="C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe" [2007-01-22 14:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"two city internet heck"="C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe" [2007-10-04 18:50]
"Mail surf file heck"="C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 17:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2006-06-02 23:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-04-22 19:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{04DCB78C-AB45-83AD-A86A-6DFB90277939}"= C:\Program Files\psquery\psquery.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=mac_addre.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=\\ds\SysVol\ds\scripts\dsy\AddLocalAdminForSMS.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=\\ds\SysVol\ds\scripts\dsy\CheckSvcsAndGrp.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
"Script"=AddLocalAdmin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-842925246-2139871995-725345543-28849\Scripts\Logon\0\0]
"Script"=\\ds\SysVol\ds\scripts\Password_Reset_check.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R2 BBDemon;Backbone Service;"E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe" -service
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 LaunchCommandServer;LaunchCommandServer;c:\ReleaseManager\code\bin\LaunchCommandServer.exe
R2 MKSAUTH;MKSAUTH;C:\WINDOWS\system32\mksauth.exe
R2 MKSSecureSH;MKS Secure Shell Service;"C:\Program Files\mksnt\bin\secshd.exe"
R2 MKSTelnetd;MKS Telnetd;C:\WINDOWS\system32\telnetd.exe
R2 ntrtscan;OfficeScanNT RealTime Scan;"C:\OfficeScan NT\ntrtscan.exe"
R2 NuTCRACKERService;NuTCRACKER Service;C:\WINDOWS\system32\nutsrv4.exe
R2 ReleaseClient;ReleaseClient;c:\ReleaseManager\code\bin\ReleaseClient.exe
R2 tmlisten;OfficeScanNT Listener;"C:\OfficeScan NT\tmlisten.exe"
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\OfficeScan NT\TmPreFlt.sys
R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys
R3 iKeyEnum;Rainbow iKey Enumerator;C:\WINDOWS\system32\DRIVERS\ikeyenum.sys
R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\WINDOWS\system32\DRIVERS\ikeyifd.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 IBM LUM NDL;IBM Nodelock License Server;C:\IFOR\WIN\BIN\I4LLMD.EXE
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 Oracleoracle920ClientCache;Oracleoracle920ClientCache;C:\ora920\BIN\ONRSD.EXE
S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys
S3 psquery;psquery;\??\C:\Program Files\psquery\psquery.sys
S3 RnbToken;Rainbow iKey Token Service;C:\WINDOWS\system32\DRIVERS\rnbtoken.sys
S3 RshSvc;Remote Shell Service;C:\WINDOWS\system32\rshsvc.exe
S4 IBM LUM CR;IBM Central Registry License Server;C:\IFOR\WIN\BIN\I4GDB.EXE
S4 IBM LUM LMD;IBM Network License Server;C:\IFOR\WIN\BIN\I4LMD.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e462f2f4-cb04-11db-8174-444553544200}]
AutoRun\command- D:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\3DSExchange{99D8560D-C53B-4F83-B878-A264A501B971}]
wscript.exe //nologo "C:\WINDOWS\Outlook-UserAccountActivate.vbs"
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 17:00:00 C:\WINDOWS\Tasks\82D24F0C9EF1FCD8.job"
"2007-09-26 11:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 19:38:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 19:41:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 19:41
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42, on 2007-10-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\WINDOWS\TEMP\UO9314.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 9 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
combofix a detruit pas mal de merde mais il en reste,

fais ce scan en ligne et poste le rapport une fois fini, je sais c long mais tu en as besoin...

https://www.bitdefender.com/toolbox/

Clique sur "I agree" et suis la manip.

a faire sous internet explorer en acceptant l´active x...
0
Réponse 10 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
BitDefender Online Scanner

Scan report generated at: Fri, Oct 05, 2007 - 00:09:29

Scan path: C:\;E:\;F:\;

Statistics

Time

04:07:49

Files

1082473

Folders

16634

Boot Sectors

3

Archives

48949

Packed Files

19435




Results

Identified Viruses


4

Infected Files


18

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


18







Engines Info

Virus Definitions


825108

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe


Infected with: Trojan.FatObfus.AF

C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe


Deleted

C:\Documents and Settings\axu\Application Data\firstdaleeach\help manager bold.exe


Infected with: Trojan.Obfuscated.GZ

C:\Documents and Settings\axu\Application Data\firstdaleeach\help manager bold.exe


Disinfection failed

C:\Documents and Settings\axu\Application Data\firstdaleeach\help manager bold.exe


Deleted

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Infected with: Trojan.Rootkit.Agent.EQ

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Disinfection failed

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Deleted

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)


Updated

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip


Update failed

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP347\A0065832.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP347\A0065832.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP348\A0065880.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP348\A0065880.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP348\A0066797.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP348\A0066797.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067427.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067427.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067571.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067571.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067642.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP357\A0067642.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0069619.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0069619.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0069729.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0069729.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0070793.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP358\A0070793.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071013.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071013.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071030.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071030.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071111.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP359\A0071111.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP360\A0071285.exe


Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP360\A0071285.exe


Deleted

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP360\A0071287.exe


Infected with: Trojan.Obfuscated.GZ

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP360\A0071287.exe


Disinfection failed

C:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP360\A0071287.exe


Deleted

E:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP344\A0064959.exe=>(Instyler o)=>(Instyler Module 8)


Infected with: Trojan.FatObfus.2.Gen

E:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP344\A0064959.exe=>(Instyler o)=>(Instyler Module 8)


Disinfection failed

E:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP344\A0064959.exe=>(Instyler o)=>(Instyler Module 8)


Deleted

E:\System Volume Information\_restore{1C3B2CD5-F999-4CDA-826F-3F4CBD05A07A}\RP344\A0064959.exe=>(Instyler o)


Update failed
0
Réponse 11 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
peux tu remettre un hijack this stp
0
Réponse 12 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07, on 2007-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\WINDOWS\TEMP\UO9314.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Azureus\Azureus.exe
c:\program files\yahoo!\yahoo! desktop search\textExtractor.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 13 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
ok

avec hijack this coche ceci :

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe

quitte tes applications et navigateur et fix les lignes ci dessu

comment fixer :

Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

et

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
C:\Program Files\Rainbow Technologies


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

puis

Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

@+
0
Réponse 14 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

je t'ai mis les logs dans l'ordre suivant:
OTMoveIt
Fixwareout
HijackThis

Ca se passe déjà bcp mieux. le PC redémarre plus vite mais il y a deux programmes étranges le log de fixwareout:
"two city internet heck"="C:\\Documents and Settings\\All Users\\Application Data\\does dog two city\\Meal trust.exe"
"Mail surf file heck"="C:\\Documents and Settings\\All Users\\Application Data\\Five dash heck does\\Play Knob Regs.exe"

Merci encore. a+


File/Folder c:\program files\rainbow technologies\key 2000 series software\dkautoreg.exe not found.
c:\program files\rainbow technologies\iKey Driver\Drvr\WinXP moved successfully.
c:\program files\rainbow technologies\iKey Driver\Drvr moved successfully.
c:\program files\rainbow technologies\iKey Driver moved successfully.
c:\program files\rainbow technologies\iKey 2000 Series Software\Setup moved successfully.
c:\program files\rainbow technologies\iKey 2000 Series Software moved successfully.
c:\program files\rainbow technologies moved successfully.

Created on 10-05-2007 09:10:33

***********************************************************************************


Username "AXU" - 2007-10-05 9:16:09 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"TpShocks"="TpShocks.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"frymxins"="\"C:\\Program Files\\ATI Technologies\\Fire GL 3D Studio Max\\atiimxgl\""
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"NuTCSetupEnviron"="C:\\PROGRA~1\\mksnt\\bin\\ncoeenv.exe"
"SwPrnMon"="\"C:\\Program Files\\Common Files\\Sowedoo Shared\\Sowedoo PDF Printer V4\\SwPrnMon.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"FWConfig"="c:\\windows\\FirewallWifiConfiguration.vbs"
"Sysnetdrv"="\"c:\\windows\\system32\\sysnetdrv.exe\""
"OfficeScanNT Monitor"="\"C:\\OfficeScan NT\\pccntmon.exe\" -HideWindow"
"TVT Scheduler Proxy"="C:\\Program Files\\Common Files\\Lenovo\\Scheduler\\scheduler_proxy.exe"
"DkStartup"="C:\\Program Files\\Rainbow Technologies\\iKey 2000 Series Software\\DkStartup.exe"
"TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"DSXTools"="C:\\Program Files\\Dassault Systemes\\DSXTools\\bin\\DSXTools.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"two city internet heck"="C:\\Documents and Settings\\All Users\\Application Data\\does dog two city\\Meal trust.exe"
"Mail surf file heck"="C:\\Documents and Settings\\All Users\\Application Data\\Five dash heck does\\Play Knob Regs.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBKeyScan.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"
"TPKMAPMN"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapMn.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~



***********************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32, on 2007-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\PRF52B.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 15 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
salut,

oui il y a des choses bizares dans ton pc :

fais ce scan en ligne, je sais c´est long mais , poste le rapport ici ainsi qu´un nouveau hijack this

https://www.bitdefender.com/toolbox/

Clique sur "I agree" et suis la manip.

@+
0
Réponse 16 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Salut,

voici les deux rapports que tu m'as demandés.
@+




BitDefender Online Scanner







Scan report generated at: Mon, Oct 08, 2007 - 04:33:34









Scan path: C:\;E:\;F:\;















Statistics

Time


03:41:52

Files


1087677

Folders


16644

Boot Sectors


3

Archives


50190

Packed Files


19575







Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


1







Engines Info

Virus Definitions


825550

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Infected with: Trojan.Rootkit.Agent.EQ

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Disinfection failed

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)=>core.sys


Deleted

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip=>(Quarantine-4)


Updated

C:\qoobox\Quarantine\catchme2007-10-04_193737.60.zip


Update failed






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\PRF52B.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-842925246-2139871995-725345543-10394\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 17 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
salut antoune,

¤ Télécharge Clean
----> http://www.malekal.com/download/clean.zip

Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu ici

comment se porte ton pc?

@+
0
Réponse 18 / 66
antoune
 
salut,

Grâce à tes conseils, le PC va beaucoup mieux. J'ai refait tourné OfficeScan ce matin qui a dégagé 4 fichiers infectés et Spybot qui en a supprimé d'autres. Smitfraud n'apparait plus et Spybot est capable de tout corriger.
De plus, à partir de HijackThis, j'ai supprimé les deux entrées dont je t'avais dans un mail précédent
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
Les deux programmes sont en effet introuvables.
Je sens que la fin de mes problèmes est proche...


Vollà ce que donne clean.cmd:

08/10/2007 a 13:50:01.43

*** Recherche C:

*** Recherche C:\WINDOWS\

*** Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\tphklock.dll FOUND

*** Recherche C:\Program Files
*** End of the report !

@+
0
Réponse 19 / 66
moK´s@ Messages postés 4399 Date d'inscription   Statut Membre Dernière intervention   89
 
ok

Redémarre en mode sans échec :

¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5)

Puis ouvre le dossier clean et ouvre clean.cmd et choisis l'option 2.
Redémarre normalement et poste le log clean.

et remet un hijack this stp

@+
0
Réponse 20 / 66
antoune Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Et voilà deux petits logs de plus ...
La librairie tphklock.dll est peut-être lié à mon PC de marque IBM mais je te laisse seul juge.
merci. a+





Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 08/10/2007 a 16:48:28.34

Microsoft Windows XP [version 5.1.2600]

*** Suppression C:

*** Suppression C:\WINDOWS\

*** Suppression C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\tphklock.dll
Impossible de supprimer C:\WINDOWS\system32\tphklock.dll

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BCC535.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DCBC0C3-FB95-4A2A-8145-EC5FC02B5F87}: NameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0

Discussions similaires

Smitfraud-C
Lasto97 -
Lasto97 -

25 réponses
[XP] Desinfection smitfraud
titelea -
green day -

9 réponses
triangle jaune infection smitfraud
Sparcoman -
Sparcoman -

42 réponses