Page internet qui s'ouvrent sans arret

Fermé
shrix - 19 juin 2008 à 18:10
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 19 juin 2008 à 21:50
Bonjour depuis 2-3 jours jai des pages qui s'ouvrent avec internet exploreer ( antivisus,spyboot ect..) sans arrets.
Et j'ai souvent des erreur de internet explorer (ne pas envoyer le rapport ect)

J'ai un ordi portable sony sous vista

j'ai passer hijackthis est voici le rapport svp aidez moi!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:04, on 19/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\DBR122\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bqca.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\879_1213888339_22499\services.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\879_1213891571_28571\services.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

15 réponses

^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 19:35
Bonjour

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge maintenant Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

Bon courage
A++

1
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 20:27
Bingo




Télécharges ComboFix
à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Et important, enregistre le sur le bureau.

Avant
d'utiliser ComboFix :

► Déconnecte
toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens
sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

+ un log hijackthis

+++


1
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 21:26
RENOMMER HT

Fais un clic droit sur hijackthis, choisis "renommer"
marque : PROUT.exe
Puis remet un rapport stp


Pourquoi renommer HT

Parce que qu'il semble que les infections Vundo aient la particularité de se "cacher" à la détection de HJT proprement dite ou à son analyse : la modification du nom de l'exe pallie ce problème...
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

1
poussinou92 Messages postés 382 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 30 décembre 2008 20
19 juin 2008 à 18:24
bonjour , essayes de telecharger le log.malwarebytes anti-malwares (le mettre à jour ) et de faire un scan en mode ss echec et poste ton rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Voila Marie merci pour ton aide :)

Search Navipromo version 3.5.8 commencé le 19/06/2008 à 20:01:52,44

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Shahriar"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16643
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\shahriar\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Shahriar\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Shahriar\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Shahriar\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Shahriar\AppData\Local\Microsoft" :


* Dans "C:\Users\Shahriar\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\Windows\system32\eOWayyxx.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\jPqXwGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\lTuCJmoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\stBKUvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\xybacMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\yFLStBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 19/06/2008 à 20:17:35,12 ***
0
ComboFix 08-06-16.5 - Shahriar 2008-06-19 20:50:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1108 [GMT 2:00]
Running from: C:\Users\Shahriar\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Adsl Software Limited
C:\PROGRA~2\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Users\Shahriar\services.exe
C:\Windows\eslb.exe
C:\Windows\system32\aclomvxd.dll
C:\Windows\system32\bmanojms.dll
C:\Windows\system32\bywuntch.dll
C:\Windows\system32\dsjssfwo.dll
C:\Windows\System32\eOWayyxx.ini
C:\Windows\System32\eOWayyxx.ini2
C:\Windows\system32\esjaqxky.dll
C:\Windows\system32\geBtSLFy.dll
C:\Windows\system32\hdbrqdae.ini
C:\Windows\system32\hgGwXqPj.dll
C:\Windows\system32\hwhlewcg.dll
C:\Windows\System32\jcrqlkom.ini
C:\Windows\system32\jifxbrff.ini
C:\Windows\System32\jPqXwGgh.ini
C:\Windows\System32\jPqXwGgh.ini2
C:\Windows\system32\jtwikppi.ini
C:\Windows\system32\lnxuxxsp.dll
C:\Windows\System32\lTuCJmoq.ini
C:\Windows\System32\lTuCJmoq.ini2
C:\Windows\system32\moklqrcj.dll
C:\Windows\system32\oryuemaf.dll
C:\Windows\system32\prnftrwv.dll
C:\Windows\system32\qomJCuTl.dll
C:\Windows\system32\rqcdnuga.dll
C:\Windows\system32\ryuemafi.dll
C:\Windows\System32\stBKUvut.ini
C:\Windows\System32\stBKUvut.ini2
C:\Windows\system32\tuvUKBts.dll
C:\Windows\system32\vkdthhkg.ini
C:\Windows\System32\vwrtfnrp.ini
C:\Windows\system32\wrvogkpr.dll
C:\Windows\system32\x64
C:\Windows\system32\xpudifje.ini
C:\Windows\system32\xxyyaWOe.dll
C:\Windows\System32\xybacMoq.ini
C:\Windows\System32\xybacMoq.ini2
C:\Windows\system32\ybnmrcre.ini
C:\Windows\System32\yFLStBeg.ini
C:\Windows\System32\yFLStBeg.ini2
C:\Windows\system32\ykxqajse.ini
.
---- Previous Run -------
.
C:\Program Files\antiviirus.exe
C:\Windows\cookies.ini
C:\Windows\system32\mcrh.tmp

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 18:50 --------- d---a-w C:\PROGRA~2\TEMP
2008-06-19 18:21 --------- d-----w C:\Program Files\Navilog1
2008-06-19 15:42 --------- d-----w C:\Program Files\Trend Micro
2008-06-19 15:40 --------- d-----w C:\Users\Shahriar\AppData\Roaming\Skype
2008-06-19 15:24 --------- d-----w C:\Users\Shahriar\AppData\Roaming\skypePM
2008-06-19 15:23 --------- d-----w C:\Program Files\euro gunz beta 6
2008-06-19 15:15 --------- d-----w C:\Users\Shahriar\AppData\Roaming\LimeWire
2008-06-18 20:12 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-06-17 14:45 --------- d-----w C:\Users\Shahriar\AppData\Roaming\TuneUp Software
2008-06-17 14:45 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-17 14:44 --------- d-----w C:\PROGRA~2\TuneUp Software
2008-06-17 14:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 16:16 --------- d-----w C:\Program Files\UltraISO
2008-06-16 16:16 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-06-14 18:21 --------- d-----w C:\Program Files\LimeWire
2008-06-14 16:54 --------- d-----w C:\Program Files\eMule
2008-06-11 18:41 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 13:47 --------- d-----w C:\Program Files\QuickTime
2008-06-11 13:42 --------- d-----w C:\Program Files\Apple Software Update
2008-06-07 11:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-07 11:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-07 11:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-07 11:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-07 11:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-07 10:58 --------- d-----w C:\Program Files\Common Files\Intuit
2008-06-04 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 12:43 --------- d-----w C:\Program Files\VAIO Startup
2008-05-18 12:37 --------- d-----w C:\Program Files\OCA Marker
2008-05-18 12:36 --------- d-----w C:\Program Files\Sony
2008-05-18 12:22 --------- d-----w C:\Program Files\MAIET
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 10:17 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 10:16 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-12 15:25 --------- d-----w C:\Program Files\DivX
2008-05-12 15:25 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-12 15:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-07 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 20:31 --------- d-----w C:\Program Files\Audacity
2008-05-03 22:32 --------- d-----w C:\Program Files\iTunes
2008-05-03 22:32 --------- d-----w C:\Program Files\iPod
2008-05-03 22:32 --------- d-----w C:\PROGRA~2\Apple Computer
2008-05-01 10:02 --------- d-----w C:\PROGRA~2\Downloaded Installations
2008-04-25 10:56 --------- d-----w C:\Users\Shahriar\AppData\Roaming\Datalayer
2008-04-23 19:47 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-04-23 19:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-31 19:59 268,288 ----a-w C:\Windows\vlc_7xz.exe
2008-01-31 20:17 0 ----a-w C:\Users\Shahriar\AppData\Roaming\wklnhst.dat
2007-12-13 23:41 280 --sha-w C:\Program Files\desktop.ini
2007-12-13 20:23 147,456 ----a-w C:\Users\Shahriar\vbzip10.dll
2007-12-09 22:59 32 ----a-w C:\PROGRA~2\ezsid.dat
2007-12-09 11:11 263,460,540 ----a-w C:\Users\Shahriar\U_SFInstaller.exe
2007-11-24 18:59 445,584 ----a-w C:\Users\Shahriar\msgr9fr.exe
2007-04-14 20:25 1,132,112 ----a-w C:\PROGRA~2\pswi_preloaded.exe
2008-02-29 16:30 700,416 --sh--r C:\Windows\System32\DBR121\DXW1\services.exe
2008-02-29 16:30 36,864 --sh--r C:\Windows\System32\DBR121\DXW2\spoolsv.exe
2008-02-29 16:30 766,081 --sh--r C:\Windows\System32\DBR121\DXW2\svchost.exe
2008-02-29 16:30 151,682 --sh--r C:\Windows\System32\DBR121\DXW2\wm_hooks.dll
2008-02-29 16:48 16,384 --sh--w C:\Windows\System32\SYNC_1204303683_128683\services.exe
2008-02-29 16:52 81,920 --sh--w C:\Windows\System32\SYNC_1204303943_102088\services.exe
2008-02-29 17:27 20,480 --sh--w C:\Windows\System32\SYNC_1204306075_114807\services.exe
2008-02-29 18:41 167,936 --sh--w C:\Windows\System32\SYNC_1204310493_128841\services.exe
2008-02-29 19:01 20,480 --sh--w C:\Windows\System32\SYNC_1204311661_131430\services.exe
2008-02-29 19:05 20,480 --sh--w C:\Windows\System32\SYNC_1204311946_123074\services.exe
2008-02-29 19:14 20,480 --sh--w C:\Windows\System32\SYNC_1204312450_126271\services.exe
2008-02-29 20:12 167,936 --sh--w C:\Windows\System32\SYNC_1204315971_105736\services.exe
2008-03-01 10:40 167,936 --sh--w C:\Windows\System32\SYNC_1204368003_104669\services.exe
2008-03-01 11:13 16,384 --sh--w C:\Windows\System32\SYNC_1204369998_131584\services.exe
2008-03-01 12:31 81,920 --sh--w C:\Windows\System32\SYNC_1204374716_120846\services.exe
2008-03-01 12:36 81,920 --sh--w C:\Windows\System32\SYNC_1204375005_106676\services.exe
2008-03-01 13:01 167,936 --sh--w C:\Windows\System32\SYNC_1204376494_108744\services.exe
2008-03-01 14:40 81,920 --sh--w C:\Windows\System32\SYNC_1204382454_123688\services.exe
2008-03-01 14:47 167,936 --sh--w C:\Windows\System32\SYNC_1204382862_102945\services.exe
2008-03-01 15:13 167,936 --sh--w C:\Windows\System32\SYNC_1204384381_108825\services.exe
2008-03-01 16:17 16,384 --sh--w C:\Windows\System32\SYNC_1204388253_130554\services.exe
2008-03-01 21:19 16,384 --sh--w C:\Windows\System32\SYNC_1204406392_123309\services.exe
2008-03-01 21:24 81,920 --sh--w C:\Windows\System32\SYNC_1204406678_114813\services.exe
2008-03-01 22:24 167,936 --sh--w C:\Windows\System32\SYNC_1204410283_111490\services.exe
2008-03-02 11:23 16,384 --sh--w C:\Windows\System32\SYNC_1204456991_105589\services.exe
2008-03-02 11:47 81,920 --sh--w C:\Windows\System32\SYNC_1204458438_106579\services.exe
2008-03-02 11:55 16,384 --sh--w C:\Windows\System32\SYNC_1204458947_108019\services.exe
2008-03-02 12:04 16,384 --sh--w C:\Windows\System32\SYNC_1204459451_102362\services.exe
2008-03-02 12:20 20,480 --sh--w C:\Windows\System32\SYNC_1204460402_104067\services.exe
2008-03-02 12:23 20,480 --sh--w C:\Windows\System32\SYNC_1204460627_120666\services.exe
2008-03-02 12:35 20,480 --sh--w C:\Windows\System32\SYNC_1204461333_121904\services.exe
2008-03-02 13:45 167,936 --sh--w C:\Windows\System32\SYNC_1204465534_131634\services.exe
2008-03-02 13:48 81,920 --sh--w C:\Windows\System32\SYNC_1204465697_130155\services.exe
2008-03-02 13:53 20,480 --sh--w C:\Windows\System32\SYNC_1204465984_129654\services.exe
2008-03-02 13:57 20,480 --sh--w C:\Windows\System32\SYNC_1204466237_124385\services.exe
2008-03-02 13:59 20,480 --sh--w C:\Windows\System32\SYNC_1204466393_110576\services.exe
2008-03-02 14:01 20,480 --sh--w C:\Windows\System32\SYNC_1204466481_112127\services.exe
2008-03-02 14:23 81,920 --sh--w C:\Windows\System32\SYNC_1204467788_105352\services.exe
2008-03-02 14:51 16,384 --sh--w C:\Windows\System32\SYNC_1204469484_120447\services.exe
2008-03-02 14:55 20,480 --sh--w C:\Windows\System32\SYNC_1204469746_109271\services.exe
2008-03-02 15:13 16,384 --sh--w C:\Windows\System32\SYNC_1204470832_132681\services.exe
2008-03-02 15:17 167,936 --sh--w C:\Windows\System32\SYNC_1204471042_127473\services.exe
2008-03-02 15:23 16,384 --sh--w C:\Windows\System32\SYNC_1204471435_122541\services.exe
2008-03-02 15:28 167,936 --sh--w C:\Windows\System32\SYNC_1204471681_117837\services.exe
2008-03-02 15:41 167,936 --sh--w C:\Windows\System32\SYNC_1204472473_122656\services.exe
2008-03-02 18:05 167,936 --sh--w C:\Windows\System32\SYNC_1204481134_126460\services.exe
2008-03-02 18:24 167,936 --sh--w C:\Windows\System32\SYNC_1204482295_105501\services.exe
2008-03-02 18:32 81,920 --sh--w C:\Windows\System32\SYNC_1204482758_110481\services.exe
2008-03-02 18:48 167,936 --sh--w C:\Windows\System32\SYNC_1204483684_119260\services.exe
2008-03-02 19:19 167,936 --sh--w C:\Windows\System32\SYNC_1204485577_127601\services.exe
2008-03-02 20:51 16,384 --sh--w C:\Windows\System32\SYNC_1204491112_123393\services.exe
2008-03-02 21:06 16,384 --sh--w C:\Windows\System32\SYNC_1204491989_108633\services.exe
2008-03-03 13:29 16,384 --sh--w C:\Windows\System32\SYNC_1204550954_118625\services.exe
2008-03-03 18:19 16,384 --sh--w C:\Windows\System32\SYNC_1204568398_112274\services.exe
2008-03-03 19:56 81,920 --sh--w C:\Windows\System32\SYNC_1204574168_114372\services.exe
2008-03-03 20:15 167,936 --sh--w C:\Windows\System32\SYNC_1204575301_112911\services.exe
2008-03-03 20:43 16,384 --sh--w C:\Windows\System32\SYNC_1204576994_126205\services.exe
2008-03-03 21:34 16,384 --sh--w C:\Windows\System32\SYNC_1204580057_104052\services.exe
2008-03-03 22:06 81,920 --sh--w C:\Windows\System32\SYNC_1204581969_131388\services.exe
2008-03-03 22:23 81,920 --sh--w C:\Windows\System32\SYNC_1204583007_108172\services.exe
2008-03-04 09:05 16,384 --sh--w C:\Windows\System32\SYNC_1204621505_128017\services.exe
2008-03-04 09:10 16,384 --sh--w C:\Windows\System32\SYNC_1204621852_116690\services.exe
2008-03-04 09:52 16,384 --sh--w C:\Windows\System32\SYNC_1204624371_130222\services.exe
2008-03-04 12:42 16,384 --sh--w C:\Windows\System32\SYNC_1204634528_109238\services.exe
2008-03-04 12:52 16,384 --sh--w C:\Windows\System32\SYNC_1204635156_123440\services.exe
2008-03-04 12:56 16,384 --sh--w C:\Windows\System32\SYNC_1204635360_127806\services.exe
2008-03-04 13:49 16,384 --sh--w C:\Windows\System32\SYNC_1204638599_124176\services.exe
2008-03-04 14:00 16,384 --sh--w C:\Windows\System32\SYNC_1204639220_130647\services.exe
2008-03-04 20:13 16,384 --sh--w C:\Windows\System32\SYNC_1204661601_101693\services.exe
2008-03-05 11:56 16,384 --sh--w C:\Windows\System32\SYNC_1204718161_104635\services.exe
2008-03-06 15:06 16,384 --sh--w C:\Windows\System32\SYNC_1204816009_103213\services.exe
2008-03-06 15:50 16,384 --sh--w C:\Windows\System32\SYNC_1204818628_112260\services.exe
2008-03-06 16:54 16,384 --sh--w C:\Windows\System32\SYNC_1204822499_104520\services.exe
2008-03-06 17:13 167,936 --sh--w C:\Windows\System32\SYNC_1204823598_126548\services.exe
2008-03-06 18:27 16,384 --sh--w C:\Windows\System32\SYNC_1204828064_106008\services.exe
2008-03-06 21:00 16,384 --sh--w C:\Windows\System32\SYNC_1204837258_118086\services.exe
2008-03-06 22:14 20,480 --sh--w C:\Windows\System32\SYNC_1204841649_116668\services.exe
2008-03-06 22:35 16,384 --sh--w C:\Windows\System32\SYNC_1204842940_112135\services.exe
2008-03-06 23:19 16,384 --sh--w C:\Windows\System32\SYNC_1204845567_110867\services.exe
2008-03-07 10:04 16,384 --sh--w C:\Windows\System32\SYNC_1204884248_105155\services.exe
2008-03-07 10:05 16,384 --sh--w C:\Windows\System32\SYNC_1204884328_111146\services.exe
2008-03-07 11:02 167,936 --sh--w C:\Windows\System32\SYNC_1204887739_111250\services.exe
2008-03-07 11:33 16,384 --sh--w C:\Windows\System32\SYNC_1204889612_125552\services.exe
2008-03-07 13:55 16,384 --sh--w C:\Windows\System32\SYNC_1204898143_110790\services.exe
2008-03-07 14:00 16,384 --sh--w C:\Windows\System32\SYNC_1204898416_100445\services.exe
2008-03-07 18:34 16,384 --sh--w C:\Windows\System32\SYNC_1204914897_124030\services.exe
2008-03-07 18:37 16,384 --sh--w C:\Windows\System32\SYNC_1204915025_114523\services.exe
2008-03-07 18:38 16,384 --sh--w C:\Windows\System32\SYNC_1204915110_121141\services.exe
2008-03-07 22:00 167,936 --sh--w C:\Windows\System32\SYNC_1204927219_123848\services.exe
2008-03-07 22:11 20,480 --sh--w C:\Windows\System32\SYNC_1204927904_128342\services.exe
2008-03-08 10:29 167,936 --sh--w C:\Windows\System32\SYNC_1204972173_108001\services.exe
2008-03-08 11:32 81,920 --sh--w C:\Windows\System32\SYNC_1204975945_103477\services.exe
2008-03-08 12:31 81,920 --sh--w C:\Windows\System32\SYNC_1204979466_119756\services.exe
2008-03-08 12:47 81,920 --sh--w C:\Windows\System32\SYNC_1204980442_130050\services.exe
2008-03-08 18:08 16,384 --sh--w C:\Windows\System32\SYNC_1204999713_121159\services.exe
2008-03-08 18:48 167,936 --sh--w C:\Windows\System32\SYNC_1205002135_120302\services.exe
2008-03-08 19:21 16,384 --sh--w C:\Windows\System32\SYNC_1205004091_104576\services.exe
2008-03-08 20:43 16,384 --sh--w C:\Windows\System32\SYNC_1205009028_112489\services.exe
2008-03-08 21:44 20,480 --sh--w C:\Windows\System32\SYNC_1205012660_112199\services.exe
2008-03-08 21:46 20,480 --sh--w C:\Windows\System32\SYNC_1205012797_112786\services.exe
2008-03-08 21:54 16,384 --sh--w C:\Windows\System32\SYNC_1205013278_114670\services.exe
2008-03-08 21:59 16,384 --sh--w C:\Windows\System32\SYNC_1205013597_106065\services.exe
2008-03-09 10:42 16,384 --sh--w C:\Windows\System32\SYNC_1205059364_101776\services.exe
2008-03-09 11:18 167,936 --sh--w C:\Windows\System32\SYNC_1205061513_121151\services.exe
2008-03-09 13:38 16,384 --sh--w C:\Windows\System32\SYNC_1205069912_112346\services.exe
2008-03-09 13:41 81,920 --sh--w C:\Windows\System32\SYNC_1205070074_100614\services.exe
2008-03-09 15:34 167,936 --sh--w C:\Windows\System32\SYNC_1205076848_101051\services.exe
2008-03-09 15:57 16,384 --sh--w C:\Windows\System32\SYNC_1205078263_110943\services.exe
2008-03-09 16:40 16,384 --sh--w C:\Windows\System32\SYNC_1205080806_113888\services.exe
2008-03-09 19:59 16,384 --sh--w C:\Windows\System32\SYNC_1205092763_119813\services.exe
2008-03-09 21:03 167,936 --sh--w C:\Windows\System32\SYNC_1205096610_129483\services.exe
2008-03-09 21:15 167,936 --sh--w C:\Windows\System32\SYNC_1205097345_114245\services.exe
2008-03-10 16:17 16,384 --sh--w C:\Windows\System32\SYNC_1205165847_126701\services.exe
2008-03-10 16:20 16,384 --sh--w C:\Windows\System32\SYNC_1205166056_114055\services.exe
2008-03-10 16:29 20,480 --sh--w C:\Windows\System32\SYNC_1205166590_125804\services.exe
2008-03-10 17:06 167,936 --sh--w C:\Windows\System32\SYNC_1205168790_120722\services.exe
2008-03-10 18:19 167,936 --sh--w C:\Windows\System32\SYNC_1205173161_108754\services.exe
2008-03-10 20:09 16,384 --sh--w C:\Windows\System32\SYNC_1205179748_118376\services.exe
2008-03-10 20:14 16,384 --sh--w C:\Windows\System32\SYNC_1205180089_115289\services.exe
2008-03-10 22:17 16,384 --sh--w C:\Windows\System32\SYNC_1205187461_124508\services.exe
2008-03-10 22:22 167,936 --sh--w C:\Windows\System32\SYNC_1205187754_110844\services.exe
2008-03-11 18:07 16,384 --sh--w C:\Windows\System32\SYNC_1205258848_127252\services.exe
2008-03-11 18:08 16,384 --sh--w C:\Windows\System32\SYNC_1205258922_119664\services.exe
2008-03-11 18:32 167,936 --sh--w C:\Windows\System32\SYNC_1205260330_125941\services.exe
2008-03-11 19:43 167,936 --sh--w C:\Windows\System32\SYNC_1205264622_116998\services.exe
2008-03-11 20:34 16,384 --sh--w C:\Windows\System32\SYNC_1205267672_118178\services.exe
2008-03-11 21:40 901,120 --sh--w C:\Windows\System32\SYNC_1205271595_130385\services.exe
2008-03-11 21:40 122,880 --sh--w C:\Windows\System32\SYNC_1205271608_115439\services.exe
2008-03-11 21:43 901,120 --sh--w C:\Windows\System32\SYNC_1205271773_101507\services.exe
2008-03-11 21:43 901,120 --sh--w C:\Windows\System32\SYNC_1205271832_120622\services.exe
2008-03-11 22:06 122,880 --sh--w C:\Windows\System32\SYNC_1205273194_118782\services.exe
2008-03-11 22:07 122,880 --sh--w C:\Windows\System32\SYNC_1205273238_121890\services.exe
2008-03-12 00:09 167,936 --sh--w C:\Windows\System32\SYNC_1205280583_127093\services.exe
2008-03-12 11:56 16,384 --sh--w C:\Windows\System32\SYNC_1205322998_113002\services.exe
2008-03-12 14:11 16,384 --sh--w C:\Windows\System32\SYNC_1205331083_108720\services.exe
2008-03-13 09:41 16,384 --sh--w C:\Windows\System32\SYNC_1205401313_111882\services.exe
2008-03-13 11:24 167,936 --sh--w C:\Windows\System32\SYNC_1205407472_106147\services.exe
2008-03-13 12:36 16,384 --sh--w C:\Windows\System32\SYNC_1205411783_121830\services.exe
2008-03-13 16:21 16,384 --sh--w C:\Windows\System32\SYNC_1205425301_131111\services.exe
2008-03-13 17:09 167,936 --sh--w C:\Windows\System32\SYNC_1205428158_123063\services.exe
2008-03-13 18:20 20,480 --sh--w C:\Windows\System32\SYNC_1205432449_127677\services.exe
2008-03-13 19:09 16,384 --sh--w C:\Windows\System32\SYNC_1205435396_116621\services.exe
2008-03-13 19:15 20,480 --sh--w C:\Windows\System32\SYNC_1205435736_112562\services.exe
2008-03-13 19:25 16,384 --sh--w C:\Windows\System32\SYNC_1205436327_132760\services.exe
2008-03-13 19:28 167,936 --sh--w C:\Windows\System32\SYNC_1205436481_124817\services.exe
2008-03-13 19:49 20,480 --sh--w C:\Windows\System32\SYNC_1205437781_104600\services.exe
2008-03-13 20:06 16,384 --sh--w C:\Windows\System32\SYNC_1205438805_103136\services.exe
2008-03-13 20:14 20,480 --sh--w C:\Windows\System32\SYNC_1205439275_106591\services.exe
2008-03-13 20:25 20,480 --sh--w C:\Windows\System32\SYNC_1205439653_120211\services.exe
2008-03-13 21:36 16,384 --sh--w C:\Windows\System32\SYNC_1205444203_124114\services.exe
2008-03-13 22:34 16,384 --sh--w C:\Windows\System32\SYNC_1205447677_103089\services.exe
2008-03-13 22:52 16,384 --sh--w C:\Windows\System32\SYNC_1205448730_130482\services.exe
2008-03-13 22:59 16,384 --sh--w C:\Windows\System32\SYNC_1205449178_100484\services.exe
2008-03-13 23:27 16,384 --sh--w C:\Windows\System32\SYNC_1205450851_116609\services.exe
2008-03-13 23:33 16,384 --sh--w C:\Windows\System32\SYNC_1205451185_123742\services.exe
2008-03-13 23:37 16,384 --sh--w C:\Windows\System32\SYNC_1205451426_122812\services.exe
2008-03-13 23:49 16,384 --sh--w C:\Windows\System32\SYNC_1205452163_109428\services.exe
2008-03-14 00:56 16,384 --sh--w C:\Windows\System32\SYNC_1205456214_102045\services.exe
2008-03-14 12:07 16,384 --sh--w C:\Windows\System32\SYNC_1205496455_108456\services.exe
2008-03-14 12:29 167,936 --sh--w C:\Windows\System32\SYNC_1205497763_127397\services.exe
2008-03-14 12:48 167,936 --sh--w C:\Windows\System32\SYNC_1205498885_121359\services.exe
2008-03-14 17:33 16,384 --sh--w C:\Windows\System32\SYNC_1205516017_112863\services.exe
2008-03-14 20:13 16,384 --sh--w C:\Windows\System32\SYNC_1205525613_119480\services.exe
2008-03-14 22:06 16,384 --sh--w C:\Windows\System32\SYNC_1205532395_108290\services.exe
2008-03-14 22:38 167,936 --sh--w C:\Windows\System32\SYNC_1205534334_112280\services.exe
2008-03-15 01:05 32,768 --sh--w C:\Windows\System32\SYNC_1205543152_117926\services.exe
2008-03-15 10:30 16,384 --sh--w C:\Windows\System32\SYNC_1205577029_125777\services.exe
2008-03-15 12:02 57,344 --sh--w C:\Windows\System32\SYNC_1205582577_101971\services.exe
2008-03-15 12:08 32,768 --sh--w C:\Windows\System32\SYNC_1205582907_128248\services.exe
2008-03-15 12:22 16,384 --sh--w C:\Windows\System32\SYNC_1205583723_122229\services.exe
2008-03-15 12:44 57,344 --sh--w C:\Windows\System32\SYNC_1205585047_126060\services.exe
2008-03-15 12:48 32,768 --sh--w C:\Windows\System32\SYNC_1205585277_118066\services.exe
2008-03-15 12:53 16,384 --sh--w C:\Windows\System32\SYNC_1205585606_101653\services.exe
2008-03-15 13:21 32,768 --sh--w C:\Windows\System32\SYNC_1205587283_116029\services.exe
2008-03-15 13:36 167,936 --sh--w C:\Windows\System32\SYNC_1205588194_104960\services.exe
2008-03-15 14:04 167,936 --sh--w C:\Windows\System32\SYNC_1205589881_112116\services.exe
2008-03-15 14:33 32,768 --sh--w C:\Windows\System32\SYNC_1205591604_105874\services.exe
2008-03-15 16:21 16,384 --sh--w C:\Windows\System32\SYNC_1205598095_120252\services.exe
2008-03-17 16:22 16,384 --sh--w C:\Windows\System32\SYNC_1205770972_105687\services.exe
2008-03-17 16:30 16,384 --sh--w C:\Windows\System32\SYNC_1205771441_117128\services.exe
2008-03-17 17:12 16,384 --sh--w C:\Windows\System32\SYNC_1205773976_124604\services.exe
2008-03-17 17:15 16,384 --sh--w C:\Windows\System32\SYNC_1205774115_108023\services.exe
2008-03-17 18:29 16,384 --sh--w C:\Windows\System32\SYNC_1205778547_123314\services.exe
2008-03-17 20:25 16,384 --sh--w C:\Windows\System32\SYNC_1205785528_116846\services.exe
2008-03-17 21:37 16,384 --sh--w C:\Windows\System32\SYNC_1205789828_127973\services.exe
2008-03-17 21:42 16,384 --sh--w C:\Windows\System32\SYNC_1205790128_100913\services.exe
2008-03-17 21:50 16,384 --sh--w C:\Windows\System32\SYNC_1205790601_103976\services.exe
2008-03-17 22:50 16,384 --sh--w C:\Windows\System32\SYNC_1205794231_129759\services.exe
2008-03-17 22:54 16,384 --sh--w C:\Windows\System32\SYNC_1205794480_103250\services.exe
2008-03-17 23:03 20,480 --sh--w C:\Windows\System32\SYNC_1205794987_103650\services.exe
2008-03-17 23:04 20,480 --sh--w C:\Windows\System32\SYNC_1205795073_103273\services.exe
2008-03-17 23:07 20,480 --sh--w C:\Windows\System32\SYNC_1205795190_107101\services.exe
2008-03-17 23:11 20,480 --sh--w C:\Windows\System32\SYNC_1205795466_121172\services.exe
2008-03-17 23:12 16,384 --sh--w C:\Windows\System32\SYNC_1205795526_114346\services.exe
2008-03-18 11:00 16,384 --sh--w C:\Windows\System32\SYNC_1205838007_111855\services.exe
2008-03-18 11:36 118,784 --sh--w C:\Windows\System32\SYNC_1205840191_120799\services.exe
2008-03-18 13:46 16,384 --sh--w C:\Windows\System32\SYNC_1205848002_105227\services.exe
2008-03-18 14:21 16,384 --sh--w C:\Windows\System32\SYNC_1205850109_131457\services.exe
2008-03-18 15:10 20,480 --sh--w C:\Windows\System32\SYNC_1205853045_123484\services.exe
2008-03-18 15:41 16,384 --sh--w C:\Windows\System32\SYNC_1205854868_120449\services.exe
2008-03-18 15:45 16,384 --sh--w C:\Windows\System32\SYNC_1205855135_129954\services.exe
2008-03-18 15:53 16,384 --sh--w C:\Windows\System32\SYNC_1205855624_128643\services.exe
2008-03-18 20:31 16,384 --sh--w C:\Windows\System32\SYNC_1205872285_113223\services.exe
2008-03-18 22:08 16,384 --sh--w C:\Windows\System32\SYNC_1205878105_112693\services.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1da06864-677b-4356-b55c-9735cd0456bb}]
2008-06-19 18:19 98816 --a------ C:\Windows\system32\qvggpndm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
2008-04-18 21:31 25088 --a------ C:\Windows\system32\cbXNEUKE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96286CED-79FE-4BC3-9674-98ABBDEB4856}]
C:\Windows\ksendlbttla.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"1a1f379c"="C:\Windows\system32\ejfidupx.dll" [2008-06-19 18:22 79360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-11-13 14:32 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 05:39 321656]
"VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-14 02:13 2322432]
"QuickBooks Simple Start"="C:\Program Files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 06:59 371712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Centre de Sécurité Windows 1.21"="C:\Windows\system32\DBR121\DXW1\services.exe" [2008-02-29 18:30 700416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-07-03 09:10 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-07-03 09:05 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-26 10:28 137752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Security Center 1.22"="C:\Windows\system32\DBR122\services.exe" [2008-03-25 19:16 196608]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"1a1f379c"="C:\Windows\system32\ejfidupx.dll" [2008-06-19 18:22 79360]

C:\Users\Shahriar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57A52E74-004C-464B-96CC-4DFE5366EA02}"= C:\Windows\system32\cbXNEUKE.dll [2008-04-18 21:31 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xvorfwbd"= {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll [ ]
"RomCheck"= {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-14 00:19 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"BackLightCompensation"= 1 (0x1)
"Brightness"= 63 (0x3f)
"Contrast"= 52 (0x34)
"PowerLineFrequency"= 1 (0x1)
"Hue"= 0 (0x0)
"Saturation"= 46 (0x2e)
"Sharpness"= 63 (0x3f)
"Gamma"= 100 (0x64)
"WBRedEx"= 127 (0x7f)
"WBGreenEx"= 127 (0x7f)
"WBBlueEx"= 127 (0x7f)
"AWBEx"= 1 (0x1)
"ExposureEx"= 255 (0xff)
"AECEx"= 1 (0x1)
"GainEx"= 63 (0x3f)
"AGCEx"= 1 (0x1)
"PowerLineEx"= 1 (0x1)
"FlipEx"= 0 (0x0)
"MirrorEx"= 0 (0x0)
"PrivacyEx"= 0 (0x0)
"NightModeEx"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-08-24 23:26 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 2007-03-07 00:22 36864 c:\program files\sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 2007-02-08 04:43 411768 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2006-12-07 02:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Security Center 1.22]
-r-hs---- 2008-03-25 19:16 196608 C:\Windows\system32\DBR122\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3920280387-3730961058-3500366842-1005]
"EnableNotificationsRef"=dword:0000000a
"EnableNotifications"=dword:00000001

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-01-03 20:19]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-26 09:53]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:17]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:17]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-03-19 15:13]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 14:26]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 20:41]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 20:41]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 20:41]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2004-09-17 11:56]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-17 16:45]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 01:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 23:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02293ddb-bb8e-11dc-87f2-0013a9c01438}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\antihost.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:57:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\ejfidupx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\STACSV.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-19 21:02:14 - machine was rebooted [Shahriar]
ComboFix-quarantined-files.txt 2008-06-19 19:02:04

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

515 --- E O F --- 2008-06-07 11:08:48

Merci Maire.
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 21:21
+ un log hijackthis
0
Voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:04, on 19/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\DBR122\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bqca.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\879_1213888339_22499\services.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\879_1213891571_28571\services.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:04, on 19/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\DBR122\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bqca.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\879_1213888339_22499\services.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\879_1213891571_28571\services.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 21:32
C'est le mm ;;))

0
j'ai mis PROUT.exe mais on dirait rien ne change non?
0
oui c'est le meme mais jai bien mis PROUT.exe
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 21:36
Lis le lien que je t'ai mis
Il faut impérativement pour que cela fonctionne qu'il y ait les lignes 02 qui apparaissent
0
miKadu40 Messages postés 123 Date d'inscription lundi 28 janvier 2008 Statut Membre Dernière intervention 8 juin 2011
19 juin 2008 à 21:38
marie fo ke tu ;aide i;perativemen stp jai jame eu un truc pareil jai vremen besoin de ton aide stp
0
j'arrive pas marie le rapport est toujours le meme :( jte laisse mon msn bennevy_family@hotmail.fr au quaou
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
19 juin 2008 à 21:50
Je ne fais pas de dépann par msn ni en MP
Je vais supprimer ton poste car ton adresse apparait, trop de ""gens"" circulent faudrait pas que tu te fasses pirater...

je reviens

0