Page internet qui s'ouvrent sans arret

shrix -  
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour depuis 2-3 jours jai des pages qui s'ouvrent avec internet exploreer ( antivisus,spyboot ect..) sans arrets.
Et j'ai souvent des erreur de internet explorer (ne pas envoyer le rapport ect)

J'ai un ordi portable sony sous vista

j'ai passer hijackthis est voici le rapport svp aidez moi!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:04, on 19/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\DBR122\services.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\bqca.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\879_1213888339_22499\services.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\879_1213891571_28571\services.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13212 bytes

Merci.
Configuration: Windows Vista
Opera 9.24

15 réponses

  1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonjour

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis
    "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

    Bon courage
    A++

    1
  2. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bingo


    Télécharges ComboFix
    à partir d'un de ces liens :
    En premier
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Et important, enregistre le sur le bureau.

    Avant
    d'utiliser ComboFix :

    ► Déconnecte
    toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens
    sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    + un log hijackthis

    +++

    1
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    RENOMMER HT

    Fais un clic droit sur hijackthis, choisis "renommer"
    marque : PROUT.exe
    Puis remet un rapport stp

    Pourquoi renommer HT

    Parce que qu'il semble que les infections Vundo aient la particularité de se "cacher" à la détection de HJT proprement dite ou à son analyse : la modification du nom de l'exe pallie ce problème...
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    1
  4. poussinou92 Messages postés 385 Statut Membre 20
     
    bonjour , essayes de telecharger le log.malwarebytes anti-malwares (le mettre à jour ) et de faire un scan en mode ss echec et poste ton rapport
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. shrix
     
    Voila Marie merci pour ton aide :)

    Search Navipromo version 3.5.8 commencé le 19/06/2008 à 20:01:52,44

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Shahriar"

    Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16643
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\Windows" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\ProgramData" ***

    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "c:\users\shahriar\appdata\roaming\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "C:\Users\Shahriar\AppData\Roaming" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\Shahriar\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\Shahriar\AppData\Local" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :

    * Dans "C:\Users\Shahriar\AppData\Local\Microsoft" :

    * Dans "C:\Users\Shahriar\AppData\Local" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\Windows\system32\eOWayyxx.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\Windows\system32\jPqXwGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\Windows\system32\lTuCJmoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\Windows\system32\stBKUvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\Windows\system32\xybacMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\Windows\system32\yFLStBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 19/06/2008 à 20:17:35,12 ***
    0
  7. shrix
     
    ComboFix 08-06-16.5 - Shahriar 2008-06-19 20:50:13.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1108 [GMT 2:00]
    Running from: C:\Users\Shahriar\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\PROGRA~2\Adsl Software Limited
    C:\PROGRA~2\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
    C:\Program Files\tmp0.exe
    C:\Program Files\tmp1.exe
    C:\Program Files\tmp2.exe
    C:\Users\Shahriar\services.exe
    C:\Windows\eslb.exe
    C:\Windows\system32\aclomvxd.dll
    C:\Windows\system32\bmanojms.dll
    C:\Windows\system32\bywuntch.dll
    C:\Windows\system32\dsjssfwo.dll
    C:\Windows\System32\eOWayyxx.ini
    C:\Windows\System32\eOWayyxx.ini2
    C:\Windows\system32\esjaqxky.dll
    C:\Windows\system32\geBtSLFy.dll
    C:\Windows\system32\hdbrqdae.ini
    C:\Windows\system32\hgGwXqPj.dll
    C:\Windows\system32\hwhlewcg.dll
    C:\Windows\System32\jcrqlkom.ini
    C:\Windows\system32\jifxbrff.ini
    C:\Windows\System32\jPqXwGgh.ini
    C:\Windows\System32\jPqXwGgh.ini2
    C:\Windows\system32\jtwikppi.ini
    C:\Windows\system32\lnxuxxsp.dll
    C:\Windows\System32\lTuCJmoq.ini
    C:\Windows\System32\lTuCJmoq.ini2
    C:\Windows\system32\moklqrcj.dll
    C:\Windows\system32\oryuemaf.dll
    C:\Windows\system32\prnftrwv.dll
    C:\Windows\system32\qomJCuTl.dll
    C:\Windows\system32\rqcdnuga.dll
    C:\Windows\system32\ryuemafi.dll
    C:\Windows\System32\stBKUvut.ini
    C:\Windows\System32\stBKUvut.ini2
    C:\Windows\system32\tuvUKBts.dll
    C:\Windows\system32\vkdthhkg.ini
    C:\Windows\System32\vwrtfnrp.ini
    C:\Windows\system32\wrvogkpr.dll
    C:\Windows\system32\x64
    C:\Windows\system32\xpudifje.ini
    C:\Windows\system32\xxyyaWOe.dll
    C:\Windows\System32\xybacMoq.ini
    C:\Windows\System32\xybacMoq.ini2
    C:\Windows\system32\ybnmrcre.ini
    C:\Windows\System32\yFLStBeg.ini
    C:\Windows\System32\yFLStBeg.ini2
    C:\Windows\system32\ykxqajse.ini
    .
    ---- Previous Run -------
    .
    C:\Program Files\antiviirus.exe
    C:\Windows\cookies.ini
    C:\Windows\system32\mcrh.tmp

    ----- BITS: Possible infected sites -----

    hxxp://theinstalls.com
    .
    ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-19 18:50 --------- d---a-w C:\PROGRA~2\TEMP
    2008-06-19 18:21 --------- d-----w C:\Program Files\Navilog1
    2008-06-19 15:42 --------- d-----w C:\Program Files\Trend Micro
    2008-06-19 15:40 --------- d-----w C:\Users\Shahriar\AppData\Roaming\Skype
    2008-06-19 15:24 --------- d-----w C:\Users\Shahriar\AppData\Roaming\skypePM
    2008-06-19 15:23 --------- d-----w C:\Program Files\euro gunz beta 6
    2008-06-19 15:15 --------- d-----w C:\Users\Shahriar\AppData\Roaming\LimeWire
    2008-06-18 20:12 --------- d-----w C:\PROGRA~2\Kaspersky Lab
    2008-06-17 14:45 --------- d-----w C:\Users\Shahriar\AppData\Roaming\TuneUp Software
    2008-06-17 14:45 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-06-17 14:44 --------- d-----w C:\PROGRA~2\TuneUp Software
    2008-06-17 14:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-16 16:16 --------- d-----w C:\Program Files\UltraISO
    2008-06-16 16:16 --------- d-----w C:\Program Files\Common Files\EZB Systems
    2008-06-14 18:21 --------- d-----w C:\Program Files\LimeWire
    2008-06-14 16:54 --------- d-----w C:\Program Files\eMule
    2008-06-11 18:41 --------- d-----w C:\Program Files\Yahoo!
    2008-06-11 13:47 --------- d-----w C:\Program Files\QuickTime
    2008-06-11 13:42 --------- d-----w C:\Program Files\Apple Software Update
    2008-06-07 11:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-06-07 11:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-06-07 11:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-07 11:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-06-07 11:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-07 10:58 --------- d-----w C:\Program Files\Common Files\Intuit
    2008-06-04 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-18 12:43 --------- d-----w C:\Program Files\VAIO Startup
    2008-05-18 12:37 --------- d-----w C:\Program Files\OCA Marker
    2008-05-18 12:36 --------- d-----w C:\Program Files\Sony
    2008-05-18 12:22 --------- d-----w C:\Program Files\MAIET
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 10:17 --------- d-----w C:\Program Files\Windows Mail
    2008-05-15 10:16 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-05-12 15:25 --------- d-----w C:\Program Files\DivX
    2008-05-12 15:25 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-05-12 15:04 --------- d-----w C:\Program Files\Microsoft SQL Server
    2008-05-07 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-06 20:31 --------- d-----w C:\Program Files\Audacity
    2008-05-03 22:32 --------- d-----w C:\Program Files\iTunes
    2008-05-03 22:32 --------- d-----w C:\Program Files\iPod
    2008-05-03 22:32 --------- d-----w C:\PROGRA~2\Apple Computer
    2008-05-01 10:02 --------- d-----w C:\PROGRA~2\Downloaded Installations
    2008-04-25 10:56 --------- d-----w C:\Users\Shahriar\AppData\Roaming\Datalayer
    2008-04-23 19:47 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
    2008-04-23 19:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-03-31 19:59 268,288 ----a-w C:\Windows\vlc_7xz.exe
    2008-01-31 20:17 0 ----a-w C:\Users\Shahriar\AppData\Roaming\wklnhst.dat
    2007-12-13 23:41 280 --sha-w C:\Program Files\desktop.ini
    2007-12-13 20:23 147,456 ----a-w C:\Users\Shahriar\vbzip10.dll
    2007-12-09 22:59 32 ----a-w C:\PROGRA~2\ezsid.dat
    2007-12-09 11:11 263,460,540 ----a-w C:\Users\Shahriar\U_SFInstaller.exe
    2007-11-24 18:59 445,584 ----a-w C:\Users\Shahriar\msgr9fr.exe
    2007-04-14 20:25 1,132,112 ----a-w C:\PROGRA~2\pswi_preloaded.exe
    2008-02-29 16:30 700,416 --sh--r C:\Windows\System32\DBR121\DXW1\services.exe
    2008-02-29 16:30 36,864 --sh--r C:\Windows\System32\DBR121\DXW2\spoolsv.exe
    2008-02-29 16:30 766,081 --sh--r C:\Windows\System32\DBR121\DXW2\svchost.exe
    2008-02-29 16:30 151,682 --sh--r C:\Windows\System32\DBR121\DXW2\wm_hooks.dll
    2008-02-29 16:48 16,384 --sh--w C:\Windows\System32\SYNC_1204303683_128683\services.exe
    2008-02-29 16:52 81,920 --sh--w C:\Windows\System32\SYNC_1204303943_102088\services.exe
    2008-02-29 17:27 20,480 --sh--w C:\Windows\System32\SYNC_1204306075_114807\services.exe
    2008-02-29 18:41 167,936 --sh--w C:\Windows\System32\SYNC_1204310493_128841\services.exe
    2008-02-29 19:01 20,480 --sh--w C:\Windows\System32\SYNC_1204311661_131430\services.exe
    2008-02-29 19:05 20,480 --sh--w C:\Windows\System32\SYNC_1204311946_123074\services.exe
    2008-02-29 19:14 20,480 --sh--w C:\Windows\System32\SYNC_1204312450_126271\services.exe
    2008-02-29 20:12 167,936 --sh--w C:\Windows\System32\SYNC_1204315971_105736\services.exe
    2008-03-01 10:40 167,936 --sh--w C:\Windows\System32\SYNC_1204368003_104669\services.exe
    2008-03-01 11:13 16,384 --sh--w C:\Windows\System32\SYNC_1204369998_131584\services.exe
    2008-03-01 12:31 81,920 --sh--w C:\Windows\System32\SYNC_1204374716_120846\services.exe
    2008-03-01 12:36 81,920 --sh--w C:\Windows\System32\SYNC_1204375005_106676\services.exe
    2008-03-01 13:01 167,936 --sh--w C:\Windows\System32\SYNC_1204376494_108744\services.exe
    2008-03-01 14:40 81,920 --sh--w C:\Windows\System32\SYNC_1204382454_123688\services.exe
    2008-03-01 14:47 167,936 --sh--w C:\Windows\System32\SYNC_1204382862_102945\services.exe
    2008-03-01 15:13 167,936 --sh--w C:\Windows\System32\SYNC_1204384381_108825\services.exe
    2008-03-01 16:17 16,384 --sh--w C:\Windows\System32\SYNC_1204388253_130554\services.exe
    2008-03-01 21:19 16,384 --sh--w C:\Windows\System32\SYNC_1204406392_123309\services.exe
    2008-03-01 21:24 81,920 --sh--w C:\Windows\System32\SYNC_1204406678_114813\services.exe
    2008-03-01 22:24 167,936 --sh--w C:\Windows\System32\SYNC_1204410283_111490\services.exe
    2008-03-02 11:23 16,384 --sh--w C:\Windows\System32\SYNC_1204456991_105589\services.exe
    2008-03-02 11:47 81,920 --sh--w C:\Windows\System32\SYNC_1204458438_106579\services.exe
    2008-03-02 11:55 16,384 --sh--w C:\Windows\System32\SYNC_1204458947_108019\services.exe
    2008-03-02 12:04 16,384 --sh--w C:\Windows\System32\SYNC_1204459451_102362\services.exe
    2008-03-02 12:20 20,480 --sh--w C:\Windows\System32\SYNC_1204460402_104067\services.exe
    2008-03-02 12:23 20,480 --sh--w C:\Windows\System32\SYNC_1204460627_120666\services.exe
    2008-03-02 12:35 20,480 --sh--w C:\Windows\System32\SYNC_1204461333_121904\services.exe
    2008-03-02 13:45 167,936 --sh--w C:\Windows\System32\SYNC_1204465534_131634\services.exe
    2008-03-02 13:48 81,920 --sh--w C:\Windows\System32\SYNC_1204465697_130155\services.exe
    2008-03-02 13:53 20,480 --sh--w C:\Windows\System32\SYNC_1204465984_129654\services.exe
    2008-03-02 13:57 20,480 --sh--w C:\Windows\System32\SYNC_1204466237_124385\services.exe
    2008-03-02 13:59 20,480 --sh--w C:\Windows\System32\SYNC_1204466393_110576\services.exe
    2008-03-02 14:01 20,480 --sh--w C:\Windows\System32\SYNC_1204466481_112127\services.exe
    2008-03-02 14:23 81,920 --sh--w C:\Windows\System32\SYNC_1204467788_105352\services.exe
    2008-03-02 14:51 16,384 --sh--w C:\Windows\System32\SYNC_1204469484_120447\services.exe
    2008-03-02 14:55 20,480 --sh--w C:\Windows\System32\SYNC_1204469746_109271\services.exe
    2008-03-02 15:13 16,384 --sh--w C:\Windows\System32\SYNC_1204470832_132681\services.exe
    2008-03-02 15:17 167,936 --sh--w C:\Windows\System32\SYNC_1204471042_127473\services.exe
    2008-03-02 15:23 16,384 --sh--w C:\Windows\System32\SYNC_1204471435_122541\services.exe
    2008-03-02 15:28 167,936 --sh--w C:\Windows\System32\SYNC_1204471681_117837\services.exe
    2008-03-02 15:41 167,936 --sh--w C:\Windows\System32\SYNC_1204472473_122656\services.exe
    2008-03-02 18:05 167,936 --sh--w C:\Windows\System32\SYNC_1204481134_126460\services.exe
    2008-03-02 18:24 167,936 --sh--w C:\Windows\System32\SYNC_1204482295_105501\services.exe
    2008-03-02 18:32 81,920 --sh--w C:\Windows\System32\SYNC_1204482758_110481\services.exe
    2008-03-02 18:48 167,936 --sh--w C:\Windows\System32\SYNC_1204483684_119260\services.exe
    2008-03-02 19:19 167,936 --sh--w C:\Windows\System32\SYNC_1204485577_127601\services.exe
    2008-03-02 20:51 16,384 --sh--w C:\Windows\System32\SYNC_1204491112_123393\services.exe
    2008-03-02 21:06 16,384 --sh--w C:\Windows\System32\SYNC_1204491989_108633\services.exe
    2008-03-03 13:29 16,384 --sh--w C:\Windows\System32\SYNC_1204550954_118625\services.exe
    2008-03-03 18:19 16,384 --sh--w C:\Windows\System32\SYNC_1204568398_112274\services.exe
    2008-03-03 19:56 81,920 --sh--w C:\Windows\System32\SYNC_1204574168_114372\services.exe
    2008-03-03 20:15 167,936 --sh--w C:\Windows\System32\SYNC_1204575301_112911\services.exe
    2008-03-03 20:43 16,384 --sh--w C:\Windows\System32\SYNC_1204576994_126205\services.exe
    2008-03-03 21:34 16,384 --sh--w C:\Windows\System32\SYNC_1204580057_104052\services.exe
    2008-03-03 22:06 81,920 --sh--w C:\Windows\System32\SYNC_1204581969_131388\services.exe
    2008-03-03 22:23 81,920 --sh--w C:\Windows\System32\SYNC_1204583007_108172\services.exe
    2008-03-04 09:05 16,384 --sh--w C:\Windows\System32\SYNC_1204621505_128017\services.exe
    2008-03-04 09:10 16,384 --sh--w C:\Windows\System32\SYNC_1204621852_116690\services.exe
    2008-03-04 09:52 16,384 --sh--w C:\Windows\System32\SYNC_1204624371_130222\services.exe
    2008-03-04 12:42 16,384 --sh--w C:\Windows\System32\SYNC_1204634528_109238\services.exe
    2008-03-04 12:52 16,384 --sh--w C:\Windows\System32\SYNC_1204635156_123440\services.exe
    2008-03-04 12:56 16,384 --sh--w C:\Windows\System32\SYNC_1204635360_127806\services.exe
    2008-03-04 13:49 16,384 --sh--w C:\Windows\System32\SYNC_1204638599_124176\services.exe
    2008-03-04 14:00 16,384 --sh--w C:\Windows\System32\SYNC_1204639220_130647\services.exe
    2008-03-04 20:13 16,384 --sh--w C:\Windows\System32\SYNC_1204661601_101693\services.exe
    2008-03-05 11:56 16,384 --sh--w C:\Windows\System32\SYNC_1204718161_104635\services.exe
    2008-03-06 15:06 16,384 --sh--w C:\Windows\System32\SYNC_1204816009_103213\services.exe
    2008-03-06 15:50 16,384 --sh--w C:\Windows\System32\SYNC_1204818628_112260\services.exe
    2008-03-06 16:54 16,384 --sh--w C:\Windows\System32\SYNC_1204822499_104520\services.exe
    2008-03-06 17:13 167,936 --sh--w C:\Windows\System32\SYNC_1204823598_126548\services.exe
    2008-03-06 18:27 16,384 --sh--w C:\Windows\System32\SYNC_1204828064_106008\services.exe
    2008-03-06 21:00 16,384 --sh--w C:\Windows\System32\SYNC_1204837258_118086\services.exe
    2008-03-06 22:14 20,480 --sh--w C:\Windows\System32\SYNC_1204841649_116668\services.exe
    2008-03-06 22:35 16,384 --sh--w C:\Windows\System32\SYNC_1204842940_112135\services.exe
    2008-03-06 23:19 16,384 --sh--w C:\Windows\System32\SYNC_1204845567_110867\services.exe
    2008-03-07 10:04 16,384 --sh--w C:\Windows\System32\SYNC_1204884248_105155\services.exe
    2008-03-07 10:05 16,384 --sh--w C:\Windows\System32\SYNC_1204884328_111146\services.exe
    2008-03-07 11:02 167,936 --sh--w C:\Windows\System32\SYNC_1204887739_111250\services.exe
    2008-03-07 11:33 16,384 --sh--w C:\Windows\System32\SYNC_1204889612_125552\services.exe
    2008-03-07 13:55 16,384 --sh--w C:\Windows\System32\SYNC_1204898143_110790\services.exe
    2008-03-07 14:00 16,384 --sh--w C:\Windows\System32\SYNC_1204898416_100445\services.exe
    2008-03-07 18:34 16,384 --sh--w C:\Windows\System32\SYNC_1204914897_124030\services.exe
    2008-03-07 18:37 16,384 --sh--w C:\Windows\System32\SYNC_1204915025_114523\services.exe
    2008-03-07 18:38 16,384 --sh--w C:\Windows\System32\SYNC_1204915110_121141\services.exe
    2008-03-07 22:00 167,936 --sh--w C:\Windows\System32\SYNC_1204927219_123848\services.exe
    2008-03-07 22:11 20,480 --sh--w C:\Windows\System32\SYNC_1204927904_128342\services.exe
    2008-03-08 10:29 167,936 --sh--w C:\Windows\System32\SYNC_1204972173_108001\services.exe
    2008-03-08 11:32 81,920 --sh--w C:\Windows\System32\SYNC_1204975945_103477\services.exe
    2008-03-08 12:31 81,920 --sh--w C:\Windows\System32\SYNC_1204979466_119756\services.exe
    2008-03-08 12:47 81,920 --sh--w C:\Windows\System32\SYNC_1204980442_130050\services.exe
    2008-03-08 18:08 16,384 --sh--w C:\Windows\System32\SYNC_1204999713_121159\services.exe
    2008-03-08 18:48 167,936 --sh--w C:\Windows\System32\SYNC_1205002135_120302\services.exe
    2008-03-08 19:21 16,384 --sh--w C:\Windows\System32\SYNC_1205004091_104576\services.exe
    2008-03-08 20:43 16,384 --sh--w C:\Windows\System32\SYNC_1205009028_112489\services.exe
    2008-03-08 21:44 20,480 --sh--w C:\Windows\System32\SYNC_1205012660_112199\services.exe
    2008-03-08 21:46 20,480 --sh--w C:\Windows\System32\SYNC_1205012797_112786\services.exe
    2008-03-08 21:54 16,384 --sh--w C:\Windows\System32\SYNC_1205013278_114670\services.exe
    2008-03-08 21:59 16,384 --sh--w C:\Windows\System32\SYNC_1205013597_106065\services.exe
    2008-03-09 10:42 16,384 --sh--w C:\Windows\System32\SYNC_1205059364_101776\services.exe
    2008-03-09 11:18 167,936 --sh--w C:\Windows\System32\SYNC_1205061513_121151\services.exe
    2008-03-09 13:38 16,384 --sh--w C:\Windows\System32\SYNC_1205069912_112346\services.exe
    2008-03-09 13:41 81,920 --sh--w C:\Windows\System32\SYNC_1205070074_100614\services.exe
    2008-03-09 15:34 167,936 --sh--w C:\Windows\System32\SYNC_1205076848_101051\services.exe
    2008-03-09 15:57 16,384 --sh--w C:\Windows\System32\SYNC_1205078263_110943\services.exe
    2008-03-09 16:40 16,384 --sh--w C:\Windows\System32\SYNC_1205080806_113888\services.exe
    2008-03-09 19:59 16,384 --sh--w C:\Windows\System32\SYNC_1205092763_119813\services.exe
    2008-03-09 21:03 167,936 --sh--w C:\Windows\System32\SYNC_1205096610_129483\services.exe
    2008-03-09 21:15 167,936 --sh--w C:\Windows\System32\SYNC_1205097345_114245\services.exe
    2008-03-10 16:17 16,384 --sh--w C:\Windows\System32\SYNC_1205165847_126701\services.exe
    2008-03-10 16:20 16,384 --sh--w C:\Windows\System32\SYNC_1205166056_114055\services.exe
    2008-03-10 16:29 20,480 --sh--w C:\Windows\System32\SYNC_1205166590_125804\services.exe
    2008-03-10 17:06 167,936 --sh--w C:\Windows\System32\SYNC_1205168790_120722\services.exe
    2008-03-10 18:19 167,936 --sh--w C:\Windows\System32\SYNC_1205173161_108754\services.exe
    2008-03-10 20:09 16,384 --sh--w C:\Windows\System32\SYNC_1205179748_118376\services.exe
    2008-03-10 20:14 16,384 --sh--w C:\Windows\System32\SYNC_1205180089_115289\services.exe
    2008-03-10 22:17 16,384 --sh--w C:\Windows\System32\SYNC_1205187461_124508\services.exe
    2008-03-10 22:22 167,936 --sh--w C:\Windows\System32\SYNC_1205187754_110844\services.exe
    2008-03-11 18:07 16,384 --sh--w C:\Windows\System32\SYNC_1205258848_127252\services.exe
    2008-03-11 18:08 16,384 --sh--w C:\Windows\System32\SYNC_1205258922_119664\services.exe
    2008-03-11 18:32 167,936 --sh--w C:\Windows\System32\SYNC_1205260330_125941\services.exe
    2008-03-11 19:43 167,936 --sh--w C:\Windows\System32\SYNC_1205264622_116998\services.exe
    2008-03-11 20:34 16,384 --sh--w C:\Windows\System32\SYNC_1205267672_118178\services.exe
    2008-03-11 21:40 901,120 --sh--w C:\Windows\System32\SYNC_1205271595_130385\services.exe
    2008-03-11 21:40 122,880 --sh--w C:\Windows\System32\SYNC_1205271608_115439\services.exe
    2008-03-11 21:43 901,120 --sh--w C:\Windows\System32\SYNC_1205271773_101507\services.exe
    2008-03-11 21:43 901,120 --sh--w C:\Windows\System32\SYNC_1205271832_120622\services.exe
    2008-03-11 22:06 122,880 --sh--w C:\Windows\System32\SYNC_1205273194_118782\services.exe
    2008-03-11 22:07 122,880 --sh--w C:\Windows\System32\SYNC_1205273238_121890\services.exe
    2008-03-12 00:09 167,936 --sh--w C:\Windows\System32\SYNC_1205280583_127093\services.exe
    2008-03-12 11:56 16,384 --sh--w C:\Windows\System32\SYNC_1205322998_113002\services.exe
    2008-03-12 14:11 16,384 --sh--w C:\Windows\System32\SYNC_1205331083_108720\services.exe
    2008-03-13 09:41 16,384 --sh--w C:\Windows\System32\SYNC_1205401313_111882\services.exe
    2008-03-13 11:24 167,936 --sh--w C:\Windows\System32\SYNC_1205407472_106147\services.exe
    2008-03-13 12:36 16,384 --sh--w C:\Windows\System32\SYNC_1205411783_121830\services.exe
    2008-03-13 16:21 16,384 --sh--w C:\Windows\System32\SYNC_1205425301_131111\services.exe
    2008-03-13 17:09 167,936 --sh--w C:\Windows\System32\SYNC_1205428158_123063\services.exe
    2008-03-13 18:20 20,480 --sh--w C:\Windows\System32\SYNC_1205432449_127677\services.exe
    2008-03-13 19:09 16,384 --sh--w C:\Windows\System32\SYNC_1205435396_116621\services.exe
    2008-03-13 19:15 20,480 --sh--w C:\Windows\System32\SYNC_1205435736_112562\services.exe
    2008-03-13 19:25 16,384 --sh--w C:\Windows\System32\SYNC_1205436327_132760\services.exe
    2008-03-13 19:28 167,936 --sh--w C:\Windows\System32\SYNC_1205436481_124817\services.exe
    2008-03-13 19:49 20,480 --sh--w C:\Windows\System32\SYNC_1205437781_104600\services.exe
    2008-03-13 20:06 16,384 --sh--w C:\Windows\System32\SYNC_1205438805_103136\services.exe
    2008-03-13 20:14 20,480 --sh--w C:\Windows\System32\SYNC_1205439275_106591\services.exe
    2008-03-13 20:25 20,480 --sh--w C:\Windows\System32\SYNC_1205439653_120211\services.exe
    2008-03-13 21:36 16,384 --sh--w C:\Windows\System32\SYNC_1205444203_124114\services.exe
    2008-03-13 22:34 16,384 --sh--w C:\Windows\System32\SYNC_1205447677_103089\services.exe
    2008-03-13 22:52 16,384 --sh--w C:\Windows\System32\SYNC_1205448730_130482\services.exe
    2008-03-13 22:59 16,384 --sh--w C:\Windows\System32\SYNC_1205449178_100484\services.exe
    2008-03-13 23:27 16,384 --sh--w C:\Windows\System32\SYNC_1205450851_116609\services.exe
    2008-03-13 23:33 16,384 --sh--w C:\Windows\System32\SYNC_1205451185_123742\services.exe
    2008-03-13 23:37 16,384 --sh--w C:\Windows\System32\SYNC_1205451426_122812\services.exe
    2008-03-13 23:49 16,384 --sh--w C:\Windows\System32\SYNC_1205452163_109428\services.exe
    2008-03-14 00:56 16,384 --sh--w C:\Windows\System32\SYNC_1205456214_102045\services.exe
    2008-03-14 12:07 16,384 --sh--w C:\Windows\System32\SYNC_1205496455_108456\services.exe
    2008-03-14 12:29 167,936 --sh--w C:\Windows\System32\SYNC_1205497763_127397\services.exe
    2008-03-14 12:48 167,936 --sh--w C:\Windows\System32\SYNC_1205498885_121359\services.exe
    2008-03-14 17:33 16,384 --sh--w C:\Windows\System32\SYNC_1205516017_112863\services.exe
    2008-03-14 20:13 16,384 --sh--w C:\Windows\System32\SYNC_1205525613_119480\services.exe
    2008-03-14 22:06 16,384 --sh--w C:\Windows\System32\SYNC_1205532395_108290\services.exe
    2008-03-14 22:38 167,936 --sh--w C:\Windows\System32\SYNC_1205534334_112280\services.exe
    2008-03-15 01:05 32,768 --sh--w C:\Windows\System32\SYNC_1205543152_117926\services.exe
    2008-03-15 10:30 16,384 --sh--w C:\Windows\System32\SYNC_1205577029_125777\services.exe
    2008-03-15 12:02 57,344 --sh--w C:\Windows\System32\SYNC_1205582577_101971\services.exe
    2008-03-15 12:08 32,768 --sh--w C:\Windows\System32\SYNC_1205582907_128248\services.exe
    2008-03-15 12:22 16,384 --sh--w C:\Windows\System32\SYNC_1205583723_122229\services.exe
    2008-03-15 12:44 57,344 --sh--w C:\Windows\System32\SYNC_1205585047_126060\services.exe
    2008-03-15 12:48 32,768 --sh--w C:\Windows\System32\SYNC_1205585277_118066\services.exe
    2008-03-15 12:53 16,384 --sh--w C:\Windows\System32\SYNC_1205585606_101653\services.exe
    2008-03-15 13:21 32,768 --sh--w C:\Windows\System32\SYNC_1205587283_116029\services.exe
    2008-03-15 13:36 167,936 --sh--w C:\Windows\System32\SYNC_1205588194_104960\services.exe
    2008-03-15 14:04 167,936 --sh--w C:\Windows\System32\SYNC_1205589881_112116\services.exe
    2008-03-15 14:33 32,768 --sh--w C:\Windows\System32\SYNC_1205591604_105874\services.exe
    2008-03-15 16:21 16,384 --sh--w C:\Windows\System32\SYNC_1205598095_120252\services.exe
    2008-03-17 16:22 16,384 --sh--w C:\Windows\System32\SYNC_1205770972_105687\services.exe
    2008-03-17 16:30 16,384 --sh--w C:\Windows\System32\SYNC_1205771441_117128\services.exe
    2008-03-17 17:12 16,384 --sh--w C:\Windows\System32\SYNC_1205773976_124604\services.exe
    2008-03-17 17:15 16,384 --sh--w C:\Windows\System32\SYNC_1205774115_108023\services.exe
    2008-03-17 18:29 16,384 --sh--w C:\Windows\System32\SYNC_1205778547_123314\services.exe
    2008-03-17 20:25 16,384 --sh--w C:\Windows\System32\SYNC_1205785528_116846\services.exe
    2008-03-17 21:37 16,384 --sh--w C:\Windows\System32\SYNC_1205789828_127973\services.exe
    2008-03-17 21:42 16,384 --sh--w C:\Windows\System32\SYNC_1205790128_100913\services.exe
    2008-03-17 21:50 16,384 --sh--w C:\Windows\System32\SYNC_1205790601_103976\services.exe
    2008-03-17 22:50 16,384 --sh--w C:\Windows\System32\SYNC_1205794231_129759\services.exe
    2008-03-17 22:54 16,384 --sh--w C:\Windows\System32\SYNC_1205794480_103250\services.exe
    2008-03-17 23:03 20,480 --sh--w C:\Windows\System32\SYNC_1205794987_103650\services.exe
    2008-03-17 23:04 20,480 --sh--w C:\Windows\System32\SYNC_1205795073_103273\services.exe
    2008-03-17 23:07 20,480 --sh--w C:\Windows\System32\SYNC_1205795190_107101\services.exe
    2008-03-17 23:11 20,480 --sh--w C:\Windows\System32\SYNC_1205795466_121172\services.exe
    2008-03-17 23:12 16,384 --sh--w C:\Windows\System32\SYNC_1205795526_114346\services.exe
    2008-03-18 11:00 16,384 --sh--w C:\Windows\System32\SYNC_1205838007_111855\services.exe
    2008-03-18 11:36 118,784 --sh--w C:\Windows\System32\SYNC_1205840191_120799\services.exe
    2008-03-18 13:46 16,384 --sh--w C:\Windows\System32\SYNC_1205848002_105227\services.exe
    2008-03-18 14:21 16,384 --sh--w C:\Windows\System32\SYNC_1205850109_131457\services.exe
    2008-03-18 15:10 20,480 --sh--w C:\Windows\System32\SYNC_1205853045_123484\services.exe
    2008-03-18 15:41 16,384 --sh--w C:\Windows\System32\SYNC_1205854868_120449\services.exe
    2008-03-18 15:45 16,384 --sh--w C:\Windows\System32\SYNC_1205855135_129954\services.exe
    2008-03-18 15:53 16,384 --sh--w C:\Windows\System32\SYNC_1205855624_128643\services.exe
    2008-03-18 20:31 16,384 --sh--w C:\Windows\System32\SYNC_1205872285_113223\services.exe
    2008-03-18 22:08 16,384 --sh--w C:\Windows\System32\SYNC_1205878105_112693\services.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1da06864-677b-4356-b55c-9735cd0456bb}]
    2008-06-19 18:19 98816 --a------ C:\Windows\system32\qvggpndm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
    2008-04-18 21:31 25088 --a------ C:\Windows\system32\cbXNEUKE.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96286CED-79FE-4BC3-9674-98ABBDEB4856}]
    C:\Windows\ksendlbttla.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "1a1f379c"="C:\Windows\system32\ejfidupx.dll" [2008-06-19 18:22 79360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-11-13 14:32 118784]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 05:39 321656]
    "VAIOSecurity"="C:\Program Files\Sony\VAIO Security Center\VSC.exe" [2007-03-14 02:13 2322432]
    "QuickBooks Simple Start"="C:\Program Files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 06:59 371712]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Centre de Sécurité Windows 1.21"="C:\Windows\system32\DBR121\DXW1\services.exe" [2008-02-29 18:30 700416]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-07-03 09:10 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-07-03 09:05 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-26 10:28 137752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Windows Security Center 1.22"="C:\Windows\system32\DBR122\services.exe" [2008-03-25 19:16 196608]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "1a1f379c"="C:\Windows\system32\ejfidupx.dll" [2008-06-19 18:22 79360]

    C:\Users\Shahriar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57A52E74-004C-464B-96CC-4DFE5366EA02}"= C:\Windows\system32\cbXNEUKE.dll [2008-04-18 21:31 25088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "xvorfwbd"= {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll [ ]
    "RomCheck"= {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2007-02-14 00:19 98304 C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
    "BackLightCompensation"= 1 (0x1)
    "Brightness"= 63 (0x3f)
    "Contrast"= 52 (0x34)
    "PowerLineFrequency"= 1 (0x1)
    "Hue"= 0 (0x0)
    "Saturation"= 46 (0x2e)
    "Sharpness"= 63 (0x3f)
    "Gamma"= 100 (0x64)
    "WBRedEx"= 127 (0x7f)
    "WBGreenEx"= 127 (0x7f)
    "WBBlueEx"= 127 (0x7f)
    "AWBEx"= 1 (0x1)
    "ExposureEx"= 255 (0xff)
    "AECEx"= 1 (0x1)
    "GainEx"= 63 (0x3f)
    "AGCEx"= 1 (0x1)
    "PowerLineEx"= 1 (0x1)
    "FlipEx"= 0 (0x0)
    "MirrorEx"= 0 (0x0)
    "PrivacyEx"= 0 (0x0)
    "NightModeEx"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    C:\Program Files\Napster\napster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    C:\Program Files\Pando Networks\Pando\Pando.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-08-24 23:26 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
    --a------ 2007-03-07 00:22 36864 c:\program files\sony\VAIO Center Access Bar\VCAB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
    --a------ 2007-02-08 04:43 411768 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
    --a------ 2006-12-07 02:08 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Security Center 1.22]
    -r-hs---- 2008-03-25 19:16 196608 C:\Windows\system32\DBR122\services.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3920280387-3730961058-3500366842-1005]
    "EnableNotificationsRef"=dword:0000000a
    "EnableNotifications"=dword:00000001

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB []
    R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-01-03 20:19]
    R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-26 09:53]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-03-15 21:17]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-03-15 21:17]
    R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-03-19 15:13]
    R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-04-23 14:29]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-08 14:26]
    S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe [2007-01-26 20:41]
    S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2007-01-26 20:41]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 3\IcVzMon.exe [2007-01-26 20:41]
    S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2004-09-17 11:56]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-17 16:45]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 01:51]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 23:05]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02293ddb-bb8e-11dc-87f2-0013a9c01438}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\antihost.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-19 20:57:53
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Windows\system32\ejfidupx.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\System32\STACSV.EXE
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\System32\igfxext.exe
    C:\Windows\System32\igfxsrvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
    C:\Windows\System32\igfxsrvc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint\ApntEx.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-19 21:02:14 - machine was rebooted [Shahriar]
    ComboFix-quarantined-files.txt 2008-06-19 19:02:04

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    515 --- E O F --- 2008-06-07 11:08:48

    Merci Maire.
    0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    + un log hijackthis
    0
  9. shrix
     
    Voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:04, on 19/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Windows\System32\DBR122\services.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\bqca.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Windows\system32\879_1213888339_22499\services.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\879_1213891571_28571\services.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
    O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
    O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
    O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
    O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  10. shrix
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:04, on 19/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Windows\System32\DBR122\services.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\bqca.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Windows\system32\879_1213888339_22499\services.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\879_1213891571_28571\services.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=Shahriar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: (no name) - {460B9C85-61E5-4CB6-A4B2-501DE81C4475} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
    O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.21] C:\Windows\system32\DBR121\DXW1\services.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Security Center 1.22] C:\Windows\system32\DBR122\services.exe
    O4 - HKLM\..\Run: [Winsock2 driver] BQCA.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcArOET.dll,#1
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BM192c0400] Rundll32.exe "C:\Windows\system32\oryuemaf.dll",s
    O4 - HKLM\..\Run: [1a1f379c] rundll32.exe "C:\Windows\system32\ercrmnby.dll",b
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] BQCA.EXE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: xvorfwbd - {36EDC387-6646-4FC8-AF9C-8DDA01ADC2F1} - C:\Windows\xvorfwbd.dll (file missing)
    O21 - SSODL: RomCheck - {de173200-9537-4c9d-98ff-5d96a46a278f} - C:\Windows\Resources\RomCheck.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  11. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    C'est le mm ;;))

    0
  12. shrix
     
    j'ai mis PROUT.exe mais on dirait rien ne change non?
    0
  13. shrix
     
    oui c'est le meme mais jai bien mis PROUT.exe
    0
  14. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Lis le lien que je t'ai mis
    Il faut impérativement pour que cela fonctionne qu'il y ait les lignes 02 qui apparaissent
    0
  15. miKadu40 Messages postés 124 Statut Membre
     
    marie fo ke tu ;aide i;perativemen stp jai jame eu un truc pareil jai vremen besoin de ton aide stp
    0
  16. shrix
     
    j'arrive pas marie le rapport est toujours le meme :( jte laisse mon msn bennevy_family@hotmail.fr au quaou
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      Je ne fais pas de dépann par msn ni en MP
      Je vais supprimer ton poste car ton adresse apparait, trop de ""gens"" circulent faudrait pas que tu te fasses pirater...

      je reviens

      0