DLL inconnues
jlppap
Messages postés
18
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai un portable HP sous XP pro. et McAfee 8 comme antivirus.
Depuis peu, j'ai quelques pb d'ouvertures de pages web...
J'ai essayé de m'en débarasser avec l'aide du prog Hijackthis mais j'ai des doutes sur certaines lignes à supprimer
je ne trouve aucune information sur ces prog ou dll...
exemple :
O2 - BHO: (no name) - {023FB72C-F8F8-487F-A493-2AB39B8F4FBF} - C:\WINDOWS\system32\ljJcdbbA.dll
O2 - BHO: {0fbb261d-d200-fbf8-12f4-2767e14f0160} - {0610f41e-7672-4f21-8fbf-002dd162bbf0} - C:\WINDOWS\system32\hsyadf.dll
O2 - BHO: (no name) - {57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\geBqOEuU.dll
et au démarrage j'ai aussi celles ci :
O4 - HKLM\..\Run: [BMd7c54ab3] Rundll32.exe "C:\WINDOWS\system32\vguefghp.dll",s
O4 - HKLM\..\Run: [d4f6792f] rundll32.exe "C:\WINDOWS\system32\tsisfklw.dll",b
et en ligne 20...
O20 - AppInit_DLLs: ecufje.dll ynojrp.dll hstjxp.dll hsyadf.dll
O20 - Winlogon Notify: geBqOEuU - C:\WINDOWS\SYSTEM32\geBqOEuU.dll
D'avance toutes mes excuses si je n'ai pas mis ma demande au bon endroit.
MERCI pour votre aide.
J'ai un portable HP sous XP pro. et McAfee 8 comme antivirus.
Depuis peu, j'ai quelques pb d'ouvertures de pages web...
J'ai essayé de m'en débarasser avec l'aide du prog Hijackthis mais j'ai des doutes sur certaines lignes à supprimer
je ne trouve aucune information sur ces prog ou dll...
exemple :
O2 - BHO: (no name) - {023FB72C-F8F8-487F-A493-2AB39B8F4FBF} - C:\WINDOWS\system32\ljJcdbbA.dll
O2 - BHO: {0fbb261d-d200-fbf8-12f4-2767e14f0160} - {0610f41e-7672-4f21-8fbf-002dd162bbf0} - C:\WINDOWS\system32\hsyadf.dll
O2 - BHO: (no name) - {57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\geBqOEuU.dll
et au démarrage j'ai aussi celles ci :
O4 - HKLM\..\Run: [BMd7c54ab3] Rundll32.exe "C:\WINDOWS\system32\vguefghp.dll",s
O4 - HKLM\..\Run: [d4f6792f] rundll32.exe "C:\WINDOWS\system32\tsisfklw.dll",b
et en ligne 20...
O20 - AppInit_DLLs: ecufje.dll ynojrp.dll hstjxp.dll hsyadf.dll
O20 - Winlogon Notify: geBqOEuU - C:\WINDOWS\SYSTEM32\geBqOEuU.dll
D'avance toutes mes excuses si je n'ai pas mis ma demande au bon endroit.
MERCI pour votre aide.
3 réponses
slt
c'est une infection vundo que tu as
colles le rapport hijackthis entier
puis
Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
c'est une infection vundo que tu as
colles le rapport hijackthis entier
puis
Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Quelle rapidité !!!
Rapport en entier.
_____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:55, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\program files\lotus notes\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\iPass\Cisco VPN\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ipass\epm\rstate.exe
C:\program files\lotus notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\UdaterUI.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ipass\epm\rstate.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Arcole\Client\report\Fichiers communs\vcximpagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\__aa\HiJackThis_new.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {023FB72C-F8F8-487F-A493-2AB39B8F4FBF} - C:\WINDOWS\system32\ljJcdbbA.dll
O2 - BHO: {0fbb261d-d200-fbf8-12f4-2767e14f0160} - {0610f41e-7672-4f21-8fbf-002dd162bbf0} - C:\WINDOWS\system32\hsyadf.dll
O2 - BHO: (no name) - {57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\geBqOEuU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [VCXIMPAGENT] D:\Arcole\Client\report\Fichiers communs\VcxImpAgent.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISTAgent2008] "C:\Program Files\ISTAgent2008\Launcher.exe" off
O4 - HKLM\..\Run: [EPM Agent] c:\PROGRA~1\ipass\epm\rstate.exe /LOGON
O4 - HKLM\..\Run: [BMd7c54ab3] Rundll32.exe "C:\WINDOWS\system32\vguefghp.dll",s
O4 - HKLM\..\Run: [d4f6792f] rundll32.exe "C:\WINDOWS\system32\tsisfklw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'Default user')
O4 - Global Startup: Areva T&D VPN Client.lnk = C:\Program Files\iPass\Cisco VPN\vpngui.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: ecufje.dll ynojrp.dll hstjxp.dll hsyadf.dll
O20 - Winlogon Notify: geBqOEuU - C:\WINDOWS\SYSTEM32\geBqOEuU.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\iPass\Cisco VPN\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: iPass Endpoint Policy Management Agent (MobileAutmationAgentService) - iPass Inc. - c:\program files\ipass\epm\rstate.exe
O23 - Service: Oracleoracle_8iClientCache - Unknown owner - C:\orant8i\BIN\ONRSD.EXE
O23 - Service: Reflection Servers - WRQ, Inc. - C:\Program Files\Reflection\rninetd.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: DeviceID Authentication Agent (ServiceWrapper) - Unknown owner - C:\PROGRA~1\iPass\DeviceID\bin\ServiceWrapper.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
Rapport en entier.
_____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:55, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\program files\lotus notes\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\iPass\Cisco VPN\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ipass\epm\rstate.exe
C:\program files\lotus notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\UdaterUI.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ipass\epm\rstate.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Arcole\Client\report\Fichiers communs\vcximpagent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\__aa\HiJackThis_new.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {023FB72C-F8F8-487F-A493-2AB39B8F4FBF} - C:\WINDOWS\system32\ljJcdbbA.dll
O2 - BHO: {0fbb261d-d200-fbf8-12f4-2767e14f0160} - {0610f41e-7672-4f21-8fbf-002dd162bbf0} - C:\WINDOWS\system32\hsyadf.dll
O2 - BHO: (no name) - {57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\geBqOEuU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [VCXIMPAGENT] D:\Arcole\Client\report\Fichiers communs\VcxImpAgent.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISTAgent2008] "C:\Program Files\ISTAgent2008\Launcher.exe" off
O4 - HKLM\..\Run: [EPM Agent] c:\PROGRA~1\ipass\epm\rstate.exe /LOGON
O4 - HKLM\..\Run: [BMd7c54ab3] Rundll32.exe "C:\WINDOWS\system32\vguefghp.dll",s
O4 - HKLM\..\Run: [d4f6792f] rundll32.exe "C:\WINDOWS\system32\tsisfklw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Defaut_User] C:\Program Files\SysUtil\defaut.cmd (User 'Default user')
O4 - Global Startup: Areva T&D VPN Client.lnk = C:\Program Files\iPass\Cisco VPN\vpngui.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: ecufje.dll ynojrp.dll hstjxp.dll hsyadf.dll
O20 - Winlogon Notify: geBqOEuU - C:\WINDOWS\SYSTEM32\geBqOEuU.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\iPass\Cisco VPN\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: iPass Endpoint Policy Management Agent (MobileAutmationAgentService) - iPass Inc. - c:\program files\ipass\epm\rstate.exe
O23 - Service: Oracleoracle_8iClientCache - Unknown owner - C:\orant8i\BIN\ONRSD.EXE
O23 - Service: Reflection Servers - WRQ, Inc. - C:\Program Files\Reflection\rninetd.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: DeviceID Authentication Agent (ServiceWrapper) - Unknown owner - C:\PROGRA~1\iPass\DeviceID\bin\ServiceWrapper.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
