Trop de Virus
Dernière réponse : dans Sécurité
Bonjour a tous !! J'ai trop de virus . J'ai Nod32 et Kerio firewall 4 . J'ai fait des scans avec Ewido et spybot , CCleaner , mais Kerio me dit que mon pc est infecté . J'ai deja éffacé de nombreux trojans avec Ewido mais ... Yen a encore ![:(]( ":(")
Logfile of HijackThis v1.99.1
Scan saved at 07:13:44, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 07:13:44, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Autres pages sur : virus
Lassé par la pub ? Créez un compte
J'ai fait de nouveaux scan en mode sans echec ( Ewido , Nod32 , Spybot , CCleaner ) Voici un nouveau raapport
Logfile of HijackThis v1.99.1
Scan saved at 08:19:06, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 08:19:06, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Bonjour,
Merci de suivre ces instructions.
1/ Télécharge la dernière version de SmitFraudFix (de S!Ri)
Dézippe-le sur le Bureau.
Ouvre le dossier SmitFraudFix et lance SmitFraudFix.cmd
Choisis l'option 1 (Recherche)
Poste le rapport ici
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Relance SmitFraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
Sauvegarde le rapport.
3/ Redémarre normalement et poste le 2ème rapport de SmitFraudFix
Merci de suivre ces instructions.
1/ Télécharge la dernière version de SmitFraudFix (de S!Ri)
Dézippe-le sur le Bureau.
Ouvre le dossier SmitFraudFix et lance SmitFraudFix.cmd
Choisis l'option 1 (Recherche)
Poste le rapport ici
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Relance SmitFraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
Sauvegarde le rapport.
3/ Redémarre normalement et poste le 2ème rapport de SmitFraudFix
Voici le "1/" , je fais le reste ![:)]( ":)")
SmitFraudFix v2.83
Rapport fait à 9:26:35,75, 03/09/2006
Executé à partir de C:\Documents and Settings\ApoZiA\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ApoZiA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ApoZiA\Favoris
C:\DOCUME~1\ApoZiA\Favoris\Antivirus Test Online.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.83
Rapport fait à 9:26:35,75, 03/09/2006
Executé à partir de C:\Documents and Settings\ApoZiA\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ApoZiA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ApoZiA\Favoris
C:\DOCUME~1\ApoZiA\Favoris\Antivirus Test Online.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Erf , j'ai pas pu sauvegarder ton rapport , c'est grave ?? J'ai regarde , il y avait 3 ou 4 trucs de supprimée . Je te colle kan meme un 2 em rapport , du meme genre que le 1er :
SmitFraudFix v2.83
Rapport fait à 9:40:42,90, 03/09/2006
Executé à partir de C:\Documents and Settings\ApoZiA\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ApoZiA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ApoZiA\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.83
Rapport fait à 9:40:42,90, 03/09/2006
Executé à partir de C:\Documents and Settings\ApoZiA\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ApoZiA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ApoZiA\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
pas grave pour le 2ème rapport
1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous si encore présentes
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
2/ Désactive le service inutile France Telecom Routing Table Service (FTRTSVC) comme ceci :
Démarrer --> Exécuter --> tape services.msc puis Entrée
Dans la liste, cherche la ligne "France Telecom Routing Table Service (FTRTSVC)" puis double-clique dessus.
Règle le "type de démarrage" sur "Désactiver"
Pour le statut du service, clique sur le bouton Arrêter
puis clique sur Appliquer.
et ça devrait être bon.
1/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous si encore présentes
puis --> Fix checked
puis oui à la question de confirmation
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
2/ Désactive le service inutile France Telecom Routing Table Service (FTRTSVC) comme ceci :
Démarrer --> Exécuter --> tape services.msc puis Entrée
Dans la liste, cherche la ligne "France Telecom Routing Table Service (FTRTSVC)" puis double-clique dessus.
Règle le "type de démarrage" sur "Désactiver"
Pour le statut du service, clique sur le bouton Arrêter
puis clique sur Appliquer.
et ça devrait être bon.
Merci bcp ![:)]( ":)")
Je te colle un new rapport Hijackthis , sit jamais :
Logfile of HijackThis v1.99.1
Scan saved at 10:55:36, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\TeamScripT4\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B03F3F-A85D-41D9-A176-A69BBBD7104B} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Je te colle un new rapport Hijackthis , sit jamais :
Logfile of HijackThis v1.99.1
Scan saved at 10:55:36, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\TeamScripT4\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08B03F3F-A85D-41D9-A176-A69BBBD7104B} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
** Attention **
y'a des nouveaux venus !![:(]( ":(")
Télécharge VundoFix.exe et mets le sur le bureau.
Note ou imprime les instructions qui suivent avant de commencer :
> Lance VundoFix.exe
> Clique sur le bouton Scan for Vundo
> Une fois le scan terminé, clique sur le bouton Remove Vundo
> Un message demandera confirmation, clique sur YES
> Le bureau va disparaître. C'est normal.
> Ensuite un message va indiquer que le PC va se fermer. Clique sur OK.
> Redémarre le PC.
> Enfin poste le contenu du rapport situé ici C:\vundofix.txt ainsi qu'un nouveau rapport HJT.
y'a des nouveaux venus !
Télécharge VundoFix.exe et mets le sur le bureau.
Note ou imprime les instructions qui suivent avant de commencer :
> Lance VundoFix.exe
> Clique sur le bouton Scan for Vundo
> Une fois le scan terminé, clique sur le bouton Remove Vundo
> Un message demandera confirmation, clique sur YES
> Le bureau va disparaître. C'est normal.
> Ensuite un message va indiquer que le PC va se fermer. Clique sur OK.
> Redémarre le PC.
> Enfin poste le contenu du rapport situé ici C:\vundofix.txt ainsi qu'un nouveau rapport HJT.
Jespere que c'est ce rapport que tu voulais , j'en ai plusieurs :
VundoFix V6.1.2
Checking Java version...
Java version is 1.4.2.3
Scan started at 22:00:20 03/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\hgghihi.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hgghihi.dll
C:\WINDOWS\system32\hgghihi.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.1.2
Checking Java version...
Java version is 1.4.2.3
Scan started at 22:00:20 03/09/2006
Listing files found while scanning....
C:\WINDOWS\system32\hgghihi.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hgghihi.dll
C:\WINDOWS\system32\hgghihi.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:18:56, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {4ACBE94D-99DD-4634-AC8D-9A3BB740CA2A} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Scan saved at 22:18:56, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {4ACBE94D-99DD-4634-AC8D-9A3BB740CA2A} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Bizarre que VundoFix ne détecte pas C:\WINDOWS\system32\awvvw.dll
1/ Lance HijackThis
Clique sur le bouton Open the Misc Tools Section
Clique sur Delete a file on reboot...
Dans "Nom du fichier :" colle C:\WINDOWS\SYSTEM32\winbjv32.dll puis clique sur Ouvrir
À la question "Voulez-vous redémarrer maintenant ?" clique sur Oui
2/ Après redémarrage essaie à nouveau Vundofix et poste le rapport ainsi qu'un nouveau rapport HiackThis.
1/ Lance HijackThis
Clique sur le bouton Open the Misc Tools Section
Clique sur Delete a file on reboot...
Dans "Nom du fichier :" colle C:\WINDOWS\SYSTEM32\winbjv32.dll puis clique sur Ouvrir
À la question "Voulez-vous redémarrer maintenant ?" clique sur Oui
2/ Après redémarrage essaie à nouveau Vundofix et poste le rapport ainsi qu'un nouveau rapport HiackThis.
Voici un nouveau rapport HiJackThis , pour celui de Vundofix , rien a faire , il ne se sauvegarde pas , ![:(]( ":(")
.
Logfile of HijackThis v1.99.1
Scan saved at 01:13:12, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09B109FF-5A86-4B15-B7FC-99501C33DC22} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
.Logfile of HijackThis v1.99.1
Scan saved at 01:13:12, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09B109FF-5A86-4B15-B7FC-99501C33DC22} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
On essaie autrement :
(merci à Malekal_morte pour la procédure)
Télécharge combofix.exe
et mets-le sur ton bureau et pas ailleurs !
Clic sur le menu Démarrer puis Exécuter... et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v awvvw
puis Entrée
Ne touche à rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Poste aussi un nouveau rapport HijackThis.
(merci à Malekal_morte pour la procédure)
Télécharge combofix.exe
et mets-le sur ton bureau et pas ailleurs !
Clic sur le menu Démarrer puis Exécuter... et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v awvvw
puis Entrée
Ne touche à rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Poste aussi un nouveau rapport HijackThis.
ApoZiA - 06-09-04 11:04:05.10
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\ApoZiA\Bureau
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\wvvwa.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))
2006-09-03 09:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-03 09:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-03 09:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-03 09:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-02 04:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-09-01 00:16 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-31 22:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-31 21:44 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-08-31 21:44 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-08-31 21:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-08-31 21:23 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-31 21:21 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-08-31 21:21 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-08-31 21:21 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-08-31 21:21 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-08-31 21:21 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2006-08-31 21:21 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2006-08-31 21:21 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2006-08-31 21:21 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-08-31 21:21 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-08-31 21:21 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-08-31 21:20 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-08-31 21:20 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-08-31 21:20 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-08-31 21:20 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-08-31 21:20 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-08-31 21:20 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-08-31 21:20 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-08-31 21:20 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-08-31 21:20 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-08-31 21:20 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-08-31 21:19 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-08-31 21:19 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-08-31 21:19 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-31 21:19 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-08-31 21:19 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-08-31 21:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-31 21:19 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-08-31 21:19 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2006-08-31 21:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-31 21:19 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-08-31 20:33 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2006-08-31 20:33 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2006-08-31 20:33 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2006-08-31 20:33 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
2006-08-31 20:02 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2006-08-31 20:02 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2006-08-31 19:59 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe
2006-08-31 19:55 65,536 --a------ C:\WINDOWS\system32\hpqactn.dll
2006-08-31 19:55 32,768 --a------ C:\WINDOWS\system32\eabhbrn8.dll
2006-08-31 19:55 3,125,248 --a------ C:\WINDOWS\system32\hpqPres.dll
2006-08-31 19:55 221,184 --a------ C:\WINDOWS\system32\cpqinfo.dll
2006-08-31 19:48 946,176 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-08-31 19:48 946,176 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-08-31 19:48 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-31 19:48 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-31 19:48 57,344 --------- C:\WINDOWS\system32\BCMWLD2K.EXE
2006-08-31 19:48 311,296 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-08-31 19:48 282,624 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-08-31 19:48 282,624 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-08-31 19:48 266,240 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-08-31 19:48 266,240 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-08-31 19:48 262,144 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-31 19:48 221,184 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-08-31 19:48 221,184 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-31 19:48 184,320 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-31 19:48 155,648 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-31 19:48 147,456 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-31 19:48 139,264 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-31 19:48 139,264 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2006-08-31 19:48 106,496 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-31 19:48 102,400 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-31 19:47 868,421 -ra------ C:\WINDOWS\system32\nview.dll
2006-08-31 19:47 73,728 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-31 19:47 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-08-31 19:47 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-08-31 19:47 471,111 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-08-31 19:47 45,126 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-08-31 19:47 4,730,880 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-08-31 19:47 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-08-31 19:47 319,488 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-08-31 19:47 3,854,336 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-31 19:47 3,405,450 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-31 19:47 290,901 -ra------ C:\WINDOWS\system32\keystone.exe
2006-08-31 19:47 266,240 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-08-31 19:47 143,360 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-31 19:47 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-08-31 19:47 1,323,008 -ra------ C:\WINDOWS\system32\dmcpl.exe
2006-08-31 19:46 88,363 -ra------ C:\WINDOWS\AGRSMMSG.exe
2006-08-31 19:46 87,821 -ra------ C:\WINDOWS\system32\Vxdif.dll
2006-08-31 19:46 65,024 -ra------ C:\WINDOWS\agrsmdel.exe
2006-08-31 19:45 98,304 -ra------ C:\WINDOWS\system32\nvugart.exe
2006-08-31 19:45 77,824 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-08-31 19:44 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll
2006-08-31 19:44 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
2006-08-31 19:44 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
2006-08-31 19:44 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
2006-08-31 19:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-31 19:44 380,928 --a------ C:\WINDOWS\SynCor.exe
2006-08-31 19:44 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-08-31 19:44 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-08-31 19:43 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2006-08-31 19:43 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2006-08-31 19:43 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2006-08-31 19:43 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-08-31 19:43 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-08-31 19:43 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-08-31 19:34 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-08-31 19:34 0 -rahs---- C:\MSDOS.SYS
2006-08-31 19:34 0 -rahs---- C:\IO.SYS
2006-08-31 19:34 0 --a------ C:\CONFIG.SYS
2006-08-31 19:34 0 --a------ C:\AUTOEXEC.BAT
2006-08-31 19:31 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-31 19:31 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-08-31 19:31 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-31 19:31 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-31 19:31 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2006-08-31 19:31 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-31 19:31 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-31 19:31 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-31 19:31 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-31 19:31 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-31 19:31 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-31 19:31 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-31 19:31 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-31 19:31 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-31 19:31 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-31 19:31 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-31 19:31 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-31 19:31 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-31 19:31 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-31 19:31 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-31 19:31 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-31 19:31 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-31 19:31 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-31 19:31 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-31 19:31 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-31 19:31 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-31 19:31 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-31 19:31 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-31 19:31 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-31 19:31 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-31 19:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-31 19:31 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-31 19:31 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-08-31 19:31 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-31 19:31 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-31 19:31 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-08-31 19:31 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-31 19:31 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-31 19:31 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-08-31 19:31 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-31 19:31 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-08-31 19:31 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-31 19:31 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-31 19:29 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-08-31 19:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-08-31 19:29 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2006-08-31 19:29 57,344 --a------ C:\WINDOWS\system32\sol.exe
2006-08-31 19:29 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-08-31 19:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-08-31 19:29 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2006-08-31 19:29 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2006-08-31 19:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-08-31 19:29 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-08-31 19:29 115,200 --a------ C:\WINDOWS\system32\calc.exe
2006-08-31 19:28 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-08-31 19:28 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-31 19:28 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-31 19:28 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-31 19:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-31 19:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-31 19:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-31 19:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-31 19:28 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-31 19:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-31 19:28 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-31 19:28 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-31 19:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-31 19:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-31 19:28 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-31 19:28 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-31 19:28 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2006-08-31 19:28 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-31 19:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-08-31 19:28 539,136 --a------ C:\WINDOWS\system32\spider.exe
2006-08-31 19:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-08-31 19:28 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-31 19:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-31 19:28 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-31 19:28 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-31 19:28 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-08-31 19:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-08-31 19:28 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-31 19:28 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-31 19:28 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-31 19:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-08-31 19:28 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-31 19:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-08-31 19:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-08-31 19:28 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-31 19:28 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-08-31 19:28 22,528 --a------ C:\WINDOWS\system32\msg.exe
2006-08-31 19:28 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-31 19:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-08-31 19:28 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-31 19:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-31 19:28 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-31 19:28 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-31 19:28 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-08-31 19:28 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-08-31 19:28 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-31 19:28 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2006-08-31 19:28 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-08-31 19:28 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2006-08-31 19:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-08-31 19:28 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-08-31 19:28 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2006-08-31 19:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-31 19:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-08-31 19:28 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-31 19:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-08-31 19:28 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-31 19:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-31 19:28 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2006-08-31 19:28 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-31 19:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-08-31 19:28 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-31 19:28 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-31 19:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-31 19:28 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-31 19:28 10,240 --a------ C:\WINDOWS\system32\reset.exe
2006-08-31 19:28 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-31 19:28 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-04 10:59 -------- d-------- C:\Program Files\Wanadoo
2006-09-04 10:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 10:57 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-04 10:48 -------- d-------- C:\Program Files\AnAiN-ScRiPt-[V2]
2006-09-04 00:35 -------- d-------- C:\Program Files\MSN Messenger
2006-09-03 23:49 -------- d-------- C:\Program Files\Messenger
2006-09-03 11:25 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\vlc
2006-09-03 10:52 -------- d---s---- C:\Documents and Settings\ApoZiA\Application Data\Microsoft
2006-09-03 02:47 -------- d-------- C:\Program Files\Miranda IM
2006-09-03 02:32 -------- d-------- C:\Program Files\Yahoo!
2006-09-03 01:39 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-03 01:39 -------- d-------- C:\Program Files\Fichiers communs
2006-09-03 01:39 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Real
2006-09-02 09:42 -------- d-------- C:\Program Files\Real
2006-09-02 09:34 -------- d-------- C:\Program Files\WinZip
2006-09-02 07:54 -------- d-------- C:\Program Files\Windows Media Player
2006-09-02 07:40 -------- d-------- C:\Program Files\ESET
2006-09-02 07:26 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Mozilla
2006-09-02 07:13 -------- d-------- C:\Program Files\VideoLAN
2006-09-02 06:53 -------- d-------- C:\Program Files\Zion++
2006-09-02 06:45 -------- d-------- C:\Program Files\CCleaner
2006-09-02 06:27 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-09-02 06:26 -------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2006-09-02 06:26 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\TuneUp Software
2006-09-02 05:28 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Lavasoft
2006-09-02 05:26 -------- d-------- C:\Program Files\Lavasoft
2006-09-02 04:43 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-02 04:41 502208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-01 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-09-01 03:01 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-01 00:17 -------- d-------- C:\Program Files\Internet Explorer
2006-08-31 21:48 -------- d-------- C:\Program Files\Adverts
2006-08-31 21:46 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Style Type
2006-08-31 21:46 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\MultiTestBias
2006-08-31 21:44 -------- d-------- C:\Program Files\Alwil Software
2006-08-31 21:21 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-08-31 21:21 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-08-31 21:19 62 --ahs---- C:\Documents and Settings\ApoZiA\Application Data\desktop.ini
2006-08-31 21:03 -------- d-------- C:\Program Files\Style Type
2006-08-31 21:03 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-08-31 21:00 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-08-31 20:37 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Macromedia
2006-08-31 20:36 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Help
2006-08-31 20:33 -------- d-------- C:\Program Files\Wanadoo Messager
2006-08-31 20:29 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-08-31 20:28 -------- d-------- C:\Program Files\Inventel
2006-08-31 19:59 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-31 19:57 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Sun
2006-08-31 19:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-31 19:56 -------- d-------- C:\Program Files\Sonic
2006-08-31 19:56 -------- d-------- C:\Program Files\RecordNow!
2006-08-31 19:56 -------- d-------- C:\Program Files\Java
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\SureThing Shared
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\Sonic
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\Java
2006-08-31 19:56 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Sonic
2006-08-31 19:55 -------- d-------- C:\Program Files\HPQ
2006-08-31 19:52 -------- d-------- C:\Program Files\InterVideo
2006-08-31 19:49 -------- d-------- C:\Program Files\Adobe
2006-08-31 19:47 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-08-31 19:47 -------- d-------- C:\Program Files\AMD
2006-08-31 19:46 -------- d-------- C:\Program Files\Apoint2K
2006-08-31 19:43 -------- d-------- C:\Program Files\Analog Devices
2006-08-31 19:41 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-31 19:41 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Identities
2006-08-31 19:34 -------- d-------- C:\Program Files\xerox
2006-08-31 19:34 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-31 19:32 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-31 19:32 -------- d-------- C:\Program Files\Services en ligne
2006-08-31 19:31 -------- d-------- C:\Program Files\NetMeeting
2006-08-31 19:31 -------- d-------- C:\Program Files\Movie Maker
2006-08-31 19:31 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-08-31 19:31 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-08-31 19:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-31 19:29 -------- d-------- C:\Program Files\Windows NT
2006-08-31 19:29 -------- d-------- C:\Program Files\Online Services
2006-08-31 19:29 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-31 19:28 -------- d-------- C:\Program Files\MSN
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 12:02 91672 --a------ C:\WINDOWS\system32\drivers\khips.sys
2006-07-18 12:02 284184 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"UpdateManager"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF7EE41391A56373.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
Completion time: 04/09/2006 11:08:43.59
ComboFix.txt
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\ApoZiA\Bureau
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2
C:\WINDOWS\system32\wvvwa.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))
2006-09-03 09:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-03 09:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-03 09:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-03 09:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-02 04:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-09-01 00:16 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-31 22:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-31 21:44 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-08-31 21:44 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-08-31 21:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-08-31 21:23 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-31 21:21 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-08-31 21:21 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-08-31 21:21 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-08-31 21:21 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-08-31 21:21 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2006-08-31 21:21 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2006-08-31 21:21 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2006-08-31 21:21 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2006-08-31 21:21 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2006-08-31 21:21 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2006-08-31 21:21 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-08-31 21:21 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-08-31 21:21 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-08-31 21:20 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-08-31 21:20 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-08-31 21:20 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-08-31 21:20 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-08-31 21:20 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-08-31 21:20 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-08-31 21:20 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-08-31 21:20 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-08-31 21:20 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-08-31 21:20 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-08-31 21:20 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-08-31 21:20 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-08-31 21:20 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-08-31 21:20 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-08-31 21:19 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-08-31 21:19 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-08-31 21:19 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-31 21:19 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-08-31 21:19 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-08-31 21:19 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-08-31 21:19 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-08-31 21:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-31 21:19 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-08-31 21:19 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2006-08-31 21:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-31 21:19 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-08-31 20:33 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2006-08-31 20:33 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2006-08-31 20:33 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2006-08-31 20:33 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
2006-08-31 20:02 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2006-08-31 20:02 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2006-08-31 19:59 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe
2006-08-31 19:55 65,536 --a------ C:\WINDOWS\system32\hpqactn.dll
2006-08-31 19:55 32,768 --a------ C:\WINDOWS\system32\eabhbrn8.dll
2006-08-31 19:55 3,125,248 --a------ C:\WINDOWS\system32\hpqPres.dll
2006-08-31 19:55 221,184 --a------ C:\WINDOWS\system32\cpqinfo.dll
2006-08-31 19:48 946,176 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-08-31 19:48 946,176 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-08-31 19:48 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-31 19:48 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-31 19:48 57,344 --------- C:\WINDOWS\system32\BCMWLD2K.EXE
2006-08-31 19:48 311,296 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-08-31 19:48 282,624 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-08-31 19:48 282,624 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-08-31 19:48 278,528 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-08-31 19:48 274,432 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-08-31 19:48 270,336 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-08-31 19:48 266,240 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-08-31 19:48 266,240 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-08-31 19:48 262,144 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-31 19:48 221,184 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-08-31 19:48 221,184 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-31 19:48 184,320 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-08-31 19:48 176,128 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-31 19:48 172,032 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-31 19:48 167,936 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-31 19:48 163,840 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-31 19:48 159,744 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-31 19:48 155,648 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-31 19:48 147,456 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-31 19:48 139,264 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-31 19:48 139,264 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2006-08-31 19:48 106,496 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-31 19:48 102,400 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-31 19:47 868,421 -ra------ C:\WINDOWS\system32\nview.dll
2006-08-31 19:47 73,728 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-31 19:47 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-08-31 19:47 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-08-31 19:47 471,111 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-08-31 19:47 45,126 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-08-31 19:47 4,730,880 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-08-31 19:47 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-08-31 19:47 319,488 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-08-31 19:47 3,854,336 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-31 19:47 3,405,450 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-31 19:47 290,901 -ra------ C:\WINDOWS\system32\keystone.exe
2006-08-31 19:47 266,240 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-08-31 19:47 143,360 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-31 19:47 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-08-31 19:47 1,323,008 -ra------ C:\WINDOWS\system32\dmcpl.exe
2006-08-31 19:46 88,363 -ra------ C:\WINDOWS\AGRSMMSG.exe
2006-08-31 19:46 87,821 -ra------ C:\WINDOWS\system32\Vxdif.dll
2006-08-31 19:46 65,024 -ra------ C:\WINDOWS\agrsmdel.exe
2006-08-31 19:45 98,304 -ra------ C:\WINDOWS\system32\nvugart.exe
2006-08-31 19:45 77,824 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-08-31 19:44 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll
2006-08-31 19:44 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
2006-08-31 19:44 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
2006-08-31 19:44 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
2006-08-31 19:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-31 19:44 380,928 --a------ C:\WINDOWS\SynCor.exe
2006-08-31 19:44 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-08-31 19:44 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-08-31 19:43 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2006-08-31 19:43 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2006-08-31 19:43 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2006-08-31 19:43 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-08-31 19:43 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-08-31 19:43 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-08-31 19:34 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-08-31 19:34 0 -rahs---- C:\MSDOS.SYS
2006-08-31 19:34 0 -rahs---- C:\IO.SYS
2006-08-31 19:34 0 --a------ C:\CONFIG.SYS
2006-08-31 19:34 0 --a------ C:\AUTOEXEC.BAT
2006-08-31 19:31 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-31 19:31 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-08-31 19:31 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-31 19:31 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-31 19:31 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2006-08-31 19:31 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-31 19:31 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-31 19:31 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-31 19:31 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-31 19:31 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-31 19:31 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-31 19:31 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-31 19:31 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-31 19:31 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-31 19:31 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-31 19:31 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-31 19:31 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-31 19:31 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-31 19:31 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-31 19:31 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-31 19:31 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-31 19:31 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-31 19:31 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-31 19:31 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-31 19:31 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-31 19:31 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-31 19:31 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-31 19:31 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-31 19:31 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-31 19:31 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-31 19:31 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-31 19:31 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-31 19:31 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-08-31 19:31 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-31 19:31 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-31 19:31 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-08-31 19:31 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-31 19:31 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-31 19:31 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-08-31 19:31 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-31 19:31 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-08-31 19:31 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-31 19:31 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-31 19:29 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-08-31 19:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-08-31 19:29 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2006-08-31 19:29 57,344 --a------ C:\WINDOWS\system32\sol.exe
2006-08-31 19:29 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-08-31 19:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-08-31 19:29 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2006-08-31 19:29 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2006-08-31 19:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-08-31 19:29 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-08-31 19:29 115,200 --a------ C:\WINDOWS\system32\calc.exe
2006-08-31 19:28 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-08-31 19:28 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-31 19:28 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-31 19:28 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-31 19:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-31 19:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-31 19:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-31 19:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-31 19:28 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-31 19:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-31 19:28 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-31 19:28 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-31 19:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-31 19:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-31 19:28 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-31 19:28 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-31 19:28 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2006-08-31 19:28 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-31 19:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-08-31 19:28 539,136 --a------ C:\WINDOWS\system32\spider.exe
2006-08-31 19:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-08-31 19:28 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-31 19:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-31 19:28 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-31 19:28 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-31 19:28 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-08-31 19:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-08-31 19:28 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-31 19:28 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-31 19:28 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-31 19:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-08-31 19:28 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-31 19:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-08-31 19:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-08-31 19:28 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-31 19:28 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-08-31 19:28 22,528 --a------ C:\WINDOWS\system32\msg.exe
2006-08-31 19:28 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-31 19:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-08-31 19:28 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-31 19:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-31 19:28 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-31 19:28 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-31 19:28 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-08-31 19:28 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-08-31 19:28 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-31 19:28 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2006-08-31 19:28 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-08-31 19:28 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2006-08-31 19:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-08-31 19:28 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-08-31 19:28 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2006-08-31 19:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-31 19:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-08-31 19:28 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-31 19:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-08-31 19:28 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-31 19:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-31 19:28 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2006-08-31 19:28 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-31 19:28 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-08-31 19:28 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-31 19:28 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-31 19:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-31 19:28 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-31 19:28 10,240 --a------ C:\WINDOWS\system32\reset.exe
2006-08-31 19:28 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-31 19:28 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-04 10:59 -------- d-------- C:\Program Files\Wanadoo
2006-09-04 10:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-04 10:57 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-04 10:48 -------- d-------- C:\Program Files\AnAiN-ScRiPt-[V2]
2006-09-04 00:35 -------- d-------- C:\Program Files\MSN Messenger
2006-09-03 23:49 -------- d-------- C:\Program Files\Messenger
2006-09-03 11:25 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\vlc
2006-09-03 10:52 -------- d---s---- C:\Documents and Settings\ApoZiA\Application Data\Microsoft
2006-09-03 02:47 -------- d-------- C:\Program Files\Miranda IM
2006-09-03 02:32 -------- d-------- C:\Program Files\Yahoo!
2006-09-03 01:39 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-03 01:39 -------- d-------- C:\Program Files\Fichiers communs
2006-09-03 01:39 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Real
2006-09-02 09:42 -------- d-------- C:\Program Files\Real
2006-09-02 09:34 -------- d-------- C:\Program Files\WinZip
2006-09-02 07:54 -------- d-------- C:\Program Files\Windows Media Player
2006-09-02 07:40 -------- d-------- C:\Program Files\ESET
2006-09-02 07:26 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Mozilla
2006-09-02 07:13 -------- d-------- C:\Program Files\VideoLAN
2006-09-02 06:53 -------- d-------- C:\Program Files\Zion++
2006-09-02 06:45 -------- d-------- C:\Program Files\CCleaner
2006-09-02 06:27 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-09-02 06:26 -------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2006-09-02 06:26 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\TuneUp Software
2006-09-02 05:28 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Lavasoft
2006-09-02 05:26 -------- d-------- C:\Program Files\Lavasoft
2006-09-02 04:43 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-02 04:41 502208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-01 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-09-01 03:01 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-01 00:17 -------- d-------- C:\Program Files\Internet Explorer
2006-08-31 21:48 -------- d-------- C:\Program Files\Adverts
2006-08-31 21:46 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Style Type
2006-08-31 21:46 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\MultiTestBias
2006-08-31 21:44 -------- d-------- C:\Program Files\Alwil Software
2006-08-31 21:21 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-08-31 21:21 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-08-31 21:19 62 --ahs---- C:\Documents and Settings\ApoZiA\Application Data\desktop.ini
2006-08-31 21:03 -------- d-------- C:\Program Files\Style Type
2006-08-31 21:03 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-08-31 21:00 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-08-31 20:37 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Macromedia
2006-08-31 20:36 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Help
2006-08-31 20:33 -------- d-------- C:\Program Files\Wanadoo Messager
2006-08-31 20:29 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-08-31 20:28 -------- d-------- C:\Program Files\Inventel
2006-08-31 19:59 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-31 19:57 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Sun
2006-08-31 19:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-31 19:56 -------- d-------- C:\Program Files\Sonic
2006-08-31 19:56 -------- d-------- C:\Program Files\RecordNow!
2006-08-31 19:56 -------- d-------- C:\Program Files\Java
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\SureThing Shared
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\Sonic
2006-08-31 19:56 -------- d-------- C:\Program Files\Fichiers communs\Java
2006-08-31 19:56 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Sonic
2006-08-31 19:55 -------- d-------- C:\Program Files\HPQ
2006-08-31 19:52 -------- d-------- C:\Program Files\InterVideo
2006-08-31 19:49 -------- d-------- C:\Program Files\Adobe
2006-08-31 19:47 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-08-31 19:47 -------- d-------- C:\Program Files\AMD
2006-08-31 19:46 -------- d-------- C:\Program Files\Apoint2K
2006-08-31 19:43 -------- d-------- C:\Program Files\Analog Devices
2006-08-31 19:41 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-31 19:41 -------- d-------- C:\Documents and Settings\ApoZiA\Application Data\Identities
2006-08-31 19:34 -------- d-------- C:\Program Files\xerox
2006-08-31 19:34 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-31 19:32 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-31 19:32 -------- d-------- C:\Program Files\Services en ligne
2006-08-31 19:31 -------- d-------- C:\Program Files\NetMeeting
2006-08-31 19:31 -------- d-------- C:\Program Files\Movie Maker
2006-08-31 19:31 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-08-31 19:31 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-08-31 19:30 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-31 19:29 -------- d-------- C:\Program Files\Windows NT
2006-08-31 19:29 -------- d-------- C:\Program Files\Online Services
2006-08-31 19:29 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-31 19:28 -------- d-------- C:\Program Files\MSN
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 12:02 91672 --a------ C:\WINDOWS\system32\drivers\khips.sys
2006-07-18 12:02 284184 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"UpdateManager"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF7EE41391A56373.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
Completion time: 04/09/2006 11:08:43.59
ComboFix.txt
Logfile of HijackThis v1.99.1
Scan saved at 11:10, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Scan saved at 11:10, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:45, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\TeamScripT4\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Scan saved at 10:45, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\TeamScripT4\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
pour Kerio, as-tu essayé de le réinstaller ?
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O2 - BHO: (no name) - {21174997-A902-4F76-2BC1-2A2513C1D7BB} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
pour Kerio, as-tu essayé de le réinstaller ?
Mon probleme avec kerio c'est arrété comme ça ![:/]( ":/")
. Merci bcp de ton aide . Je te poste un nouveau rapport de HijackThis . Tu pense que je n'ai plus de virus ??? ![:)]( ":)")
Logfile of HijackThis v1.99.1
Scan saved at 23:18, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\TeamScripT4\mirc.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
. Merci bcp de ton aide . Je te poste un nouveau rapport de HijackThis . Tu pense que je n'ai plus de virus ??? Logfile of HijackThis v1.99.1
Scan saved at 23:18, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\TeamScripT4\mirc.exe
C:\Documents and Settings\ApoZiA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumOrdi trop lent , virus
- ForumVirus trop puissant
- ForumAnti virus pas trop gourmand
- ForumAffichage des pages trop lent virus
- ForumOrdinateur portable pas de virus rame trop
- ForumVirus trop bien cache. maday
- ForumOrdi vista demmarage trop long - virus
- ForumVirus,trojan trop corriaces a enlever.
- ForumFirefox prends trop de memoire. virus,trojan
- ForumVirus , pub, trop lent, spywar .
- Voir plus
