TR/Vundo.AJ.5
Dernière réponse : dans Sécurité
Bonjour,
Est-ce que quelqu'un peut me dire comment faire face à ce virus?
Merci beaucoup.
Est-ce que quelqu'un peut me dire comment faire face à ce virus?
Merci beaucoup.
Autres pages sur : vundo
Lassé par la pub ? Créez un compte
Je viens de faire le Hijackthis.
Voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:26, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\benmai\Bureau\VundoFix.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\benmai\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\qommljk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.lessablesdolonne.com/axis2/AxisCamControl.oc...
O20 - Winlogon Notify: qommljk - C:\WINDOWS\SYSTEM32\qommljk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:26, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\benmai\Bureau\VundoFix.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\benmai\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\qommljk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.lessablesdolonne.com/axis2/AxisCamControl.oc...
O20 - Winlogon Notify: qommljk - C:\WINDOWS\SYSTEM32\qommljk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
On va changer d'outil ![:)]( ":)")
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Voilà le rapport
"benmai" - 07-04-04 14:29:08 Service Pack 2
ComboFix 07-04-04.5 - Running from: "C:\Documents and Settings\benmai\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))
2007-04-04 14:04 3,296 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-04 14:03 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-04 14:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-04 14:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-04 14:03 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-04 14:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-04 14:03 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-04 13:13 <REP> d-------- C:\WINDOWS\LastGood
2007-04-04 13:13 <REP> d-------- C:\WINDOWS\Drivers
2007-04-04 13:12 <REP> d-------- C:\Program Files\Navimail
2007-04-04 13:12 <REP> d-------- C:\Program Files\CM93_Ed3
2007-04-04 11:50 <REP> d-------- C:\VundoFix Backups
2007-04-04 11:32 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-04 11:24 <REP> d-------- C:\Program Files\Trojan Remover
2007-04-04 11:24 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Simply Super Software
2007-04-04 11:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-04 11:02 <REP> d-------- C:\Program Files\Informatique & Mer
2007-04-04 10:47 26,694 --a------ C:\WINDOWS\system32\nnnmmmn.dll
2007-04-04 10:45 26,694 --------- C:\WINDOWS\system32\qommljk.dll
2007-04-04 10:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MaxSea International
2007-04-04 10:25 <REP> d-------- C:\Program Files\SafeNet Sentinel
2007-04-04 10:25 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel
2007-04-04 10:24 283,648 --a------ C:\WINDOWS\uninst.exe
2007-04-04 10:22 <REP> d-------- C:\Program Files\MaxSea International
2007-04-03 19:02 <REP> d-------- C:\Movavi files
2007-04-02 17:45 <REP> d-------- C:\Program Files\CR-TEKnologies
2007-04-02 17:24 20,000 --------- C:\WINDOWS\system32\drivers\cmapusb.sys
2007-04-02 17:24 18,013 --------- C:\WINDOWS\system32\drivers\cmap_pc2.sys
2007-04-02 17:24 16,088 --------- C:\WINDOWS\system32\drivers\cmapldr.sys
2007-04-02 17:24 <REP> d-------- C:\Program Files\C-Map
2007-04-02 17:10 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2007-04-02 17:10 61,232 --a------ C:\WINDOWS\SETUP1.EXE
2007-04-02 17:10 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-04-02 14:25 <REP> d-------- C:\Cartes
2007-04-02 13:58 <REP> d-------- C:\WINDOWS\MaxSea
2007-04-02 13:55 <REP> d-------- C:\WINDOWS\system32\?¬
2007-04-02 13:53 11,812 --a------ C:\WINDOWS\system32\drivers\SentEmul.sys
2007-04-02 13:53 <REP> d-------- C:\Program Files\SentEmul
2007-04-02 13:50 61,440 --a------ C:\WINDOWS\system32\Crypserv.exe
2007-04-02 13:50 311,296 --a------ C:\WINDOWS\system32\CMGBase.dll
2007-04-02 13:50 28,518 --a------ C:\WINDOWS\system32\Ckldrv.sys
2007-04-02 13:50 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2007-04-02 13:50 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2007-04-02 13:50 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2007-04-02 13:50 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2007-04-02 13:49 <REP> d-------- C:\WINDOWS\system32\RNBOSENT
2007-04-02 13:47 <REP> d-------- C:\Program Files\I&M
2007-03-26 12:46 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-23 17:50 <REP> d-------- C:\DOCUME~1\benmai\Contacts
2007-03-23 17:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 16:54 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-03-22 16:54 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-03-22 16:41 <REP> d-------- C:\Program Files\EA SPORTS
2007-03-21 16:14 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Media Player Classic
2007-03-21 13:37 843,776 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-21 13:37 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-21 13:37 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2007-03-21 13:37 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-03-17 16:35 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\vlc
2007-03-16 16:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-03-16 16:13 <REP> d-------- C:\Program Files\VideoLAN
2007-03-11 19:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-03-11 10:52 606,848 --a------ C:\WINDOWS\flashax.exe
2007-03-11 10:52 12,288 --a------ C:\WINDOWS\impborl.dll
2007-03-08 22:45 7,340,032 --a------ C:\DOCUME~1\benmai\ntuser.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-04 13:15 -------- d--h----- C:\Program Files\installshield installation information
2007-04-04 12:33 -------- d-------- C:\Program Files\emule
2007-04-04 11:45 64458 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-04-04 11:45 447920 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-04-04 11:42 -------- d-------- C:\Program Files\wanadoo
2007-04-04 10:55 -------- d-------- C:\DOCUME~1\benmai\APPLIC~1\utorrent
2007-03-26 14:49 -------- d-------- C:\Program Files\quicktime
2007-03-23 11:29 -------- d-------- C:\Program Files\everest poker
2007-03-21 13:34 -------- d-------- C:\Program Files\wordbiz
2007-03-21 13:34 -------- d-------- C:\Program Files\winiso
2007-03-21 13:34 -------- d-------- C:\Program Files\pkr
2007-03-21 13:34 -------- d-------- C:\Program Files\philips toucam camera
2007-03-21 13:34 -------- d-------- C:\Program Files\messenger
2007-03-21 13:34 -------- d-------- C:\Program Files\lexmark 3100 series
2007-03-21 13:34 -------- d-------- C:\Program Files\ensemble clavier et souris sans fil labtec
2007-03-16 16:34 -------- d-------- C:\Program Files\real
2007-02-28 18:35 -------- d-------- C:\Program Files\winaspi
2007-02-28 18:20 -------- d-------- C:\Program Files\softwareclub.ws
2007-02-21 16:21 -------- d-------- C:\Program Files\utorrent
2007-02-06 18:15 -------- d-------- C:\Program Files\google
2007-02-05 10:09 -------- d-------- C:\Program Files\java
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AGRSMMSG"="AGRSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CHotkey"="zHotkey.exe"
"ShowWnd"="ShowWnd.exe"
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Activer l'ensemble clavier et souris sans fil Labtec.lnk"
"backup"="C:\\WINDOWS\\pss\\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ENSEMB~1\\MagicKey.exe "
"item"="Activer l'ensemble clavier et souris sans fil Labtec"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AOL 8.0 Icône AOL.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL 8.0 Icône AOL.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOL8~1.0\\aoltray.exe -check"
"item"="AOL 8.0 Icône AOL"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Univ-Tchat.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Univ-Tchat.lnk"
"backup"="C:\\WINDOWS\\pss\\Univ-Tchat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\UNIV-T~1\\UNIV-T~1.EXE /minimized"
"item"="Univ-Tchat"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbrbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudPropShortcut"
"hkey"="HKLM"
"command"="HDAudPropShortcut.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{68218620-3D65-43F6-AD47-D38D84B5412A}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommljk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa96f5e-aec3-11da-ac49-0013d32ecc20}]
Shell\AutoRun\command L:\RunGame.exe
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-04 14:33:47
C:\ComboFix-quarantined-files.txt ... 07-04-04 14:33
"benmai" - 07-04-04 14:29:08 Service Pack 2
ComboFix 07-04-04.5 - Running from: "C:\Documents and Settings\benmai\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))
2007-04-04 14:04 3,296 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-04 14:03 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-04 14:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-04 14:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-04 14:03 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-04 14:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-04 14:03 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-04 13:13 <REP> d-------- C:\WINDOWS\LastGood
2007-04-04 13:13 <REP> d-------- C:\WINDOWS\Drivers
2007-04-04 13:12 <REP> d-------- C:\Program Files\Navimail
2007-04-04 13:12 <REP> d-------- C:\Program Files\CM93_Ed3
2007-04-04 11:50 <REP> d-------- C:\VundoFix Backups
2007-04-04 11:32 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-04 11:24 <REP> d-------- C:\Program Files\Trojan Remover
2007-04-04 11:24 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Simply Super Software
2007-04-04 11:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-04 11:02 <REP> d-------- C:\Program Files\Informatique & Mer
2007-04-04 10:47 26,694 --a------ C:\WINDOWS\system32\nnnmmmn.dll
2007-04-04 10:45 26,694 --------- C:\WINDOWS\system32\qommljk.dll
2007-04-04 10:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MaxSea International
2007-04-04 10:25 <REP> d-------- C:\Program Files\SafeNet Sentinel
2007-04-04 10:25 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel
2007-04-04 10:24 283,648 --a------ C:\WINDOWS\uninst.exe
2007-04-04 10:22 <REP> d-------- C:\Program Files\MaxSea International
2007-04-03 19:02 <REP> d-------- C:\Movavi files
2007-04-02 17:45 <REP> d-------- C:\Program Files\CR-TEKnologies
2007-04-02 17:24 20,000 --------- C:\WINDOWS\system32\drivers\cmapusb.sys
2007-04-02 17:24 18,013 --------- C:\WINDOWS\system32\drivers\cmap_pc2.sys
2007-04-02 17:24 16,088 --------- C:\WINDOWS\system32\drivers\cmapldr.sys
2007-04-02 17:24 <REP> d-------- C:\Program Files\C-Map
2007-04-02 17:10 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2007-04-02 17:10 61,232 --a------ C:\WINDOWS\SETUP1.EXE
2007-04-02 17:10 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-04-02 14:25 <REP> d-------- C:\Cartes
2007-04-02 13:58 <REP> d-------- C:\WINDOWS\MaxSea
2007-04-02 13:55 <REP> d-------- C:\WINDOWS\system32\?¬
2007-04-02 13:53 11,812 --a------ C:\WINDOWS\system32\drivers\SentEmul.sys
2007-04-02 13:53 <REP> d-------- C:\Program Files\SentEmul
2007-04-02 13:50 61,440 --a------ C:\WINDOWS\system32\Crypserv.exe
2007-04-02 13:50 311,296 --a------ C:\WINDOWS\system32\CMGBase.dll
2007-04-02 13:50 28,518 --a------ C:\WINDOWS\system32\Ckldrv.sys
2007-04-02 13:50 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2007-04-02 13:50 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2007-04-02 13:50 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2007-04-02 13:50 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2007-04-02 13:49 <REP> d-------- C:\WINDOWS\system32\RNBOSENT
2007-04-02 13:47 <REP> d-------- C:\Program Files\I&M
2007-03-26 12:46 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-23 17:50 <REP> d-------- C:\DOCUME~1\benmai\Contacts
2007-03-23 17:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 16:54 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-03-22 16:54 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2007-03-22 16:41 <REP> d-------- C:\Program Files\EA SPORTS
2007-03-21 16:14 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Media Player Classic
2007-03-21 13:37 843,776 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-21 13:37 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-21 13:37 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2007-03-21 13:37 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-03-17 16:35 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\vlc
2007-03-16 16:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-03-16 16:13 <REP> d-------- C:\Program Files\VideoLAN
2007-03-11 19:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-03-11 10:52 606,848 --a------ C:\WINDOWS\flashax.exe
2007-03-11 10:52 12,288 --a------ C:\WINDOWS\impborl.dll
2007-03-08 22:45 7,340,032 --a------ C:\DOCUME~1\benmai\ntuser.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-04 13:15 -------- d--h----- C:\Program Files\installshield installation information
2007-04-04 12:33 -------- d-------- C:\Program Files\emule
2007-04-04 11:45 64458 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-04-04 11:45 447920 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-04-04 11:42 -------- d-------- C:\Program Files\wanadoo
2007-04-04 10:55 -------- d-------- C:\DOCUME~1\benmai\APPLIC~1\utorrent
2007-03-26 14:49 -------- d-------- C:\Program Files\quicktime
2007-03-23 11:29 -------- d-------- C:\Program Files\everest poker
2007-03-21 13:34 -------- d-------- C:\Program Files\wordbiz
2007-03-21 13:34 -------- d-------- C:\Program Files\winiso
2007-03-21 13:34 -------- d-------- C:\Program Files\pkr
2007-03-21 13:34 -------- d-------- C:\Program Files\philips toucam camera
2007-03-21 13:34 -------- d-------- C:\Program Files\messenger
2007-03-21 13:34 -------- d-------- C:\Program Files\lexmark 3100 series
2007-03-21 13:34 -------- d-------- C:\Program Files\ensemble clavier et souris sans fil labtec
2007-03-16 16:34 -------- d-------- C:\Program Files\real
2007-02-28 18:35 -------- d-------- C:\Program Files\winaspi
2007-02-28 18:20 -------- d-------- C:\Program Files\softwareclub.ws
2007-02-21 16:21 -------- d-------- C:\Program Files\utorrent
2007-02-06 18:15 -------- d-------- C:\Program Files\google
2007-02-05 10:09 -------- d-------- C:\Program Files\java
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AGRSMMSG"="AGRSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CHotkey"="zHotkey.exe"
"ShowWnd"="ShowWnd.exe"
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Activer l'ensemble clavier et souris sans fil Labtec.lnk"
"backup"="C:\\WINDOWS\\pss\\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ENSEMB~1\\MagicKey.exe "
"item"="Activer l'ensemble clavier et souris sans fil Labtec"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AOL 8.0 Icône AOL.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL 8.0 Icône AOL.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOL8~1.0\\aoltray.exe -check"
"item"="AOL 8.0 Icône AOL"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Univ-Tchat.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Univ-Tchat.lnk"
"backup"="C:\\WINDOWS\\pss\\Univ-Tchat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\UNIV-T~1\\UNIV-T~1.EXE /minimized"
"item"="Univ-Tchat"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbrbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudPropShortcut"
"hkey"="HKLM"
"command"="HDAudPropShortcut.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{68218620-3D65-43F6-AD47-D38D84B5412A}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommljk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa96f5e-aec3-11da-ac49-0013d32ecc20}]
Shell\AutoRun\command L:\RunGame.exe
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-04 14:33:47
C:\ComboFix-quarantined-files.txt ... 07-04-04 14:33
Lassé par la pub ? Créez un compte
