Virtumonde.dll - Ne veux pas s'en aller...

ComboFix 08-07-08.9 - Gilles 2008-07-09 15:01:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.184 [GMT -4:00]
Endroit: E:\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gilles\Mes documents\SCURIT~1
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\nvcoi\nvcoi.exe.lzma
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM2b52553a.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\smante~1
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\afbfemte.ini
C:\WINDOWS\system32\akwdmpwp.ini
C:\WINDOWS\system32\amwikmdk.dll
C:\WINDOWS\system32\aonigtnt.ini
C:\WINDOWS\system32\aoxbpxop.ini
C:\WINDOWS\system32\aunbqilg.ini
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bqialqns.ini
C:\WINDOWS\system32\btjlsbsc.ini
C:\WINDOWS\system32\bwhelbjb.ini
C:\WINDOWS\system32\cnrebsyi.ini
C:\WINDOWS\system32\dbaekqxl.ini
C:\WINDOWS\system32\dcvnhonh.ini
C:\WINDOWS\system32\denehnvf.ini
C:\WINDOWS\system32\eqibuydl.ini
C:\WINDOWS\system32\esdmniue.dll
C:\WINDOWS\system32\f4
C:\WINDOWS\system32\feoijxkb.ini
C:\WINDOWS\system32\gewukcao.ini
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\gnocagbs.ini
C:\WINDOWS\system32\grddmeyu.dll
C:\WINDOWS\system32\grfdhvga.ini
C:\WINDOWS\system32\hfspoulc.exe
C:\WINDOWS\system32\hlimmmwr.ini
C:\WINDOWS\system32\hxwocqox.ini
C:\WINDOWS\system32\iyqurxxk.ini
C:\WINDOWS\system32\jbeidptw.ini
C:\WINDOWS\system32\jcnnvdcv.ini
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\juwcmjru.ini
C:\WINDOWS\system32\kcmapxuj.ini
C:\WINDOWS\system32\ksnxrlxp.exe
C:\WINDOWS\system32\ksuailjn.ini
C:\WINDOWS\system32\kwkvtqiu.exe
C:\WINDOWS\system32\kwxerk.dll
C:\WINDOWS\system32\ladbbsww.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mspdwpan.exe
C:\WINDOWS\system32\muoyflwn.ini
C:\WINDOWS\system32\nevhjwho.ini
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\obhgkgle.ini
C:\WINDOWS\system32\ojibimgq.ini
C:\WINDOWS\system32\optqlyjf.dll
C:\WINDOWS\system32\orvxpngf.exe
C:\WINDOWS\system32\otvggiof.ini
C:\WINDOWS\system32\p6
C:\WINDOWS\system32\p6\kipon89104.exe
C:\WINDOWS\system32\prkdawpm.ini
C:\WINDOWS\system32\pxvukkdb.ini
C:\WINDOWS\system32\qaqtjtbh.ini
C:\WINDOWS\system32\qkcehspe.ini
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qvwrmlfu.ini
C:\WINDOWS\system32\qwhrerlr.exe
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\rahrebek.exe
C:\WINDOWS\system32\rkminmue.ini
C:\WINDOWS\system32\rxvyyylk.ini
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\s?stem32\
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\udgplw.dll
C:\WINDOWS\system32\ugdjpbcy.ini
C:\WINDOWS\system32\unuhadfe.ini
C:\WINDOWS\system32\urimgpvs.ini
C:\WINDOWS\system32\uyemddrg.ini
C:\WINDOWS\system32\vbpgfcud.ini
C:\WINDOWS\system32\vwvgutgt.ini
C:\WINDOWS\system32\wctspttw.ini
C:\WINDOWS\system32\wfoundxu.ini
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wqafwmmy.ini
C:\WINDOWS\system32\wrbftjbn.ini
C:\WINDOWS\system32\xdonepje.ini
C:\WINDOWS\system32\xtlgmppo.ini
C:\WINDOWS\system32\ybionakq.ini
C:\WINDOWS\system32\yfvdxpjh.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes
2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 14:50 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 14:50 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 13:31 . 2008-07-09 13:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-09 13:09 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-09 13:05 . 2008-07-09 13:05 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\ESET
2008-07-09 13:02 . 2008-07-09 13:02 <REP> d-------- C:\Program Files\ESET
2008-07-09 13:02 . 2008-07-09 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-09 11:33 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-09 11:33 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-09 11:33 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-09 11:33 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-03 20:32 . 2008-07-04 15:33 <REP> d-------- C:\Program Files\Advanced StartUp Manager
2008-07-03 17:27 . 2008-07-04 16:13 <REP> d-------- C:\VundoFix Backups
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-02 13:03 . 2004-10-01 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-02 13:03 . 2004-10-01 06:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-02 13:03 . 2008-07-02 13:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-30 19:09 . 2008-07-04 15:09 953 --a------ C:\WINDOWS\wininit.ini
2008-06-30 17:34 . 2008-07-04 15:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 17:34 . 2008-07-04 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 17:22 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-30 17:22 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-30 17:22 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-30 17:22 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-15 08:47 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 20:40 . 2008-06-11 20:40 280 --a------ C:\WINDOWS\system32\PDBootState

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 17:36 --------- d-----w C:\Documents and Settings\Gilles\Application Data\AppDate
2008-06-27 14:48 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\AppDate
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 01:12 --------- d-----w C:\Documents and Settings\Gilles\Application Data\U3
2008-05-17 15:44 --------- d-----w C:\Program Files\ProtectionAssuree
2008-05-17 15:37 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-14 01:56 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-14 01:56 --------- d--h--r C:\Documents and Settings\Gilles\Application Data\SecuROM
2008-05-14 01:33 --------- d-----w C:\Program Files\Ubisoft
2008-05-14 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 15:00 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-05-11 01:39 --------- d--h--r C:\Documents and Settings\Jean-Philippe\Application Data\SecuROM
2008-05-11 00:59 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\Ubisoft
2008-05-11 00:59 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\InstallShield Installation Information
2008-05-09 18:38 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\Bell
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 12:59 34,304 ----a-w C:\Documents and Settings\Gilles\Application Data\mllmmmli.dll
2006-12-13 22:53 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0342DC01-1049-4859-8B4F-EF27A13C9C22}]
2008-02-20 08:59 34304 --a------ C:\WINDOWS\jkkjkkjg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 16:51 68856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-05 18:38 118784]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 12:33 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 12:33 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 12:33 13552]
"opnnmkkifc"="C:\WINDOWS\system32\vtursrqn.dll" [2008-02-20 08:59 34304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"mljkkjklif"="C:\WINDOWS\jkkjkkjg.dll" [2008-02-20 08:59 34304]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 14:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 12:33 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"MSACM.MI-SC4"= MI-SC4.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli C:\Documents and Settings\Gilles\Application Data\mllmmmli.dll C:\Documents and Settings\Gilles\Application Data\mllmmmli.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [2003-12-02 13:26]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 12:52]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 12:33]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69b91abc-2660-11dd-a520-000d616d7035}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9389c950-dd5d-11dc-a4b4-000d616d7035}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de9d1fbc-4b20-11db-a040-000d616d7035}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-27 12:01:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{2D913B82-C06C-4AF6-AB62-B7AD2F4E9D8F} - C:\WINDOWS\system32\vturq.dll
BHO-{3D636C8D-CF62-4D3A-A439-2ECDD29DEDD6} - C:\WINDOWS\system32\geebb.dll
BHO-{477AF7FC-2E7B-4B63-8AD9-351031F4424B} - C:\WINDOWS\system32\pmnnn.dll
BHO-{67F57349-02DC-4366-9913-0BA03ADDCFFF} - C:\WINDOWS\system32\sstts.dll
BHO-{800C53CD-9618-4326-BB3E-A88B683FA796} - C:\WINDOWS\system32\ssttt.dll
BHO-{87532D78-731A-4470-8262-3365CE509397} - C:\WINDOWS\system32\awtst.dll
BHO-{A811C9BD-BEE9-48F8-8032-B7CE1DCDF125} - C:\WINDOWS\system32\awvtq.dll
BHO-{C6D2C5AB-86A8-460B-BD21-406B60896D9C} - C:\WINDOWS\system32\gebya.dll
BHO-{FCDF14BD-C6C5-4234-8698-36537C9F9F99} - C:\WINDOWS\system32\ddcca.dll
BHO-{FD819591-C222-4C89-A106-43B970F8BFB7} - C:\WINDOWS\system32\ddcyy.dll
HKLM-Run-286166a6 - C:\WINDOWS\system32\grddmeyu.dll
HKLM-Run-BM2b52553a - C:\WINDOWS\system32\amwikmdk.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:15:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Documents and Settings\Gilles\Application Data\mllmmmli.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 15:22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 19:22:35

Pre-Run: 45,087,985,664 octets libres
Post-Run: 45,578,813,440 octets libres

323 --- E O F --- 2008-06-21 01:59:44

ComboFix 08-07-08.9 - Gilles 2008-07-09 15:45:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.151 [GMT -4:00]
Endroit: C:\Documents and Settings\Gilles\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gilles\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\nod32fixtemdono.reg
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gilles\Application Data\mllmmmli.dll
C:\WINDOWS\BM2b52553a.xml
C:\WINDOWS\jkkjkkjg.dll
C:\WINDOWS\nod32fixtemdono.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 15:22 . 2008-07-09 15:22 <REP> d-------- C:\Documents and Settings\Louis-André
2008-07-09 15:22 . <REP> C:\Documents and Settings\Louis-AndrÚ\Local Settings
2008-07-09 15:22 . <REP> C:\Documents and Settings\Louis-AndrÚ\Local Settings
2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes
2008-07-09 14:50 . 2008-07-09 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 14:50 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 14:50 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 13:31 . 2008-07-09 13:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-09 13:05 . 2008-07-09 13:05 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\ESET
2008-07-09 13:02 . 2008-07-09 13:02 <REP> d-------- C:\Program Files\ESET
2008-07-09 13:02 . 2008-07-09 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-09 11:33 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-09 11:33 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-09 11:33 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-09 11:33 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-03 20:32 . 2008-07-04 15:33 <REP> d-------- C:\Program Files\Advanced StartUp Manager
2008-07-03 17:27 . 2008-07-04 16:13 <REP> d-------- C:\VundoFix Backups
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-02 13:03 . 2004-10-01 11:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-02 13:03 . 2004-10-01 06:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-02 13:03 . 2004-10-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-02 13:03 . 2008-07-02 13:03 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-30 19:09 . 2008-07-04 15:09 953 --a------ C:\WINDOWS\wininit.ini
2008-06-30 17:34 . 2008-07-04 15:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 17:34 . 2008-07-04 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 17:22 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-30 17:22 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-30 17:22 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-30 17:22 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-15 08:47 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 20:40 . 2008-06-11 20:40 280 --a------ C:\WINDOWS\system32\PDBootState

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 17:36 --------- d-----w C:\Documents and Settings\Gilles\Application Data\AppDate
2008-06-27 14:48 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\AppDate
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 01:12 --------- d-----w C:\Documents and Settings\Gilles\Application Data\U3
2008-05-17 15:44 --------- d-----w C:\Program Files\ProtectionAssuree
2008-05-14 01:56 --------- d--h--r C:\Documents and Settings\Gilles\Application Data\SecuROM
2008-05-14 01:33 --------- d-----w C:\Program Files\Ubisoft
2008-05-14 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 15:00 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-05-11 01:39 --------- d--h--r C:\Documents and Settings\Jean-Philippe\Application Data\SecuROM
2008-05-11 00:59 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\Ubisoft
2008-05-11 00:59 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\InstallShield Installation Information
2008-05-09 18:38 --------- d-----w C:\Documents and Settings\Jean-Philippe\Application Data\Bell
2006-12-13 22:53 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-09_15.21.40.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 19:14:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 19:49:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 16:51 68856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-05 18:38 118784]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 12:33 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33 2061816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 12:33 311024]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 12:33 13552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 14:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 12:33 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"MSACM.MI-SC4"= MI-SC4.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 13:33]
R2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [2003-12-02 13:26]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 12:52]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 12:33]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69b91abc-2660-11dd-a520-000d616d7035}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9389c950-dd5d-11dc-a4b4-000d616d7035}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de9d1fbc-4b20-11db-a040-000d616d7035}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-27 12:01:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:50:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 15:56:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 19:56:39
ComboFix2.txt 2008-07-09 19:22:42

Pre-Run: 45,591,056,384 octets libres
Post-Run: 45,579,636,736 octets libres

187 --- E O F --- 2008-06-21 01:59:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:27, on 2008-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.gamesmania.com/ExentCtl.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_1...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 8817 bytes