Bonsoir à tous,

Voila depuis quelques jours j'ai un problème avec plusieurs trojans.

Voici le rapport hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:39, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\zkpkxatm\xcbylkjw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lmvuxqxk.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Razer\CopperHead\razertra.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HJT\ptoe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funradio.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\CopperHead\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [strcom] C:\WINDOWS\system32\baxmvyda.exe
O4 - HKCU\..\Run: [strmnt] C:\WINDOWS\system32\lmvuxqxk.exe
O4 - HKCU\..\Run: [uish] C:\WINDOWS\system32\kjwbgnwp.exe
O4 - HKLM\..\Policies\Explorer\Run: [cG7m1Mec1d] C:\Documents and Settings\All Users\Application Data\zkpkxatm\xcbylkjw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O21 - SSODL: webapimnt - {0B0FAC0F-3FA7-FFCB-D290-0AB24F151918} - C:\Program Files\hjvgnoc\webapimnt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10020 bytes


merci de m'aider car après plusieurs cout de ad-aware SpybotSD trojansremover et zonealarm je n'arrive toujours pas a les faire partir...

nxs91.

Bonjour,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

• ferme toutes les applications et fenêtres
• double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

• s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
• tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

• quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
• quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

• copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
• copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
• n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

• crée un point de restauration dans Windows XP et Vista
• nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
• vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

je te post les rapport

RAPPORT MAIN.TXT:

Deckard's System Scanner v20071014.68
Run by Kaos on 2008-07-29 23:13:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-07-29 21:14:07 UTC - RP166 - Deckard's System Scanner Restore Point
23: 2008-07-29 16:33:16 UTC - RP165 - Installé Ad-Aware
22: 2008-07-28 18:22:19 UTC - RP164 - Point de vérification système
21: 2008-07-26 17:15:26 UTC - RP163 - Point de vérification système
20: 2008-07-25 16:04:52 UTC - RP162 - Point de vérification système


-- First Restore Point --
1: 2008-07-05 15:08:40 UTC - RP143 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 3.13 GiB (less than 15%) free.[/color]


-- HijackThis (run as Kaos.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:04, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\zkpkxatm\xcbylkjw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lmvuxqxk.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Razer\CopperHead\razertra.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kaos\Bureau\dss.exe
C:\HJT\Kaos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funradio.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\CopperHead\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [strcom] C:\WINDOWS\system32\baxmvyda.exe
O4 - HKCU\..\Run: [strmnt] C:\WINDOWS\system32\lmvuxqxk.exe
O4 - HKCU\..\Run: [uish] C:\WINDOWS\system32\kjwbgnwp.exe
O4 - HKLM\..\Policies\Explorer\Run: [cG7m1Mec1d] C:\Documents and Settings\All Users\Application Data\zkpkxatm\xcbylkjw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O21 - SSODL: webapimnt - {0B0FAC0F-3FA7-FFCB-D290-0AB24F151918} - C:\Program Files\hjvgnoc\webapimnt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9616 bytes

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20071119-203023-181 O2 - BHO: {9ffc4858-f2d5-ea6b-a804-d7a144e60704} - {40706e44-1a7d-408a-b6ae-5d2f8584cff9} - C:\WINDOWS\system32\wsfdkqct.dll (file missing)
backup-20071119-203023-213 O20 - Winlogon Notify: mljkhii - C:\WINDOWS\
backup-20071119-203023-264 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071119-203023-553 O4 - HKLM\..\Run: [kfklsnsf] rundll32.exe "C:\Program Files\kfklsnsf\szaxuncz.dll",Init
backup-20071119-203023-688 O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
backup-20071119-203023-731 O2 - BHO: (no name) - {C2FF713D-4855-436E-9D41-929B2A7335C4} - (no file)
backup-20071119-203023-820 O4 - HKLM\..\Run: [183e1e9f] rundll32.exe "C:\WINDOWS\system32\rkmyjovd.dll",b
backup-20071119-203023-916 O2 - BHO: (no name) - {8ED2EE63-44E2-46A6-8BB4-E486F5F22EF4} - (no file)
backup-20071119-203023-990 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

[COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\Icons\BluePlasticIcons\Blue Plastic Icons.icl,47[/COLOR]
[COLOR=red].ini - inifile - DefaultIcon - C:\WINDOWS\Icons\BluePlasticIcons\Blue Plastic Icons.icl,44[/COLOR]
[COLOR=red].txt - txtfile - DefaultIcon - C:\WINDOWS\Icons\BluePlasticIcons\Blue Plastic Icons.icl,42[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
R3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>

S3 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
S3 psdfilter - c:\windows\system32\drivers\psdfilter.sys (file missing)
S3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys (file missing)
S3 se58bus (Sony Ericsson Device 088 driver (WDM)) - c:\windows\system32\drivers\se58bus.sys <Not Verified; MCCI; Sony Ericsson Device 088>
S3 se58mdfl (Sony Ericsson Device 088 USB WMC Modem Filter) - c:\windows\system32\drivers\se58mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Modem Filter Driver>
S3 se58mdm (Sony Ericsson Device 088 USB WMC Modem Driver) - c:\windows\system32\drivers\se58mdm.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Data Modem>
S3 se58mgmt (Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se58mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC Device Management>
S3 se58nd5 (Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)) - c:\windows\system32\drivers\se58nd5.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB Ethernet Emulation>
S3 se58obex (Sony Ericsson Device 088 USB WMC OBEX Interface) - c:\windows\system32\drivers\se58obex.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB WMC OBEX Interface>
S3 se58unic (Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)) - c:\windows\system32\drivers\se58unic.sys <Not Verified; MCCI; Sony Ericsson Device 088 USB Ethernet Emulation>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZD1211U(ZyDAS) (ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211u.sys <Not Verified; ZyDAS Technology Corporation; ZD1211 802.11b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\fichiers communs\portrait displays\shared\dtsrvc.exe
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S3 FLEXnet Licensing Service - "c:\program files\fichiers communs\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 PACSPTISVR - "c:\program files\fichiers communs\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-29 23:00:00 502 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 20:18:45 144 --ah----- C:\aaw7boot.cmd
2008-07-29 18:33:19 0 d-------- C:\Program Files\Lavasoft
2008-07-29 18:33:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 18:07:35 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-29 18:06:18 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-29 18:06:18 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-29 18:06:18 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-07-29 18:06:18 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-29 18:06:17 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-29 18:06:12 0 d-------- C:\Program Files\Trojan Remover
2008-07-29 18:06:12 0 d-------- C:\Documents and Settings\Kaos\Application Data\Simply Super Software
2008-07-29 18:06:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-29 16:15:31 0 d-------- C:\Documents and Settings\Kaos\Application Data\MailFrontier
2008-07-29 13:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-29 13:35:55 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-29 13:35:43 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-07-29 13:35:32 3763232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-29 13:34:24 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-29 13:33:52 0 d-------- C:\WINDOWS\Internet Logs
2008-07-29 00:28:07 0 d---s---- C:\Program Files\HLSW
2008-07-29 00:28:07 0 d-------- C:\Documents and Settings\Kaos\Application Data\HLSW
2008-07-28 12:54:21 81920 --a------ C:\WINDOWS\system32\kjwbgnwp.exe
2008-07-28 00:57:31 0 d-------- C:\WINDOWS\AU_Temp
2008-07-27 10:39:19 0 --a------ C:\VAC2.dll
2008-07-27 10:37:00 12288 --a------ C:\Dumper.dll
2008-07-25 15:42:14 94208 --a------ C:\WINDOWS\system32\lmvuxqxk.exe
2008-07-24 15:54:12 0 d-------- C:\Program Files\PC-Antispy
2008-07-24 14:07:28 0 d-------- C:\Program Files\hjvgnoc
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-07-24 14:07:27 0 d-------- C:\WINDOWS\system32\smp
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-07-24 14:07:27 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-07-24 14:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\zkpkxatm
2008-07-24 14:07:19 102400 --a------ C:\WINDOWS\system32\baxmvyda.exe
2008-07-23 03:19:43 0 d--h----- C:\WINDOWS\PIF
2008-07-13 21:24:31 0 d-------- C:\Documents and Settings\Kaos\Application Data\Mumble
2008-07-13 21:23:42 0 d-------- C:\Program Files\Mumble


-- Find3M Report ---------------------------------------------------------------

2008-07-29 21:35:12 0 d-------- C:\Program Files\Steam
2008-07-29 18:32:38 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-29 16:16:15 476284 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-29 16:16:15 78148 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-29 13:34:16 0 d-------- C:\Documents and Settings\Kaos\Application Data\Azureus
2008-07-29 00:31:16 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-28 00:58:14 71749 --a------ C:\WINDOWS\hcextoutput.dll
2008-07-25 04:51:35 0 d-------- C:\Documents and Settings\Kaos\Application Data\LimeWire
2008-07-16 15:15:33 0 d-------- C:\Program Files\World of Warcraft
2008-07-07 02:27:02 0 d-------- C:\Program Files\LimeWire
2008-07-03 01:10:31 0 d-------- C:\Program Files\Azureus
2008-07-01 10:34:15 0 d-------- C:\Documents and Settings\Kaos\Application Data\teamspeak2
2008-06-20 22:57:22 0 d-------- C:\Documents and Settings\Kaos\Application Data\Real
2008-06-20 22:55:52 0 d-------- C:\Program Files\Fichiers communs
2008-06-20 22:55:52 0 d-------- C:\Program Files\Fichiers communs\xing shared
2008-06-20 22:55:49 0 d-------- C:\Program Files\Fichiers communs\Real
2008-06-20 22:55:38 0 d-------- C:\Program Files\Real
2008-06-09 16:04:28 0 d-------- C:\Program Files\Tortun
2008-06-06 10:33:23 0 d-------- C:\Documents and Settings\Kaos\Application Data\Mozilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01:19]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 15:21]
"razer"="C:\Program Files\Razer\CopperHead\razerhid.exe" [16/08/2005 16:21]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [20/06/2008 22:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/07/2008 09:05]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [26/07/2008 21:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [20/06/2008 09:23]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 20:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 22:00]
"strcom"="C:\WINDOWS\system32\baxmvyda.exe" [24/07/2008 14:07]
"strmnt"="C:\WINDOWS\system32\lmvuxqxk.exe" [25/07/2008 15:42]
"uish"="C:\WINDOWS\system32\kjwbgnwp.exe" [28/07/2008 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\Kaos\Menu D‚marrer\Programmes\D‚marrage\
.security [26/07/2008 17:42:02]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
.security [26/07/2008 17:42:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"cG7m1Mec1d"=C:\Documents and Settings\All Users\Application Data\zkpkxatm\xcbylkjw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"webapimnt"= {0B0FAC0F-3FA7-FFCB-D290-0AB24F151918} - C:\Program Files\hjvgnoc\webapimnt.dll [24/07/2008 14:07 122880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9348d0-d9fc-11dc-8a6c-00192155baab}]
AutoRun\command- K:\ybj8df.exe
explore\Command- K:\ybj8df.exe
open\Command- K:\ybj8df.exe

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8930 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-29 23:16:57 ------------

RAPPORT EXTRA.TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 655.58 MiB
Pagefile Memory (total/avail): 2461.2 MiB / 2020.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.97 MiB

C: is Fixed (NTFS) - 113.27 GiB total, 3.13 GiB free.
D: is Fixed (FAT32) - 113.73 GiB total, 113.72 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDT722525DLA380 - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 5.85 GiB
\PARTITION1 (bootable) - Système de fichiers installable - 113.27 GiB - C:
\PARTITION2 - Unknown - 113.76 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.483.000 (Check Point, LTD.) [COLOR=RED]Disabled[/COLOR]
AV: ZoneAlarm Security Suite Antivirus v7.0.483.000 (Check Point, LTD.) [COLOR=RED]Disabled[/COLOR]
AV: avast! antivirus 4.8.1201 [VPS 080729-0] v4.8.1201 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\DOCUME~1\\Kaos\\LOCALS~1\\Temp\\win28.exe"="C:\\DOCUME~1\\Kaos\\LOCALS~1\\Temp\\win28.exe:*:Enabled:win28"
"C:\\WINDOWS\\system32\\ycwospta.exe"="C:\\WINDOWS\\system32\\ycw"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\Steam\\steamapps\\westindy\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\westindy\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Alerte rouge2\\Game.exe"="C:\\Alerte rouge2\\Game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:UT3"
"C:\\Program Files\\Steam\\steamapps\\westindy\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\westindy\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Games\\Paintball2\\paintball2.exe"="C:\\Games\\Paintball2\\paintball2.exe:*:Enabledaintball2"
"C:\\Program Files\\Steam\\steamapps\\westindy\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\westindy\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Tortun\\gui.exe"="C:\\Program Files\\Tortun\\gui.exe:*:Enabled:gui"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kaos\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ACER-7989E0343A
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kaos
LOGONSERVER=\\ACER-7989E0343A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Satsuki Decoder Pack\filtres;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625;C:\Program Files\Fichiers communs\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kaos\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kaos\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ACER-7989E0343A
USERNAME=Kaos
USERPROFILE=C:\Documents and Settings\Kaos
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kaos [I](admin)[/I]
Administrateur [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer WLAN 11g USB Dongle --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1036
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\In