Tu trouveras les deux logs demandés: Combofix d'abord, Hijackthis ensuite
J'espère que cela t'aidera.
ComboFix 07-10-04.5 - AXU 2007-10-04 19:28:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.976 [GMT 2:00]
Running from: C:\Documents and Settings\axu\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\axu\Application Data\ICROSO~1.NET
C:\Documents and Settings\axu\Application Data\PPPATC~1
C:\Documents and Settings\axu\Application Data\STEM32~1
C:\Program Files\Common Files\{3023D~1
C:\Program Files\Common Files\{3023D~1\UnInstall.exe
C:\Program Files\Common Files\{B023D~1
C:\Program Files\Common Files\{B023D~1\system.dll
C:\Program Files\Common Files\{B023D~1\Update.exe
C:\Program Files\Common Files\icroso~1
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\wapiicomsv32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.
2007-10-04 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 17:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-04 17:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-04 17:41 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-04 17:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-04 17:41 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-04 17:16 <DIR> d-------- C:\smitfraudfix
2007-10-04 17:13 <DIR> d-------- C:\HijackThis
2007-10-03 17:34 <DIR> d-------- C:\cygwin
2007-10-01 11:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DassaultSystemes
2007-10-01 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hummingbird
2007-10-01 11:04 <DIR> d-------- C:\Program Files\Hummingbird
2007-09-30 11:55 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-09-30 11:55 <DIR> d-------- C:\Program Files\Album Cover Finder
2007-09-28 19:35 <DIR> d-------- C:\Program Files\Microsoft Money Plus
2007-09-28 01:13 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2007-09-28 01:12 304,128 --a------ C:\WINDOWS\unin040c.exe
2007-09-28 01:05 <DIR> d-------- C:\Documents and Settings\axu\Application Data\MechCAD
2007-09-27 01:03 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-09-27 01:03 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-09-27 01:03 <DIR> d-------- C:\Documents and Settings\axu\Application Data\Intuit
2007-09-27 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-09-26 00:29 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2007-09-26 00:09 <DIR> d-------- C:\Program Files\foobar2000
2007-09-26 00:09 <DIR> d-------- C:\Documents and Settings\axu\Application Data\foobar2000
2007-09-24 20:22 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE
2007-09-24 20:22 <DIR> d-------- C:\Program Files\JPEG Recovery
2007-09-24 19:43 <DIR> d-------- C:\Program Files\Digital Picture Recovery
2007-09-24 18:21 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2007-09-23 19:19 <DIR> d-------- C:\Program Files\iTunes
2007-09-23 19:19 <DIR> d-------- C:\Program Files\iPod
2007-09-23 19:17 <DIR> d-------- C:\Program Files\QuickTime
2007-09-23 19:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-23 19:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-07 21:50 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 19:35 --------- d-------- C:\Documents and Settings\axu\Application Data\Azureus
2007-10-04 19:07 --------- d-------- C:\Documents and Settings\axu\Application Data\Skype
2007-10-04 18:06 5752 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 11:46 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 11:44 30601 --a------ C:\WINDOWS\java\x.exe
2007-10-04 11:44 --------- d-------- C:\Program Files\VisualRoute
2007-10-04 10:17 --------- d-------- C:\Program Files\Nortel Networks
2007-10-01 11:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-09-30 22:50 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 22:50 --------- d-------- C:\Program Files\Subtitle Workshop
2007-09-30 22:50 --------- d-------- C:\Program Files\Common Files\Real
2007-09-30 22:50 --------- d-------- C:\Program Files\CDBurnerXP Pro 3
2007-09-30 22:50 --------- d-------- C:\Documents and Settings\axu\Application Data\dvdcss
2007-09-28 11:29 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-28 09:50 --------- d-------- C:\Documents and Settings\axu\Application Data\U3
2007-09-20 23:07 --------- d-------- C:\Program Files\Common Files\Ahead
2007-09-20 23:07 --------- d-------- C:\Documents and Settings\axu\Application Data\Ahead
2007-09-17 12:11 --------- d-------- C:\Program Files\Dassault Systemes
2007-09-05 22:16 --------- d-------- C:\Program Files\Azureus
2007-08-26 15:11 --------- d-------- C:\Documents and Settings\axu\Application Data\Samsung
2007-08-26 15:06 --------- d-------- C:\Program Files\Samsung
2007-08-23 00:47 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-08-23 00:47 286720 --------- C:\WINDOWS\Setup1.exe
2007-08-22 09:21 --------- d-------- C:\Program Files\Common Files\Skype
2007-08-21 19:17 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-21 19:12 --------- d-------- C:\Program Files\Skype
2007-08-21 19:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-08-20 12:00 --------- d-------- C:\Documents and Settings\axu\Application Data\firstdaleeach
2007-08-16 21:05 --------- d-------- C:\Program Files\Google
2007-08-14 21:17 --------- d-------- C:\Documents and Settings\All Users\Application Data\does dog two city
2007-08-06 23:57 --------- d-------- C:\Program Files\Polar
2007-07-04 19:15 52809 --a------ C:\WINDOWS\UN_CODA.EXE
2007-01-19 11:03 24192 --a------ C:\Documents and Settings\axu\usbsermptxp.sys
2007-01-19 11:03 22768 --a------ C:\Documents and Settings\axu\usbsermpt.sys
2006-05-29 12:14 36352 --a------ C:\Program Files\wc.exe
2006-05-29 12:12 86016 --a------ C:\Program Files\pslist.exe
2006-05-29 12:12 51200 --a------ C:\Program Files\grep.exe
2006-05-29 12:12 36352 --a------ C:\Program Files\kill.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04DCB78C-AB45-83AD-A86A-6DFB90277939}]
C:\Program Files\psquery\psquery.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 15:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 15:16]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 02:22]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 C:\WINDOWS\system32\TpShocks.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 21:00]
"frymxins"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" []
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 16:08]
"NuTCSetupEnviron"="C:\PROGRA~1\mksnt\bin\ncoeenv.exe" [2002-04-25 17:25]
"SwPrnMon"="C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [2006-01-11 15:26]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl]
"FWConfig"="c:\windows\FirewallWifiConfiguration.vbs" [2006-05-18 12:47]
"Sysnetdrv"="c:\windows\system32\sysnetdrv.exe" [2006-05-29 12:12]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2007-01-08 20:20]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 05:01]
"DkAutoReg.exe"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [2003-10-08 19:04]
"DkStartup"="C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [2003-10-08 19:12]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00]
"DSXTools"="C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe" [2007-01-22 14:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"two city internet heck"="C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe" [2007-10-04 18:50]
"Mail surf file heck"="C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 17:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2006-06-02 23:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-04-22 19:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2007-02-13 02:31:26]
Yahoo! Desktop Search System Tray.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe [2007-01-31 13:04:35]
Yahoo! Desktop Search.lnk - C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe [2007-01-31 13:04:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{04DCB78C-AB45-83AD-A86A-6DFB90277939}"= C:\Program Files\psquery\psquery.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=mac_addre.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=\\ds\SysVol\ds\scripts\dsy\AddLocalAdminForSMS.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=\\ds\SysVol\ds\scripts\dsy\CheckSvcsAndGrp.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
"Script"=AddLocalAdmin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-842925246-2139871995-725345543-28849\Scripts\Logon\0\0]
"Script"=\\ds\SysVol\ds\scripts\Password_Reset_check.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R2 BBDemon;Backbone Service;"E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe" -service
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 LaunchCommandServer;LaunchCommandServer;c:\ReleaseManager\code\bin\LaunchCommandServer.exe
R2 MKSAUTH;MKSAUTH;C:\WINDOWS\system32\mksauth.exe
R2 MKSSecureSH;MKS Secure Shell Service;"C:\Program Files\mksnt\bin\secshd.exe"
R2 MKSTelnetd;MKS Telnetd;C:\WINDOWS\system32\telnetd.exe
R2 ntrtscan;OfficeScanNT RealTime Scan;"C:\OfficeScan NT\ntrtscan.exe"
R2 NuTCRACKERService;NuTCRACKER Service;C:\WINDOWS\system32\nutsrv4.exe
R2 ReleaseClient;ReleaseClient;c:\ReleaseManager\code\bin\ReleaseClient.exe
R2 tmlisten;OfficeScanNT Listener;"C:\OfficeScan NT\tmlisten.exe"
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\OfficeScan NT\TmPreFlt.sys
R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys
R3 iKeyEnum;Rainbow iKey Enumerator;C:\WINDOWS\system32\DRIVERS\ikeyenum.sys
R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\WINDOWS\system32\DRIVERS\ikeyifd.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 IBM LUM NDL;IBM Nodelock License Server;C:\IFOR\WIN\BIN\I4LLMD.EXE
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 Oracleoracle920ClientCache;Oracleoracle920ClientCache;C:\ora920\BIN\ONRSD.EXE
S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys
S3 psquery;psquery;\??\C:\Program Files\psquery\psquery.sys
S3 RnbToken;Rainbow iKey Token Service;C:\WINDOWS\system32\DRIVERS\rnbtoken.sys
S3 RshSvc;Remote Shell Service;C:\WINDOWS\system32\rshsvc.exe
S4 IBM LUM CR;IBM Central Registry License Server;C:\IFOR\WIN\BIN\I4GDB.EXE
S4 IBM LUM LMD;IBM Network License Server;C:\IFOR\WIN\BIN\I4LMD.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e462f2f4-cb04-11db-8174-444553544200}]
AutoRun\command- D:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\3DSExchange{99D8560D-C53B-4F83-B878-A264A501B971}]
wscript.exe //nologo "C:\WINDOWS\Outlook-UserAccountActivate.vbs"
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 17:00:00 C:\WINDOWS\Tasks\82D24F0C9EF1FCD8.job"
"2007-09-26 11:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 19:38:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-04 19:41:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 19:41
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42, on 2007-10-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DkLog.exe
c:\ReleaseManager\code\bin\LaunchCommandServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\ReleaseManager\code\bin\ReleaseClient.exe
C:\WINDOWS\system32\SCardSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\mksnt\bin\secshd.exe
C:\WINDOWS\system32\telnetd.exe
C:\WINDOWS\TEMP\UO9314.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system32\sysnetdrv.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.dds.ds;*.dds.fr;*.dassault-systemes.fr;*.enovia-clt.com;*.dsag.com;*.dassault.com;*.dsp.fr;*.deneb.com;*.dskk;*.ds;*.dsy.ds;172.19.*;192.168.*;127.0.0.1;dsinteraction;dsx;itwebds;v5doc;*dsy;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\mksnt\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FWConfig] c:\windows\FirewallWifiConfiguration.vbs
O4 - HKLM\..\Run: [Sysnetdrv] "c:\windows\system32\sysnetdrv.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [DSXTools] C:\Program Files\Dassault Systemes\DSXTools\bin\DSXTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Application Data\does dog two city\Meal trust.exe
O4 - HKLM\..\Run: [Mail surf file heck] C:\Documents and Settings\All Users\Application Data\Five dash heck does\Play Knob Regs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O4 - Global Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Yahoo! Desktop Search System Tray.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YDSsystray.exe
O4 - Global Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranetdds
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\Software\..\Telephony: DomainName = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED4327C-1D4A-4CCD-AD15-B0A1AFCF1EDC}: Domain = dsy.ds
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A49C343-BDE0-4C72-8A61-D09BDD8FC59B}: Domain = dsy.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dds.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{5460593B-7145-4708-A5CD-523BE7CFFA39}: Domain = dds.ds
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dds.ds,dsee.ds,dsy.ds,ds,dassault-systemes.fr
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - E:\DS\Install_R18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchCommandServer - Unknown owner - c:\ReleaseManager\code\bin\LaunchCommandServer.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\mksnt\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\system32\telnetd.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Oracleoracle920ClientCache - Unknown owner - C:\ora920\BIN\ONRSD.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ReleaseClient - Unknown owner - c:\ReleaseManager\code\bin\ReleaseClient.exe
O23 - Service: Remote Shell Service (RshSvc) - Unknown owner - C:\WINDOWS\system32\rshsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 16786 bytes
C'est quoi ipconfig
