voici MAIN.TXT:
Deckard's System Scanner v20071014.68
Run by Antonys on 2008-06-24 17:24:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
5: 2008-06-24 15:24:46 UTC - RP190 - Deckard's System Scanner Restore Point
4: 2008-06-24 09:58:23 UTC - RP189 - ComboFix created restore point
3: 2008-06-24 08:09:05 UTC - RP188 - Printer Driver Microsoft Office Document Image Writer Installed
2: 2008-06-18 07:12:38 UTC - RP187 - ComboFix created restore point
1: 2008-06-17 09:42:36 UTC - RP186 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Antonys.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-06-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
D:\QAS\WORLDP~1\ProWeb5.17\QASWVDN.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\TGJSERVER\bin\windows\wrapper.exe
C:\TGJSERVER\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\antonys\Desktop\dss.exe
C:\DOCUME~1\antonys\Desktop\Antonys.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.qas.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROXY:8080
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=LANDESK2:5007 /S=LANDESK2 /I=HTTP://LANDESK2/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /agentBehavior=1
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [Reg2Reg2] C:\Program Files\LANDesk\LDClient\REG2REG2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: QuickAddress Pro (2).lnk = C:\Program Files\qas\QuickAddress Pro\KEEPPRO.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://qas-intranet/
O15 - Trusted Zone:
http://*.aussblweb1 (HKLM)
O15 - Trusted Zone:
http://*.bossblweb1 (HKLM)
O15 - Trusted Zone:
http://*.gwhsblweb1 (HKLM)
O15 - Trusted Zone:
http://*.gwhweb (HKLM)
O15 - Trusted Zone:
http://*.otsblweb1 (HKLM)
O15 - Trusted Zone:
http://*.sfosblweb1 (HKLM)
O16 - DPF: {819647C8-39C0-4C59-811C-928277815701} (Siebel Email Support for Microsoft Outlook and Lotus Notes) -
http://gwhsblweb1/sales_enu/19221/apple ... d_mail.cabO16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) -
http://gwhsblweb1/sales_enu/19221/apple ... ration.cabO16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) -
http://f002.mail.caramail.lycos.fr/app/ ... loader.cabO16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) -
http://gwhsblweb1/sales_enu/19221/apple ... Client.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://qas.webex.com/client/T25L/support/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qas.com
O17 - HKLM\Software\..\Telephony: DomainName = qas.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qas.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: ProWeb - QAS Ltd - D:\QAS\WORLDP~1\ProWeb5.17\QASWVDN.EXE
O23 - Service: QuickAddress Pro Web ActiveX Adaptor 4.02 (QAPWWActiveX 4.02) - QAS Ltd. - D:\QAS\ids\proweb4.03\QAPWWSV.EXE
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - Unknown owner - C:\Program Files\LANDesk\LDClient\softmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Test Wrapper Sample Application (testwrapper) - Unknown owner - C:\TGJSERVER\bin\windows\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
--
End of file - 9214 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\antonys\Desktop\backups\) -------------
backup-20080624-141647-785 O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsyq.exe] C:\WINDOWS\system32\kdsyq.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>
S0 Iqy86 - c:\windows\system32\drivers\iqy86.sys (file missing)
S0 Sai18 - c:\windows\system32\drivers\sai18.sys (file missing)
S1 easdrv - c:\windows\system32\drivers\easdrv.sys (file missing)
S1 epfwtdir - c:\windows\system32\drivers\epfwtdir.sys (file missing)
S1 kbd - c:\windows\system32\drivers\kbd.sys (file missing)
S2 eamon - c:\windows\system32\drivers\eamon.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CBA8 (LANDesk(R) Management Agent) - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk(R) Management Agent>
R2 Intel Local Scheduler Service - "c:\program files\landesk\ldclient\localsch.exe" <Not Verified; LANDesk Software Ltd.; LANDesk® Management Suite>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; LANDesk Software Ltd.; Intel Common Base Agent>
R2 Intel Targeted Multicast (LANDesk Targeted Multicast) - c:\program files\landesk\ldclient\tmcsvc.exe <Not Verified; LANDesk Software Ltd.; LANDesk® Management Suite>
R2 ISSUSER (LANDesk Remote Control Service) - c:\progra~1\landesk\ldclient\issuser.exe /service <Not Verified; LANDesk Software, Ltd.; LANDesk System Server Manager>
R2 ProWeb - d:\qas\worldp~1\proweb5.17\qaswvdn.exe <Not Verified; QAS Ltd; QuickAddress Pro Server>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>
R2 testwrapper (Test Wrapper Sample Application) - c:\tgjserver\bin\windows\wrapper.exe -s c:\tgjserver\\conf\wrapper.conf
S2 Softmon (LANDesk(R) Software Monitoring Service) - "c:\program files\landesk\ldclient\softmon.exe" (file missing)
S2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; desktop>
S3 QAPWWActiveX 4.02 (QuickAddress Pro Web ActiveX Adaptor 4.02) - d:\qas\ids\proweb4.03\qapwwsv.exe <Not Verified; QAS Ltd.; QuickAddress Pro for the Web>
S3 wampapache - "c:\wamp\apache2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld
S3 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service <Not Verified; Constantin Kaplinsky; TightVNC Win32 Server>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}
Description: Bluetooth Bus Enumerator
Device ID: ROOT\BTW\0000
Manufacturer: WIDCOMM
Name: Bluetooth Bus Enumerator
PNP Device ID: ROOT\BTW\0000
Service: btkrnl
-- Files created between 2008-05-24 and 2008-06-24 -----------------------------
2008-06-24 14:17:56 0 d-------- C:\Program Files\Navilog1
2008-06-24 11:58:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-24 11:58:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-24 11:58:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-24 11:58:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-24 11:58:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-24 11:58:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-24 11:58:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-24 11:58:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-17 18:24:58 0 d-------- C:\WINDOWS\ERUNT
2008-06-17 10:13:18 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-17 10:13:18 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-17 10:12:24 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-17 10:12:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-16 19:58:04 224768 --a------ C:\WINDOWS\system32\dsquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 19:56:15 294944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-16 19:56:15 1293856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-16 19:55:50 0 d-------- C:\Documents and Settings\Default User\Local Settings
2008-06-16 18:46:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-16 18:12:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-16 16:33:47 0 d-------- C:\Program Files\Lavasoft
2008-06-16 16:33:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 15:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 14:15:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:31:05 0 d-------- C:\WINDOWS\htmCache
2008-06-03 19:16:18 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2008-06-03 19:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-06-03 17:50:13 0 d-------- C:\Documents and Settings\antonys\Application Data\vlc
2008-06-03 17:49:20 0 d-------- C:\Program Files\VideoLAN
-- Find3M Report ---------------------------------------------------------------
2008-06-24 10:08:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 11:34:15 2927 --a------ C:\Program Files\qabwv010.ssn
2008-06-18 10:40:49 1232896 --a------ C:\Program Files\qabwv010.idb
2008-06-17 10:28:31 504320 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-16 14:15:36 0 d-------- C:\Program Files\Common Files
2008-06-11 09:07:37 0 d-------- C:\Documents and Settings\antonys\Application Data\AdobeUM
2008-06-05 13:53:18 0 d-------- C:\Documents and Settings\antonys\Application Data\Adobe
2008-05-22 11:15:59 2727 --a------ C:\Program Files\qabwv009.ssn
2008-05-19 13:04:06 2213888 --a------ C:\Program Files\qabwv009.idb
2008-04-24 11:19:17 0 d-------- C:\Documents and Settings\antonys\Application Data\Macromedia
2008-04-24 11:18:27 0 d-------- C:\Program Files\Experian Ltd
2008-04-24 09:36:58 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56]
"IntelAPMClient"="C:\Program Files\LANDesk\LDClient\amclient.exe" [2005-08-30 08:05]
"LANDeskInventoryClient"="C:\Program Files\LANDesk\LDClient\LDIScn32.exe" [2005-11-18 16:54]
"LANDeskVulscanClient"="C:\Program Files\LANDesk\LDClient\vulScan.exe" [2006-01-06 02:00]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2005-08-30 07:55]
"Reg2Reg2"="C:\Program Files\LANDesk\LDClient\REG2REG2.EXE" [2005-12-12 09:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-17 16:05]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-11 22:47]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2005-07-06 13:26:01]
QuickAddress Pro (2).lnk - C:\Program Files\qas\QuickAddress Pro\KEEPPRO.exe [2008-04-14 15:22:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"Intellimenus"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoAutoUpdate"=0 (0x0)
"NoStartMenuEjectPC"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoAutoTrayNotify"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=\\qas.com\SYSVOL\qas.com\scripts\shutdown_par.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\qas\sysvol\qas.com\scripts\startup_par.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-16607\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-24255\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_lon_main.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2138838754-819666832-1349916565-25650\Scripts\Logon\0\0]
"Script"=\\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ciO63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy86.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Coordialis 2.0 PADI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Coordialis 2.0 PADI.lnk
backup=C:\WINDOWS\pss\Coordialis 2.0 PADI.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialMessenger]
"C:\Program Files\DialMessenger\dialmessenger.exe" -background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d74ba08-3d11-11dd-9f3d-545543445200}]
AutoRun\command- jfvkcsy.bat
explore\Command- jfvkcsy.bat
open\Command- jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7beab8d5-8217-11dc-9ec9-00166f7929a7}]
AutoRun\command- F:\FRA_GUI.exe
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-06-24 17:29:03 ------------
et voici EXTRA.TXT:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1015.36 MiB / 601.21 MiB
Pagefile Memory (total/avail): 1686.35 MiB / 1397.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.45 MiB
C: is Fixed (NTFS) - 15 GiB total, 5.22 GiB free.
D: is Fixed (NTFS) - 40.88 GiB total, 31.23 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)
H: is Network (Unformatted)
Q: is Network (Unformatted)
U: is Network (*NT5CSC)
V: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - WDC WD600VE-00KWT0 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 15 GiB - C:
\PARTITION1 - Installable File System - 40.88 GiB - D:
\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 960.98 MiB - F:
-- Security Center -------------------------------------------------------------
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AV: Kaspersky Anti-Virus v8.0.0.357 (Kaspersky Lab)
Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="C:\\Program Files\\LANDesk\\LDClient\\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\\WINDOWS\\system32\\CBA\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe"="C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe:*:enabled:Remote Control Agent"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk(R) Management Agent"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\CBA\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk(R) Management Agent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\antonys\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANTONYSXP
COMPUTERTYPE=UNKNOWN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\paris1\home\Antonys
LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
LOGONSERVER=\\PARIS1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=d:\temp
TMP=d:\temp
USERDNSDOMAIN=QAS.COM
USERDOMAIN=QAS
USERNAME=Antonys
USERPROFILE=C:\Documents and Settings\antonys
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator
(new local, admin)Owen
(admin)Christophepa
richardo
(admin)jamesc.QAS
(new local, admin)antonys
(admin)jamescadmin
(new local, admin)syspreptest
(new local, admin, net ready)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Batch System Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9FD79D-DE72-4AA0-B45C-17A3A09A1FD3}\Setup.exe" -l0x9
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom NetXtreme Ethernet Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
DVD X Player 4.1 Standard --> "C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard\unins000.exe"
Guide Mosaic interactif --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Experian Ltd.\Guide Mosaic interactif\Uninst.isu"
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java 2 Runtime Environment, SE v1.4.2_12 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LANDesk Advance Agent --> MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
Microsoft ActiveSync 3.5 --> "C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Firewall Client --> MsiExec.exe /I{8C7A59A8-9ABE-459A-9A93-08C281A4A264}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SOAP Toolkit 3.0 --> MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
Mozilla Firefox (1.5.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.6 (en-US)"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Navilog1 3.5.8 --> "C:\Program Files\Navilog1\unins000.exe"
OrgPublisher PluginX 5 --> \UNWISE.EXE \INSTALL.LOG
QAS Network Information --> "C:\Documents and Settings\UNINSTAL.EXE" "C:\Documents and Settings\INSTALL.LOG" "QAS Network Information Uninstall"
QAS Screensaver --> C:\WINDOWS\system32\QASSCR~1.SCR /UNINSTALL "C:\WINDOWS\system32\QAS Screensaver.log"
QAS Siebel - Q4 Update --> "C:\Program Files\Untitled\UNINSTAL.EXE" "C:\Program Files\Untitled\INSTALL.LOG" "QAS Siebel - Q4 Update Uninstall"
QASFont --> "C:\Program Files\Untitled\UNINSTAL.EXE" "C:\Program Files\Untitled\INSTALL.LOG" "QASFont Uninstall"
QuickAddress Batch 4.35 --> C:\WINDOWS\IsUn040c.exe -fD:\Qas\Worldproduct\Batch4.35\Qbwmainn.isu
QuickAddress Pro 4.35 --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Qas\QuickAddress Pro\Qaprown.isu"
SecuRemote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCF2FC0-8268-11D4-A313-0006290D766E}\setup.exe" ADD_REMOVE
Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
Siebel 2000 for QAS --> "c:\sea\client\UNINSTAL.EXE" "c:\sea\client\INSTALL.LOG" "Siebel 2000 for QAS Uninstall"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WAMP5 1.7.3 --> c:\wamp\unins000.exe
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip_Companion --> MsiExec.exe /I{479C6BC5-4FA1-4CDF-991D-1E40E3E2D7A1}
-- Application Event Log -------------------------------------------------------
Event Record #/Type1819 / Error
Event Submitted/Written: 06/24/2008 00:11:01 PM
Event ID/Source: 25 / Inventory Scanner
Event Description:
LDIScn32: Failed to resolve the Host Name.
Event Record #/Type1818 / Error
Event Submitted/Written: 06/24/2008 00:08:56 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type1817 / Error
Event Submitted/Written: 06/24/2008 00:08:49 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script \\qas.com\SysVol\qas.com\scripts\REVISED_login_paris_main.bat. No network provider accepted the given network path.
.
Event Record #/Type1816 / Error
Event Submitted/Written: 06/24/2008 00:08:45 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type1814 / Error
Event Submitted/Written: 06/24/2008 00:08:16 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script \\qas\sysvol\qas.com\scripts\startup_par.bat. No network provider accepted the given network path.
.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type22388 / Error
Event Submitted/Written: 06/24/2008 05:23:54 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type22387 / Error
Event Submitted/Written: 06/24/2008 05:18:12 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type22386 / Error
Event Submitted/Written: 06/24/2008 05:12:25 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type22385 / Error
Event Submitted/Written: 06/24/2008 05:06:27 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type22384 / Error
Event Submitted/Written: 06/24/2008 05:00:15 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 545543445200. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-06-24 17:29:03 ------------
comment puis-je savoir si je dois réactiver les protections si elles ont été stoppées?Merci d'avance