Forum Clubic

Hijack

salut,

qui peut me dire ce qui ne va pas de dans et ce que je dois faire? merci d’avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:05, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\antivirus\Comodo\Firewall\cmdagent.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\antivirus\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {1eb7f5d1-3cf8-1248-2734-d05a3c6824b8} - {8b4286c3-a50d-4372-8421-8fc31d5f7be1} - C:\WINDOWS\system32\meawrbbe.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C986D6F8-DEAC-4C40-A276-38C62D5E6C90} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [UpdateManager] “C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [NAV CfgWiz] “C:\Program Files\Norton AntiVirus\CfgWiz.exe” /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE “REBOOT”
O4 - HKLM…\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM…\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Labtec\WebCam10\WebCam10.exe” /hide
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\antivirus\Comodo\Firewall\CPF.exe” /background
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [22e00f28] rundll32.exe “C:\WINDOWS\system32\nhhpvfii.dll”,b
O4 - HKLM…\Run: [BM21d33cb4] Rundll32.exe “C:\WINDOWS\system32\dgyswxuq.dll”,s
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU…\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU…\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 40\imc.exe
O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”
O4 - HKCU…\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZCYYYYYYYYFR
O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - www3.snapfish.fr…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com…
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - www.mypix.com…
O20 - AppInit_DLLs: C:\WINDOWS\system32__c0044F39.dat
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\antivirus\Comodo\Firewall\cmdagent.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


End of file - 11358 bytes

Dans un premier temps, on va te dire qu’il ne faut qu’un anti virus et qu’un firewall en meme temps, pas une floppée ! Ils n’aiment guere cohabiter !

bonjour je suis infecté et je vous envoie ce rapport pour vousdemander de l’aide;cordialement
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19, on 2008-03-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\program files\cyberlink\powerdvd\powerdvd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\program files\supercopier\supercopier.exe
C:\documents and settings\user\my documents\nokia n70\nokia pc suite 6\pcsuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\f8d31.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\usbplay.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kzdh.com…
F2 - REG:system.ini: Shell=Explorer.exe usbhelp.exe
O2 - BHO: Invoke Class - {0EAF6278-BD19-4153-BA3B-9B850F31E67B} - C:\WINDOWS\system32\ef81.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM…\Run: [Barsaka] explorer.exe
O4 - HKLM…\Run: [PowerDVD] c:\program files\cyberlink\powerdvd\powerdvd.exe /autostart
O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=032008 serial=DR12CUX-9009316-YHF lang=EN
O4 - HKLM…\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [E06FDXRC_6617505] “C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE” -m
O4 - HKCU…\Run: [SuperCopier.exe] C:\program files\supercopier\supercopier.exe
O4 - HKCU…\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU…\Run: [PC Suite Tray] “C:\documents and settings\user\my documents\nokia n70\nokia pc suite 6\pcsuite.exe” -onlytray
O4 - HKLM…\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM…\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM…\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM…\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM…\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM…\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - HKLM…\Policies\Explorer\Run: [drc] rundll32 “C:\WINDOWS\Downlo~1\drc.dll”,start
O4 - HKLM…\Policies\Explorer\Run: [psb] rundll32 “C:\WINDOWS\Downlo~1\psb.dll”,Run
O4 - HKUS\S-1-5-18…\Run: [Nokia.PCSync] “C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe” /NoDialog (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [Nokia.PCSync] “C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe” /NoDialog (User ‘Default user’)
O4 - Global Startup: ReviewTray.lnk = C:\Program Files\Eurotherm\Review\ReviewTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: 635FA1E - Unknown owner - C:\WINDOWS\system32\EA8D93D1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: D6A4ECB - Unknown owner - C:\WINDOWS\system32\1CBC09C8.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ServicevcHelp (Serviceusbhelp) - Unknown owner - C:\WINDOWS\system32\usbplay.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


End of file - 7330 bytes