marty_03
Nouveau membre
Serveur très lent, difficile d'utiliser.
Je suspecte virus.. Je ne suis pas capable de trouver quoi que ce soit.
Sur le serveur on a d'installé GFI maill éditon serveur, AVG mail server edition. Le traffic de courriel s'effectue sur exchange.
J'ai essayé différents scanners dont Malawaresbytes rien n'est trouvé..on
Besoin d'aide
Voici le log de hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:33 PM, on 2/21/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Documents and Settings\mlv\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Cerberus\Cerberus.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailEssentials\msecatt.exe
C:\Program Files\GFI\MailEssentials\MiddleLayer\contentsecurity.as.attendant.exe
C:\Program Files\GFI\MailEssentials\mestrxsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
c:\mailerservice\mymail.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GFI\MailEssentials\pop2exch.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailEssentials\listserv.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
D:\IT\DEVELOPMENT\DEXIMENSION PROCEDURES\DXPROCEDURES.vshost.exe
C:\Program Files\MAILMARKETING\DX MAILER.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\scrnsave.scr
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\mlv\Desktop\TomsDownloader15149.exe
C:\DOCUME~1\mlv\LOCALS~1\Temp\4\TomsDownloader15149.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Terminal Server ActiveFax] C:\Program Files\ActiveFax\Terminal\TSClientB.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\mlv\Desktop\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1128\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1144\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1152\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1174\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1175\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1176\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1177\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1177\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1179\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1180\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1185\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1220\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1246\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1276\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'alex')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1277\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1278\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1296\..\Run: [ccleaner] "C:\Documents and Settings\ayano\Desktop\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1298\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1301\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'julia')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1306\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'lynn')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1307\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'GREIG')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1179 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1179 Startup: Shortcut to inspec.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1276 Startup: DEXIMENSION.exe.lnk = ? (User 'alex')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1276 User Startup: DEXIMENSION.exe.lnk = ? (User 'alex')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1278 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1298 Startup: CCleaner.exe (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1298 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1299 Startup: CCleaner.exe (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1299 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1301 Startup: DEXIMENSION.exe.lnk = ? (User 'julia')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1301 User Startup: DEXIMENSION.exe.lnk = ? (User 'julia')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1306 Startup: DEXIMENSION.exe.lnk = ? (User 'lynn')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1306 User Startup: DEXIMENSION.exe.lnk = ? (User 'lynn')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1307 Startup: DEXIMENSION.exe.lnk = ? (User 'GREIG')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1307 User Startup: DEXIMENSION.exe.lnk = ? (User 'GREIG')
O4 - Startup: Shortcut to inspec.exe.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites -
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\mlv\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O15 - ESC Trusted Zone:
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - file://\\Dexim01-mtl\tsweb\msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O17 - HKLM\Software\..\Telephony: DomainName = dexim-mtl.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CE0115-AFEF-4A7C-83F3-3DFB62377E27}: Domain = dexim-mtl.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CE0115-AFEF-4A7C-83F3-3DFB62377E27}: NameServer = 192.168.1.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\mlv\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\mlv\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Cerberus FTP Server - Grant Averett - C:\Program Files\Cerberus\Cerberus.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI MailEssentials Legacy Attendant Service - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\msecatt.exe
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\pop2exch.exe
O23 - Service: GFI MailEssentials Managed Attendant Service (gfiasmlhost) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\MiddleLayer\contentsecurity.as.attendant.exe
O23 - Service: GFI MailEssentials Enterprise Transfer Service (GFIMETRXSVC) - GFI - C:\Program Files\GFI\MailEssentials\mestrxsvc.exe
O23 - Service: InternetService - Unknown owner - C:\WINDOWS\system32\inetsrv.exe (file missing)
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\listserv.exe
O23 - Service: mymail - Dexim - c:\mailerservice\mymail.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wmiapsrv.exe (file missing)
--
End of file - 21132 bytes
Je suspecte virus.. Je ne suis pas capable de trouver quoi que ce soit.
Sur le serveur on a d'installé GFI maill éditon serveur, AVG mail server edition. Le traffic de courriel s'effectue sur exchange.
J'ai essayé différents scanners dont Malawaresbytes rien n'est trouvé..on
Besoin d'aide
Voici le log de hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:33 PM, on 2/21/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Documents and Settings\mlv\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Cerberus\Cerberus.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailEssentials\msecatt.exe
C:\Program Files\GFI\MailEssentials\MiddleLayer\contentsecurity.as.attendant.exe
C:\Program Files\GFI\MailEssentials\mestrxsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
c:\mailerservice\mymail.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GFI\MailEssentials\pop2exch.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GFI\MailEssentials\listserv.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
D:\IT\DEVELOPMENT\DEXIMENSION PROCEDURES\DXPROCEDURES.vshost.exe
C:\Program Files\MAILMARKETING\DX MAILER.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DEXI_MENSION\DEXIMENSION.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\scrnsave.scr
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\mlv\Desktop\TomsDownloader15149.exe
C:\DOCUME~1\mlv\LOCALS~1\Temp\4\TomsDownloader15149.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
Vous devez être connecté pour voir les liens.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Vous devez être connecté pour voir les liens.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Vous devez être connecté pour voir les liens.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Vous devez être connecté pour voir les liens.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Vous devez être connecté pour voir les liens.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Vous devez être connecté pour voir les liens.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Vous devez être connecté pour voir les liens.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
Vous devez être connecté pour voir les liens.
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Terminal Server ActiveFax] C:\Program Files\ActiveFax\Terminal\TSClientB.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\mlv\Desktop\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1128\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1144\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1152\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1174\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1175\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1176\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1177\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1177\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1179\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1180\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1185\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1220\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1246\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1276\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'alex')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1277\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1278\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1296\..\Run: [ccleaner] "C:\Documents and Settings\ayano\Desktop\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1298\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1301\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'julia')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1306\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'lynn')
O4 - HKUS\S-1-5-21-1978211652-3480911354-1498797929-1307\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'GREIG')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1179 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1179 Startup: Shortcut to inspec.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1276 Startup: DEXIMENSION.exe.lnk = ? (User 'alex')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1276 User Startup: DEXIMENSION.exe.lnk = ? (User 'alex')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1278 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1298 Startup: CCleaner.exe (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1298 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1299 Startup: CCleaner.exe (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1299 Startup: DEXIMENSION.exe.lnk = ? (User '?')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1301 Startup: DEXIMENSION.exe.lnk = ? (User 'julia')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1301 User Startup: DEXIMENSION.exe.lnk = ? (User 'julia')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1306 Startup: DEXIMENSION.exe.lnk = ? (User 'lynn')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1306 User Startup: DEXIMENSION.exe.lnk = ? (User 'lynn')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1307 Startup: DEXIMENSION.exe.lnk = ? (User 'GREIG')
O4 - S-1-5-21-1978211652-3480911354-1498797929-1307 User Startup: DEXIMENSION.exe.lnk = ? (User 'GREIG')
O4 - Startup: Shortcut to inspec.exe.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites -
Vous devez être connecté pour voir les liens.
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\mlv\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O15 - ESC Trusted Zone:
Vous devez être connecté pour voir les liens.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - file://\\Dexim01-mtl\tsweb\msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
Vous devez être connecté pour voir les liens.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
Vous devez être connecté pour voir les liens.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O17 - HKLM\Software\..\Telephony: DomainName = dexim-mtl.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CE0115-AFEF-4A7C-83F3-3DFB62377E27}: Domain = dexim-mtl.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CE0115-AFEF-4A7C-83F3-3DFB62377E27}: NameServer = 192.168.1.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dexim-mtl.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Documents and Settings\mlv\WINDOWS\system32\browseui.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Documents and Settings\mlv\WINDOWS\system32\browseui.dll (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Cerberus FTP Server - Grant Averett - C:\Program Files\Cerberus\Cerberus.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI MailEssentials Legacy Attendant Service - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\msecatt.exe
O23 - Service: GFI POP2Exchange - GFI Software Ltd. - C:\Program Files\GFI\MailEssentials\pop2exch.exe
O23 - Service: GFI MailEssentials Managed Attendant Service (gfiasmlhost) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\MiddleLayer\contentsecurity.as.attendant.exe
O23 - Service: GFI MailEssentials Enterprise Transfer Service (GFIMETRXSVC) - GFI - C:\Program Files\GFI\MailEssentials\mestrxsvc.exe
O23 - Service: InternetService - Unknown owner - C:\WINDOWS\system32\inetsrv.exe (file missing)
O23 - Service: GFI List Server (listserv) - GFI Software Ltd - C:\Program Files\GFI\MailEssentials\listserv.exe
O23 - Service: mymail - Dexim - c:\mailerservice\mymail.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wmiapsrv.exe (file missing)
--
End of file - 21132 bytes