Infection par trojan generic 1429137

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention -
pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention - 15 avril 2009 à 11:31

Bonsoir,
je trouvais que mon PC allait moins vite qu'avant mais mon antivirus Nod32 ne m'a rien trouvé, idem pour ad-aware et spybot. j'ai donc fait une analyse en ligne avec Bitdefender qui m'a trouvé 2 infections :
- d'abord dans C:\program files\winrar
- puis dans C:\system volume information

je vous poste donc mon rapport Hijackthis ici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57, on 2009-04-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\a\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file://C:\Documents and Settings\a\Local Settings\Application Data\Oberon Media\Oberon Games Host\ddfotg.1.0.0.37.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\a\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Afficher la suite

A voir également:

Infection par trojan generic 1429137
Trojan remover - Télécharger - Antivirus & Antimalwares
Idp. generic - Forum Antivirus
Trojan b901 system32 win config 34 ✓ - Forum Virus
Idp generic ✓ - Forum Virus
Csrss.exe trojan ✓ - Forum Virus

31 réponses

Réponse 21 / 31

pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 502

tu as plain de trojan et sdfix ne ke détecte pas, maintenant fais moi ceci :

Télécharge Trojan-Remover sur ton bureau

Lance l'installation, pour cela, regarde bien le Tuto

Ensuite poste le rapport obetenu

Réponse 22 / 31

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voilà le rapport

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2558. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 16:05:04 13 avr. 2009
Using Database v7238
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: FAT32
Data directory: C:\Documents and Settings\a\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
16:05:04: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
16:05:04: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
16:05:04: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:05:05: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
15600128 bytes
Created: 2005-11-16
Modified: 2005-11-16
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
102491 bytes
Created: 2005-01-07
Modified: 2005-01-07
Company: Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
692315 bytes
Created: 2005-01-07
Modified: 2005-01-07
Company: Synaptics, Inc.
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: [no info]
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Value Name: igfxtray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
94208 bytes
Created: 2005-07-18
Modified: 2005-07-18
Company: Intel Corporation
--------------------
Value Name: igfxhkcmd
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
77824 bytes
Created: 2005-07-18
Modified: 2005-07-18
Company: Intel Corporation
--------------------
Value Name: igfxpers
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
114688 bytes
Created: 2005-07-18
Modified: 2005-07-18
Company: Intel Corporation
--------------------
Value Name: EPM-DM
Value Data: c:\acer\Empowering Technology\ePower\epm-dm.exe
c:\acer\Empowering Technology\ePower\epm-dm.exe
212992 bytes
Created: 2006-08-31
Modified: 2005-11-25
Company: Acer Inc
--------------------
Value Name: Acer ePower Management
Value Data: C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe
3084288 bytes
Created: 2006-08-31
Modified: 2005-11-09
Company: Acer Value Labs, Taiwan
--------------------
Value Name: LManager
Value Data: C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
458752 bytes
Created: 2006-08-31
Modified: 2005-12-01
Company: Dritek System Inc.
--------------------
Value Name: eRecoveryService
Value Data: C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
397312 bytes
Created: 2006-08-31
Modified: 2005-11-16
Company: acer Inc.
--------------------
Value Name: ADMTray.exe
Value Data: "C:\Acer\Empowering Technology\admtray.exe"
C:\Acer\Empowering Technology\admtray.exe
2462208 bytes
Created: 2005-10-24
Modified: 2005-10-24
Company: Avocent Inc.
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
--------------------
Value Name: nod32kui
Value Data: "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
C:\Program Files\Eset\nod32kui.exe
921600 bytes
Created: 2007-09-13
Modified: 2005-11-15
Company: Eset
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-12-03
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: KernelFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -k
C:\WINDOWS\system32\dumprep.exe
10752 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 2009-01-05
Modified: 2009-01-05
Company: Apple Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
148888 bytes
Created: 2008-12-12
Modified: 2009-03-09
Company: Sun Microsystems, Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
342312 bytes
Created: 2009-04-02
Modified: 2009-04-02
Company: Apple Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1230728 bytes
Created: 2009-04-13
Modified: 2008-12-10
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 2009-01-19
Modified: 2009-01-19
Company: Google Inc.
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 2009-03-23
Modified: 2009-03-23
Company: SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty

************************************************************
16:05:11: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 2008-05-13
Modified: 2008-05-13
Company: SuperAdBlocker.com
----------

************************************************************
16:05:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:05:12: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:05:12: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03
Modified: 2006-11-03
Company: [no info]
----------
Key: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
102280 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: [no info]
----------

************************************************************
16:05:12: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
16:05:13: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 2008-05-12
Modified: 2008-10-07
Company: Lavasoft
----------
Key: abp480n5
ImagePath: system32\DRIVERS\ABP480N5.SYS
C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23552 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: adpu160m
ImagePath: system32\DRIVERS\adpu160m.sys
C:\WINDOWS\system32\DRIVERS\adpu160m.sys
101888 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: agpCPQ
ImagePath: system32\DRIVERS\agpCPQ.sys
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
44928 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: Aha154x
ImagePath: system32\DRIVERS\aha154x.sys
C:\WINDOWS\system32\DRIVERS\aha154x.sys
12800 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: aic78u2
ImagePath: system32\DRIVERS\aic78u2.sys
C:\WINDOWS\system32\DRIVERS\aic78u2.sys
55168 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: system32\DRIVERS\aic78xx.sys
C:\WINDOWS\system32\DRIVERS\aic78xx.sys
56960 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: alim1541
ImagePath: system32\DRIVERS\alim1541.sys
C:\WINDOWS\system32\DRIVERS\alim1541.sys
42752 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: amdagp
ImagePath: system32\DRIVERS\amdagp.sys
C:\WINDOWS\system32\DRIVERS\amdagp.sys
43008 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Advanced Micro Devices, Inc.
----------
Key: AMON
ImagePath: \??\C:\WINDOWS\system32\drivers\amon.sys
C:\WINDOWS\system32\drivers\amon.sys
502208 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Eset
----------
Key: amsint
ImagePath: system32\DRIVERS\amsint.sys
C:\WINDOWS\system32\DRIVERS\amsint.sys
12032 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 2009-03-06
Modified: 2009-03-06
Company: Apple Inc.
----------
Key: asc
ImagePath: system32\DRIVERS\asc.sys
C:\WINDOWS\system32\DRIVERS\asc.sys
26496 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Advanced System Products, Inc.
----------
Key: asc3350p
ImagePath: system32\DRIVERS\asc3350p.sys
C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22400 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: asc3550
ImagePath: system32\DRIVERS\asc3550.sys
C:\WINDOWS\system32\DRIVERS\asc3550.sys
14848 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Advanced System Products, Inc.
----------
Key: AWService
ImagePath: "C:\Acer\Empowering Technology\admServ.exe"
C:\Acer\Empowering Technology\admServ.exe
1314816 bytes
Created: 2005-10-24
Modified: 2005-10-24
Company: Avocent Inc.
----------
Key: BlueletAudio
ImagePath: system32\DRIVERS\blueletaudio.sys
C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [file not found to scan]
----------
Key: BlueletSCOAudio
ImagePath: system32\DRIVERS\BlueletSCOAudio.sys
C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [file not found to scan]
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 2008-12-12
Modified: 2008-12-12
Company: Apple Inc.
----------
Key: BT
ImagePath: system32\DRIVERS\btnetdrv.sys
C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [file not found to scan]
----------
Key: Btcsrusb
ImagePath: System32\Drivers\btcusb.sys
C:\WINDOWS\System32\Drivers\btcusb.sys [file not found to scan]
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 2007-07-22
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: BTHidEnum
ImagePath: system32\DRIVERS\vbtenum.sys
C:\WINDOWS\system32\DRIVERS\vbtenum.sys [file not found to scan]
----------
Key: BTHidMgr
ImagePath: System32\Drivers\BTHidMgr.sys
C:\WINDOWS\System32\Drivers\BTHidMgr.sys [file not found to scan]
----------
Key: BTHMODEM
ImagePath: system32\DRIVERS\bthmodem.sys
C:\WINDOWS\system32\DRIVERS\bthmodem.sys
37888 bytes
Created: 2007-07-22
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
101120 bytes
Created: 2007-07-22
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272768 bytes
Created: 2007-07-22
Modified: 2008-06-14
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 2007-07-22
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: Capture Device Service
ImagePath: "C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe"
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
198168 bytes
Created: 2007-03-06
Modified: 2007-03-06
Company: InterVideo Inc.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\a\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cbidf
ImagePath: system32\DRIVERS\cbidf2k.sys
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13952 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: cd20xrnt
ImagePath: system32\DRIVERS\cd20xrnt.sys
C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
7680 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: CmdIde
ImagePath: system32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\DRIVERS\cmdide.sys
6656 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: CMD Technology, Inc.
----------
Key: Cpqarray
ImagePath: system32\DRIVERS\cpqarray.sys
C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14976 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: dac2w2k
ImagePath: system32\DRIVERS\dac2w2k.sys
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
179584 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Mylex Corporation
----------
Key: dac960nt
ImagePath: system32\DRIVERS\dac960nt.sys
C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14720 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: DKbFltr
ImagePath: system32\DRIVERS\DKbFltr.sys
C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16896 bytes
Created: 2006-08-31
Modified: 2004-12-08
Company: Dritek System Inc.
----------
Key: dpti2o
ImagePath: system32\DRIVERS\dpti2o.sys
C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20192 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
389432 bytes
Created: 2007-07-05
Modified: 2007-06-20
Company: Symantec Corporation
----------
Key: EpmPsd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-psd.sys
C:\WINDOWS\system32\drivers\epm-psd.sys
4096 bytes
Created: 2006-08-31
Modified: 2004-07-19
Company: Acer Value Labs, USA
----------
Key: EpmShd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-shd.sys
C:\WINDOWS\system32\drivers\epm-shd.sys
78208 bytes
Created: 2006-08-31
Modified: 2005-04-07
Company: Acer Value Labs, USA
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
114753 bytes
Created: 2005-11-09
Modified: 2005-11-09
Company: Intel Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
137200 bytes
Created: 2007-07-05
Modified: 2009-01-19
Company: Google
----------
Key: HidBth
ImagePath: system32\DRIVERS\hidbth.sys
C:\WINDOWS\system32\DRIVERS\hidbth.sys
25856 bytes
Created: 2007-07-22
Modified: 2008-04-14
Company: Microsoft Corporation
----------
Key: hpn
ImagePath: system32\DRIVERS\hpn.sys
C:\WINDOWS\system32\DRIVERS\hpn.sys
25952 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: HSFHWAZL
ImagePath: system32\DRIVERS\HSFHWAZL.sys
C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
218496 bytes
Created: 2005-10-23
Modified: 2005-10-23
Company: Conexant Systems, Inc.
----------
Key: i2omp
ImagePath: system32\DRIVERS\i2omp.sys
C:\WINDOWS\system32\DRIVERS\i2omp.sys
18560 bytes
Created: 2004-08-05
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
1049180 bytes
Created: 2005-07-18
Modified: 2005-07-18
Company: Intel Corporation
----------
Key: imagedrv
ImagePath: System32\Drivers\imagedrv.sys
C:\WINDOWS\System32\Drivers\imagedrv.sys
5504 bytes
Created: 2007-12-03
Modified: 2004-03-02
Company: Ahead Software AG
----------
Key: imagesrv
ImagePath: system32\DRIVERS\imagesrv.sys
C:\WINDOWS\system32\DRIVERS\imagesrv.sys
125184 bytes
Created: 2007-12-03
Modified: 2004-03-02
Company: Ahead Software AG
----------
Key: ini910u
ImagePath: system32\DRIVERS\ini910u.sys
C:\WINDOWS\system32\DRIVERS\ini910u.sys
16000 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
C:\Acer\Empowering Technology\eRecovery\int15.sys
69632 bytes
Created: 2008-02-03
Modified: 2005-01-13
Company: [no info]
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 2008-12-12
Modified: 2009-03-09
Company: Sun Microsystems, Inc.
----------
Key: mraid35x
ImagePath: system32\DRIVERS\mraid35x.sys
C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17280 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: American Megatrends Inc.
----------
Key: NdisFilt
ImagePath: System32\Drivers\NdisFilt.sys
C:\WINDOWS\System32\Drivers\NdisFilt.sys
4392 bytes
Created: 2006-08-31
Modified: 2005-09-13
Company: OSA Technologies
----------
Key: NETMNT
ImagePath: system32\DRIVERS\NETMNT.sys
C:\WINDOWS\system32\DRIVERS\NETMNT.sys
9600 bytes
Created: 2005-05-02
Modified: 2005-05-02
Company: [no info]
----------
Key: NOD32krn
ImagePath: "C:\Program Files\Eset\nod32krn.exe"
C:\Program Files\Eset\nod32krn.exe
495616 bytes
Created: 2007-09-13
Modified: 2005-11-15
Company: Eset
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 2006-01-06
Modified: 2006-01-06
Company: NewTech Infosystems, Inc.
----------
Key: OsaFsLoc
ImagePath: \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
C:\WINDOWS\system32\drivers\OsaFsLoc.sys
12106 bytes
Created: 2006-08-31
Modified: 2005-10-15
Company: OSA Technologies
----------
Key: osaio
ImagePath: \??\C:\WINDOWS\system32\drivers\osaio.sys
C:\WINDOWS\system32\drivers\osaio.sys
7296 bytes
Created: 2006-08-31
Modified: 2005-06-30
Company: OSA Technologies, An Avocent Company
----------
Key: osanbm
ImagePath: \??\C:\WINDOWS\system32\drivers\osanbm.sys
C:\WINDOWS\system32\drivers\osanbm.sys
4010 bytes
Created: 2006-08-31
Modified: 2005-01-14
Company: Windows (R) 2000 DDK provider
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 2003-07-28
Modified: 2003-07-28
Company: Microsoft Corporation
----------
Key: perc2
ImagePath: system32\DRIVERS\perc2.sys
C:\WINDOWS\system32\DRIVERS\perc2.sys
27296 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: perc2hib
ImagePath: system32\DRIVERS\perc2hib.sys
C:\WINDOWS\system32\DRIVERS\perc2hib.sys
5504 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ql1080
ImagePath: system32\DRIVERS\ql1080.sys
C:\WINDOWS\system32\DRIVERS\ql1080.sys
40320 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: QLogic Corporation
----------
Key: Ql10wnt
ImagePath: system32\DRIVERS\ql10wnt.sys
C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
33152 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ql12160
ImagePath: system32\DRIVERS\ql12160.sys
C:\WINDOWS\system32\DRIVERS\ql12160.sys
45312 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: QLogic Corporation
----------
Key: ql1240
ImagePath: system32\DRIVERS\ql1240.sys
C:\WINDOWS\system32\DRIVERS\ql1240.sys
40448 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ql1280
ImagePath: system32\DRIVERS\ql1280.sys
C:\WINDOWS\system32\DRIVERS\ql1280.sys
49024 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: QLogic Corporation
----------
Key: RegSrvc
ImagePath: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
217164 bytes
Created: 2005-11-09
Modified: 2005-11-09
Company: Intel Corporation
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59136 bytes
Created: 2007-07-22
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
143360 bytes
Created: 2005-09-20
Modified: 2005-09-20
Company:
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe [file not found to scan]
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
78720 bytes
Created: 2005-09-29
Modified: 2005-09-29
Company: Realtek Semiconductor Corporation
----------
Key: S24EventMonitor
ImagePath: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
540745 bytes
Created: 2005-11-09
Modified: 2005-11-09
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
13440 bytes
Created: 2005-11-09
Modified: 2005-11-09
Company: Intel Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
9968 bytes
Created: 2009-03-23
Modified: 2009-03-23
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 2009-03-23
Modified: 2009-03-23
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
72944 bytes
Created: 2009-03-23
Modified: 2009-03-23
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
40960 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Silicon Integrated Systems Corporation
----------
Key: Sparrow
ImagePath: system32\DRIVERS\sparrow.sys
C:\WINDOWS\system32\DRIVERS\sparrow.sys
19072 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Adaptec, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{6A122898-AD7D-4856-A3C0-28FE569EA0DD}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2004-08-05
Modified: 2008-04-14
Company: Microsoft Corporation
----------
Key: symc810
ImagePath: system32\DRIVERS\symc810.sys
C:\WINDOWS\system32\DRIVERS\symc810.sys
16256 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Symbios Logic Inc.
----------
Key: symc8xx
ImagePath: system32\DRIVERS\symc8xx.sys
C:\WINDOWS\system32\DRIVERS\symc8xx.sys
32640 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: LSI Logic
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20070628.004\symidsco.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20070628.004\symidsco.sys [file not found to scan]
----------
Key: sym_hi
ImagePath: system32\DRIVERS\sym_hi.sys
C:\WINDOWS\system32\DRIVERS\sym_hi.sys
28384 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: LSI Logic
----------
Key: sym_u3
ImagePath: system32\DRIVERS\sym_u3.sys
C:\WINDOWS\system32\DRIVERS\sym_u3.sys
30688 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: LSI Logic
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
191456 bytes
Created: 2005-01-07
Modified: 2005-01-07
Company: Synaptics, Inc.
----------
Key: TosIde
ImagePath: system32\DRIVERS\toside.sys
C:\WINDOWS\system32\DRIVERS\toside.sys
4992 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ultra
ImagePath: system32\DRIVERS\ultra.sys
C:\WINDOWS\system32\DRIVERS\ultra.sys
36736 bytes
Created: 2004-08-05
Modified: 2004-08-05
Company: Promise Technology, Inc.
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
36864 bytes
Created: 2008-12-23
Modified: 2009-03-05
Company: Apple, Inc.
----------
Key: VComm
ImagePath: system32\DRIVERS\VComm.sys
C:\WINDOWS\system32\DRIVERS\VComm.sys [file not found to scan]
----------
Key: VcommMgr
ImagePath: System32\Drivers\VcommMgr.sys
C:\WINDOWS\System32\Drivers\VcommMgr.sys [file not found to scan]
----------
Key: viaagp
ImagePath: system32\DRIVERS\viaagp.sys
C:\WINDOWS\system32\DRIVERS\viaagp.sys
42240 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3298432 bytes
Created: 2005-09-11
Modified: 2005-09-11
Company: Intel® Corporation
----------

************************************************************
16:05:31: Scanning -----VXD ENTRIES-----

************************************************************
16:05:31: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created: 2008-12-22
Modified: 2008-12-22
Company: SUPERAntiSpyware.com
----------
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
135168 bytes
Created: 2005-07-18
Modified: 2005-07-18
Company: Intel Corporation
----------

************************************************************
16:05:31: Scanning ----- CONTEXTMENUHANDLERS -----
Key: NOD32 Context Menu Shell Extension
CLSID: {B089FE88-FB52-11d3-BDF1-0050DA34150D}
Path: C:\Program Files\Eset\nodshex.dll
C:\Program Files\Eset\nodshex.dll
57344 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Eset
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: WinRAR
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 2007-02-27
Modified: 2007-02-27
Company: SUPERAntiSpyware.com
----------

************************************************************
16:05:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
335872 bytes
Created: 2007-08-30
Modified: 2007-08-30
Company: Sun Microsystems, Inc.
----------

************************************************************
16:05:32: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
59032 bytes
Created: 2006-12-18
Modified: 2006-12-18
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created: 2008-10-06
Modified: 2009-01-26
Company: Safer Networking Limited
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408448 bytes
Created: 2009-01-22
Modified: 2009-01-22
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created: 2009-01-19
Modified: 2009-01-19
Company: [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2009-01-19
Modified: 2009-01-19
Company: Google Inc.
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created: 2009-01-19
Modified: 2009-01-19
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
35840 bytes
Created: 2008-12-12
Modified: 2009-03-09
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 2008-12-12
Modified: 2009-03-09
Company: Sun Microsystems, Inc.
----------

************************************************************
16:05:33: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
16:05:33: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
16:05:33: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:05:33: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:05:34: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:05:34: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2006-01-06
Modified: 2006-01-06
Company: [no info]
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 2008-04-23
Modified: 2008-04-23
Company: Adobe Systems Incorporated
Adobe Reader Speed Launch.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
16:05:34: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 2008-07-30
Modified: 2008-07-30
Company: Apple Inc.
Parameters: -task
Next Run Time: 2009-04-18 18:35:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
16:05:34: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
16:05:35: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
17842230 bytes
Created: 2006-09-02
Modified: 2009-03-23
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
17842230 bytes
Created: 2006-09-02
Modified: 2009-03-23
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
16:05:36: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxpers.exe - file already scanned
--------------------
C:\acer\Empowering Technology\ePower\epm-dm.exe - file already scanned
--------------------
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE - file already scanned
--------------------
C:\Acer\Empowering Technology\eRecovery\Monitor.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\admtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxsrvc.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Eset\nod32kui.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxext.exe
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\admServ.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe - file already scanned
--------------------
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Eset\nod32krn.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - file already scanned
--------------------
C:\Program Files\CyberLink\Shared Files\RichVideo.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\iPod\bin\iPodService.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\a\Application Data\Simply Super Software\Trojan Remover\jto212.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------

************************************************************
16:05:40: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
16:05:40: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
16:05:40: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 16:05:40 13 avr. 2009
Total Scan time: 00:00:35
************************************************************

Réponse 23 / 31

pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 502

Tu peux me refaire un scan en ligne antivirus. Merci.

Réponse 24 / 31

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention

avec Kaspersky ??

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 31

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention

voilà le rapport de kaspersky qui ne m'a trouvé aucun virus ni rien d'autre

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 13, 2009 5:59:13 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 13/04/2009
Enregistrements dans la base antivirus Kaspersky : 1845369
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 81650
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:41:16

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_890.dat L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\a\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\etilqs_aoT9RCtoh8cWKtr5fwyB L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\~DFDB15.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\~DF4AC5.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\~DF732A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\~DF8E06.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temp\~DF330A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Historique\History.IE5\MSHist012009041320090414\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Microsoft\Modèles\Normal.dot L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Microsoft\Word\Enregistrement automatique deNormal.as$ L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\permissions.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\places.sqlite-journal L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\places.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\cookies.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\formhistory.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\content-prefs.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\yy55cjlv.default\downloads.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-13-2009( 15-49-21 ).SDB L'objet est verrouillé ignoré
C:\Documents and Settings\a\ntuser.dat L'objet est verrouillé ignoré
C:\Program Files\ESET\logs\virlog.dat L'objet est verrouillé ignoré
C:\Program Files\ESET\logs\warnlog.dat L'objet est verrouillé ignoré
C:\Program Files\ESET\cache\CACHE.NDB L'objet est verrouillé ignoré
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP267\change.log L'objet est verrouillé ignoré
D:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP267\change.log L'objet est verrouillé ignoré
D:\Mes documents\FAC\3ème année\rosemary.doc L'objet est verrouillé ignoré
D:\Mes documents\FAC\3ème année\proposition de plan rosemary's baby.doc L'objet est verrouillé ignoré
D:\Mes documents\FAC\3ème année\expose_R'sBaby.doc L'objet est verrouillé ignoré

Analyse terminée.

Réponse 26 / 31

pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 502

Plus de virus, tu as mis ton antivirus à jour?

Maintenant un dernier hiajckthis pour la fin. et à demain.

Réponse 27 / 31

Utilisateur anonyme

C:\Program Files\Eset\nod32krn.exe => nod32 v2
ta la version 4 dispo sur : https://www.eset.com/

Réponse 28 / 31

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention

oui mon antivirus est à jour !

voilà le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35, on 2009-04-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\a\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file://C:\Documents and Settings\a\Local Settings\Application Data\Oberon Media\Oberon Games Host\ddfotg.1.0.0.37.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Réponse 29 / 31

pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 502

Bonjour,

Tu relance hijackthis, mais là tu clique juste sur faire un scan, ensuite tu sélectionne les lignes puis,

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2- Redémarres l'ordi .
( important pour que certaines modifs faites avec hijakthis soient prises en compte )

Ensuite ceci :

Télécharge Toolscleaner sur ton Bureau :

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Puis ceci :

pour voir si ton pc est à jour :

http://www.filehippo.com/updatechecker/UpdateChecker.exe (attention certain logiciels mis en lien pour les mises à jour peuvent être en anglais, rechercher à ce moment là celui en français)

Voici un tuto

Surtout ne pas installer les versions bêta.

Et pour finir :

Purge de la restauration système

*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

Tuto xp : http://service1.symantec.com/

tuto vista : Désactive et reactive ta restauration

Réponse 30 / 31

SEGO87 Messages postés 62 Date d'inscription Statut Membre Dernière intervention

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\cleannavi.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\GenProc: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\a\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\a\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\a\Bureau\Genproc - Raccourci.lnk: trouvé !
C:\Program Files\SDFIX: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\GenProc\outil\hijackthis.log: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\a\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\a\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\cleannavi.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\Documents and Settings\a\Bureau\Genproc - Raccourci.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\GenProc\outil\hijackthis.log: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\GenProc: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\SDFIX: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

il ne me reste plus qu'à purger la restauration du système. tu es sure que c'est bon, je n'ai plus rien de mauvais sur mon PC ?

Réponse 31 / 31

pimprenelle27 Messages postés 20857 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 502

Télécharger AVPTool

La page qui vous accueille comporte en général les 12 dernières versions générées. Regardez attentivement l'heure et la date affichées dans le nom du logiciel pour déterminer celle qui est la plus récente. Téléchargez-la sans hésiter sur le bureau de votre PC. Double-cliquez dessus pour lancez l'installation.

Attention : AVPTool (tout comme d'autres outils du même acabit tels que Antivir, BitDefender Free, etc.) n'est pas une protection. C'est un détecteur et un nettoyeur d'infections déjà présentes sur le PC. Pour vous protéger efficacement contre les menaces modernes que sont les Drive-by Downloads, les Stage Downloads, les Banking Trojans, les Webstorms, il faut disposer d'authentiques suites de sécurité comme Kaspersky Antivirus 8.0 (KAV) ou Kaspersky Internet Security 8.0 (KIS).

AVPTool fonctionne sous Windows 2000, XP, Vista 32 bits. Il ne doit pas être utilisé sur des machines déjà équipées de KAV 8.0 ou KIS 8.0.

Discussions similaires

Comment supprimer le virus Trojan

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Aide pour un virus

Trojan impossible à supprimer!

'' generic android ''

Votre réponse

Discussions similaires